Legal Notice & Systems Policy

This notice explains the terms, privacy practices, compliance posture, and operational disclosures for every system that powers the CoreClub experience—including our public website, account portal, forum, ticket desk, GDPR tooling, Discord workflows, in-game integrations, and the Stripe-powered digital storefront running on store.coreclub.cc with the CoreClub fulfillment bridge.

CoreClub is owned and operated by Nugent Brothers Enterprises LTD, a company incorporated in Northern Ireland (Company No. NI719078). References to "CoreClub", "we", or "us" are references to Nugent Brothers Enterprises LTD. Our primary support channel is the Discord server at discord.coreclub.cc.

Systems Covered by This Page

These terms and policies apply to the entire CoreClub ecosystem:

Authentication & Portal: Account creation, login, password management, and the player portal located at /portal.html.
Store & Checkout: Purchases handled through our in-house Stripe checkout APIs, fulfilment bridge, manual refund tooling, and the public store UI at /store.html.
Support Tickets & Refund Desk: Ticket submission, messaging, and staff workflows available through /tickets.html, plus moderator/admin consoles.
Forum & Community Tools: Thread creation, replies, and moderation functions exposed on /forum.html and related APIs.
GDPR & Consent Platform: Cookie / local-storage preferences, subject access utilities, and formal GDPR request handling across /legal.html and the GDPR routes.
Administrative Interfaces: Restricted dashboards under /admin and /moderator that allow privileged users to triage applications, tickets, payment activity, and player sanctions.
Notifications & Email: Transactional messages, welcome emails, and support confirmations delivered via our SMTP provider.
AI & Automation: The optional support assistant widget embedded on certain pages, currently operating as a scripted FAQ bot (no autonomous decision-making).

Terms of Service

1. Accounts, Eligibility & Security

You must be at least 13 years old or have verifiable parental consent to register. Creating multiple accounts to evade sanctions is prohibited.
You are responsible for safeguarding your credentials. Our auth service issues HTTP-only session cookies and rotating CSRF tokens, but you must promptly report suspected compromise.
Portal data (profile, linked Minecraft UUID, last login, preferences) is provided for personal, non-commercial use.

2. Gameplay, Forum & Community Conduct

Cheating, automation, harassment, hate speech, doxxing, or the distribution of malware/NSFW material is forbidden across the game server, forum, Discord, and ticket replies.
Staff-issued warnings, mutes, ticket restrictions, or forum locks apply network-wide and may be escalated via the admin console.
User-generated content you post (forum threads, ticket messages, applications) must not violate third-party IP or privacy rights.

3. Store, Payments & Digital Items

All purchases are processed through Stripe. Items represent a revocable license; delivery occurs once Stripe confirms payment and the fulfillment bridge succeeds.
Chargebacks or payment disputes may result in immediate account suspension across the portal, tickets, and in-game services.
Refund requests must be opened through the ticket system or refunds desk. We follow local consumer law but reserve the right to decline requests when goods were fulfilled.

4. Support, Moderation & Admin Tooling

Tickets submitted via /tickets.html are routed to authenticated staff through the admin dashboard. Abusive or spam submissions may be blocked.
Moderators and admins must comply with internal guidelines when using tools that expose PII (support logs, purchase history, GDPR requests).
We may temporarily disable features (forum posting, checkout, portal editing) for maintenance or abuse mitigation without prior notice.

5. Suspension & Dispute Resolution

We may suspend or terminate access to any system for ToS violations, fraud, or technical risk. Reinstatement is discretionary.
Appeals must be submitted through the ticket workflow in our Discord support hub at discord.coreclub.cc.
Where legally permitted, disputes are resolved through individual binding arbitration under AAA rules. Nothing prevents you from using applicable EU or UK statutory remedies.

Privacy Policy

We operate under GDPR, the UK Data Protection Act 2018, and relevant U.S. privacy principles. Nugent Brothers Enterprises LTD (NI719078) is the data controller for all CoreClub services.

1. Data We Collect by System

Authentication & Portal: Email, username, Minecraft UUID, hashed passwords, session IDs, login history, profile metadata, and optional preferences (theme, consent choices).
Store & Stripe: Order IDs, package selections, billing country, partial payment metadata supplied by Stripe, fulfilment logs, refund status, and anti-fraud notes. We never store full payment card numbers.
Tickets & Support: Ticket subjects, messages, attachments (if enabled), staff notes, timestamps, and resolution outcomes.
Forum & Applications: Posts, comments, vote counts, application answers, moderation actions, and associated IP addresses for abuse prevention.
GDPR & Consent: Consent decisions, audit trails for subject requests, and verification evidence supplied during data access/erasure workflows.
Admin & Moderation: Action logs, staff account identifiers, and rule-violation evidence necessary to enforce community safety.
Notifications: Email delivery results, bounce logs, and unsubscribe preferences.

