Privacy policy

What we collect

• Your login.
• Your password (unreadable by us, hashed using Scrypt algorithm).
• The account ID and username if using third-party login services (the “sign in with…” feature).
• The hardware identifiers and IP addresses of your machine(s) used to connect to our game service.
• The navigation and HTTP request history, as generated by the use of our services, without connection to the user’s PII. This history may include IP addresses.

How we use this data

This information is required to operate this service.

• Collection of logins, passwords, and the account IDs for third-party login services is required to log users in and ensure the security of their accounts.
• Collection of hardware identifiers and IP addresses is required to prevent malicious usage of the game services.
• Collection of request history is required for maintenance of this website and the game service.

We may use third party services help us operate our services. Your data is never sold, but it may be transferred or transmitted via our Data Processors (as defined below).

Managing your data

We allow a user to request PII associated with their account to be deleted by submitting a request in the email form to [email protected]. We may impose security and authentication checks during deletion to prevent unauthorized use of this feature and will not authorize account deletion via other means.

When you delete your account, you understand that your account and related information, including access to your Toons and other in-game content, will be permanently lost.

Parental opt-out

If you are a parent or legal guardian, and would no longer like you or your child to be bound to this privacy policy, you may use the information above to delete your child’s account. Since this information is required to operate the service, the account will be deleted. For security purposes, this can only be done manually and will require logging into the account.

Data processors

• Cloudflare - Link to DPA
• Oracle Cloud - Link to DPA
• Discord (only application/Join the Team process, see below) - Link to Privacy Policy
• Google (only application/Join the Team process, see below) - Link to DPA

Cookies

We use first-party cookies to contain a “session” that allows you to stay logged in between page loads. This session is associated with PII related to your account, but is not used to track you in places other than our websites. Currently, the PII that can be obtained through the session cookies includes:

• An account identifier as set during registration.

We may use first-party cookies to cache responses of certain requests to our backend services (for example, to cache your username after you log into your account). These cookies expire in at most 1 hour after being created. Any PII contained in those cookies can also be obtained directly through the session cookies.

We may use Cloudflare cookies to ensure our website is protected against malicious attacks. These cookies are used by Cloudflare to detect and stop bots from performing malicious actions against our services.

When we use YouTube embeds to show content from their services, we ask them to use a “no cookie” or “no tracking” version of the embed. It is up to them to honor this.

Join the Team/Application process

PII collection may be involved during the application/hiring process (“Join the Team”). We collect no additional information during this process other than the information provided by the applicant on the application form.

Any information provided through the application form may be posted to a Discord server for the team leads to review. Only the project management is able to review the application form in the server (the set of project managers can change over time as our volunteers get promoted and demoted). We do not allow the deletion of the logs or the application form in the Discord server at the time as we believe this information is important to the operation of our application process.

The submission of the application form will be retained in our database for 14 days to prevent possible issues with the application process and automatically deleted. We currently do not handle requests to delete submissions from our database due to 14 days being a short enough period of time.

We may collect PII while accepting a volunteer onto the team. This collection is contractually necessary. We will store the submitted PII for the duration of the volunteer’s contract and at least 30 days after the volunteer’s termination. After 30 days, the terminated volunteer may request deletion of the PII through the E-mail address [email protected]. PII involved in this process is handled through Google services and is subject to the Google DPA.

Updates to this document

We retain the right to update this document without notice. Users who continue to use our service after this document has been updated automatically agree to the new data processing terms defined in the updated document. Any updates to this document will be reflected in the changelog below.

Changelog

No changes were made yet.