Privacy Policy

Mugon Dojo is a curated developer community operating at mugon.club and through the official Telegram bot @MugonDojoBot. This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with the Platform.

We are committed to transparency and to protecting the privacy of our members. If you have questions about this policy, please contact us at privacy@mugon.club.

Account Data

When you apply and create an account, we collect:

• Name, email address, and Telegram username
• Professional background and skills as declared in your application
• Profile information you provide (bio, links, avatar)
• Authentication credentials (hashed, never stored in plaintext)

Telegram Data

All messages sent in official Mugon Dojo Telegram groups are captured and stored. This includes:

• Message content, timestamps, and sender information
• Replies, reactions, and message edits
• Shared media metadata (file names, types, sizes)

This data is used for community health monitoring, moderation, contribution analysis, and Dan promotion decisions.

Platform Activity (Full Path Only)

We track your interactions within the Platform, including:

• Event attendance and project participation
• Endorsements given and received
• Job board interactions (applications, views)
• Dan progression history
• Login timestamps and session data

What We Do NOT Collect

• Private Telegram DMs — we never capture or access private messages
• Messages in non-official Telegram groups
• Browsing history outside the Platform
• Device location data or GPS coordinates
• Contacts or phone book data
• Financial information (payments are handled by third-party processors)

We use the collected data for the following purposes:

• Community Health: Monitoring group dynamics, identifying conflicts, ensuring a safe and productive environment for all members.
• Fair Promotion: Evaluating contributions and participation to support Dan advancement decisions that are transparent and merit-based.
• Talent Development: Understanding member strengths and growth areas to provide relevant opportunities, mentorship, and event recommendations.
• Platform Operation: Authenticating users, managing access tiers, delivering notifications, and maintaining the technical infrastructure.

We NEVER:

• Sell your personal data to third parties.
• Share your data with hiring companies without your explicit consent. Job applications are anonymized by default.
• Use your data for advertising, ad targeting, or marketing profiling of any kind.

We share data only with the following service providers, strictly as needed to operate the Platform:

• Supabase: Database hosting and authentication services. Data is stored in Supabase-managed PostgreSQL instances with Row Level Security (RLS) enabled.
• Vercel: Application hosting and serverless functions. Processes requests and serves the Platform.
• Cloudflare: CDN, DDoS protection, and DNS management. May process traffic metadata for security purposes.
• Resend: Transactional email delivery for notifications, verification, and system communications.
• Telegram: Bot API integration for group management, notifications, and message capture in official groups.

We do not share data with any other third parties, analytics platforms, or advertising networks.

We retain different types of data for different periods based on legitimate need:

When data reaches the end of its retention period, it is either permanently deleted or irreversibly anonymized.

Depending on your jurisdiction, you may have rights under the GDPR, CCPA, or equivalent data protection laws. These include:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal obligations and legitimate interests.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to the processing of your data for specific purposes.
• Right to Restrict Processing: Request limitation of how we process your data while a complaint or request is pending.

Account Deletion Process

You may request account deletion at any time by contacting privacy@mugon.club. Upon deletion:

• Your profile and personal data will be permanently removed.
• Your contributions will be anonymized (attributed to “Former Member”).
• Endorsements and reputation ledger entries are retained in anonymized form to preserve community integrity.
• Telegram message data associated with your account will be anonymized within 30 days.

By joining official Mugon Dojo Telegram groups, you consent to the capture and storage of all messages you send within those groups. This is essential to the operation of the community’s contribution tracking and moderation systems.

• Official groups only: Only messages in groups managed by @MugonDojoBot are captured.
• Private DMs are never captured: We do not and cannot access your private Telegram messages, direct messages, or messages in groups we do not operate.
• You may leave official groups at any time to stop future message capture. Previously captured messages will be retained according to our data retention schedule.

We use a minimal set of cookies strictly necessary for operation:

• Authentication cookies (sb-*): Set by Supabase to manage your login session. These are essential cookies and cannot be disabled while using the Platform.
• Cloudflare cookies: Used for security, bot detection, and performance optimization.

We do not use:

• Advertising cookies
• Tracking or analytics cookies
• Third-party marketing cookies
• Social media tracking pixels

No cookie consent banner is required because we only use strictly necessary cookies as defined by ePrivacy regulations.

We implement industry-standard security measures to protect your data:

• TLS encryption: All data in transit is encrypted using TLS 1.2 or higher.
• Row Level Security (RLS): Database-level access controls ensure users can only access data they are authorized to see.
• Server-side authentication: All authentication checks are performed server-side. No sensitive operations rely on client-side validation.
• Rate limiting: API endpoints are rate-limited to prevent abuse and brute-force attacks.
• Daily backups: Database backups are performed daily and stored securely with encryption at rest.
• Audit trail: All administrative actions and significant data changes are logged in an immutable audit trail.

In the event of a data breach that affects your personal data, we commit to:

• Notifying affected users within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
• Providing clear information about what data was affected, the likely consequences, and the measures taken to address the breach.
• Reporting the breach to the relevant supervisory authority where required by law.
• Taking immediate remedial action to contain the breach and prevent further unauthorized access.

Your data may be processed in the United States and the European Union through our service providers.

• Supabase, Vercel, and Cloudflare operate infrastructure in multiple regions including the US and EU.
• Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.
• We select service providers that maintain appropriate certifications and compliance frameworks (e.g., SOC 2, ISO 27001).

Mugon Dojo is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16.

If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data as promptly as possible. If you believe a child under 16 has provided us with personal data, please contact us at privacy@mugon.club.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When changes are made:

• We will provide at least 14 days’ notice before the updated policy takes effect.
• Notification will be sent via email and posted in the official Telegram announcement channel.
• The “Last Updated” date at the top of this policy will be revised accordingly.

Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, data requests, or concerns, please contact us at:

Email: privacy@mugon.club

We commit to responding to all privacy inquiries within 30 days. For GDPR data subject requests, we will respond within the legally mandated timeframe.