2. Purposes & Legal Bases

Contractual necessity: Creating accounts, granting in-game access, fulfilling store purchases, and delivering tickets responses.
Legitimate interests: Securing our infrastructure, preventing fraud or spam, measuring service stability, and improving support workflows.
Legal obligation: Retaining financial and tax records for at least seven (7) years, preserving moderation evidence when required by law enforcement, and responding to statutory privacy requests.
Consent: Optional notifications, GDPR banner preferences, and any marketing (none is conducted by default).

3. Retention

Session cookies & CSRF tokens: Active session only.
Portal profiles & forum content: Until you delete your account or 24 months of inactivity, whichever comes first.
Tickets & moderator notes: 24 months after closure, unless required longer for dispute defence.
Stripe order data: Minimum seven (7) years for accounting compliance.
GDPR request logs: 36 months to demonstrate compliance.

4. Data Storage & Security Controls

Primary databases (MongoDB + document storage) are hosted in UK/EU data centres managed by our infrastructure partners. Access is limited to vetted staff via VPN + MFA.
Uploads (store images, attachments) are stored within the same region and inherit the hosting provider’s physical safeguards.
Automated backups are encrypted at rest and retained for 30 days to support disaster recovery.
Fulfillment logs live on the CoreClub bridge and are pruned after 90 days unless required for anti-abuse investigations.

4. Data Sharing & Processors

Stripe: Processes payments and generates signed webhooks for order confirmation.
Email provider (Google Workspace/Gmail): Sends transactional mail such as welcome emails and password resets.
Discord: Optional community chat; if you join, Discord’s terms govern your data there.
Hosting & CDN partners: Provide infrastructure for the website and APIs. Logs may include IP addresses and user-agent data.

International transfers rely on Standard Contractual Clauses or comparable safeguards. We do not sell personal data.

5. Your Rights

You can request access, correction, deletion, restriction, portability, or object to processing at any time by opening a GDPR request ticket on our Discord server at discord.coreclub.cc or by using the GDPR tools. Identity verification may be required.

Payments, Refunds & Chargebacks

Our store at store.coreclub.cc uses the CoreClub checkout API and Stripe to accept Visa, Mastercard, and other supported payment methods. Stripe provides PCI DSS Level 1 compliance; no raw card data ever touches our servers.

Payment capture: Orders are authorised and captured only after Stripe confirms payment intent success. Fulfilment commands are then dispatched automatically to the CoreClub bridge.
Receipts & invoices: Stripe emails a receipt to the address on file. You may request VAT-style breakdowns through tickets if needed for business records.
Refund policy: Digital items are considered delivered once the CoreClub bridge confirms command execution. No refunds are issued unless, in the sole discretion of the CoreClub staff team, an exception is warranted (e.g., duplicate purchase, verified technical failure). Submitting a ticket on Discord is mandatory for any review.
Chargebacks: Initiating a bank dispute outside our ticket process may trigger automatic suspensions across the portal, store, and Minecraft services. We reserve the right to contest chargebacks with Stripe and your financial institution.
Refund processing: When staff approve a discretionary refund, Stripe is used to reverse the original payment. Funds return to the original payment method; timelines depend on the issuing bank (typically 5–10 business days).

Compliance Statement

CoreClub maintains the following compliance posture to protect players and their data:

GDPR / UK GDPR: We honour subject access, rectification, erasure, restriction, and portability rights. A Data Protection Impact Assessment covers the store, ticketing, and moderation systems.
Data Protection Act 2018: UK lawful bases and special-category safeguards are applied where required. Staff agreements include confidentiality and data-handling clauses.
PCI DSS: Stripe (our processor) is certified to PCI DSS Level 1. We never store cardholder data. Webhooks are signed with Stripe’s secrets and verified before fulfillment runs.
Consumer Rights: As a UK entity, we follow the Consumer Rights Act 2015 for digital content. Because items are delivered immediately, withdrawal rights end once fulfillment succeeds, subject to our discretionary refund review.
Children’s data: Accounts are limited to players 13+ or those with verifiable parental consent. We do not knowingly collect data from younger children and will delete such records if discovered.
Incident response: Security incidents are handled under a documented playbook with thresholds for notifying the ICO and affected users within the statutory timeframe.

If you need proof of compliance (e.g., SCCs, DPIA summaries, processor lists), open a compliance ticket through our Discord server at discord.coreclub.cc.

Security & Incident Response

Passwords are hashed using modern algorithms, sessions are stored server-side with Mongo-backed expiration, and admin panels are gated behind role checks.
Support tools log all sensitive actions, providing an audit trail for staff accountability.
If we become aware of unauthorised access to personal data, we will notify affected users and regulators when legally required.

Legal Disclosures & Contact

Owner / Operator: Nugent Brothers Enterprises LTD (NI719078), trading as CoreClub
General contact: Join discord.coreclub.cc and open a support ticket.
Privacy & GDPR: Use the GDPR ticket workflow inside our Discord server or the in-portal GDPR tools.
Mailing address: Provided upon verified legal request.

Updates to This Notice

Policies may be amended to reflect new systems or regulatory changes. We will update the “last updated” timestamp in the portal changelog and at the top of this page. Continued use of the network after updates constitutes acceptance of the revised terms.