Text is Underlined in this document not necessarily to emphasise, but to increase readability and navigation of the document.
Managing your data
We allow a user to request all information related to their account to be deleted upon request. A user may also request all of their information to be downloaded upon request. Requests can be made by emailing [email protected] with the subject line being one of, although not limited to, the following:
- Account deletion request
- Account data download request
- Account data download and deletion request
- Stop processing my account’s data
- Withdrawal of data processing consent
Due to technical limitations, users can only request their information be downloaded, not directly transferred to a competitor.
For security and authentication purposes, we require the email be sent from the email on the account. Requests to delete accounts with emails different from the sender’s email will be denied. We may also deny requests for account deletion if we believe an email to be spoofed (via email spoofing services) or otherwise not sent from the account’s owner.
Upon a request being sent, we will verify the sender with a response email requiring one more confirmation that they would like their account be deleted. This is done to prevent email spoofing, as incoming mail is much harder to spoof. After a reply email that confirms they want the account deleted, the account and all information on an account will be deleted within 1 month with a response email.
If a user decides to delete an account, and does not send another email before we delete the account to cancel the request, the user understands that their account and related information, including the user’s toons, will be permanently lost.
Profiling and automated Decision Making
We do not perform profiling or automated decision making on users’ behalf beyond account security by verifying a requesting IP Address has been expressly authorized by the user (via user input).
What we collect
At Corporate Clash, we collect information in order to identify you and access our services, while only collecting surface-level information (eg, no names or addresses).
Personally identifiable information:
- Password (securely stored via bcrypt hashing with a strong salt)
- IP addresses
- Browser user agents
This information is collected by the user entering the information in fields upon account creation. In order for a user to create an account, they must check a checkbox allowing us to collect this information.
This information is stored on the servers we control and is not shared with any third parties.
We use this information to:
- Securely sign users in
- Ensure users’ account security and prevent unauthorized access of user accounts
- Audit security and ensure no unauthorized access has been gained on our systems
- Comply with law enforcement upon valid legal request
This information is kept on our servers for as long as the user uses our service, and is permanently removed and/or deleted upon user request (as described above).
This information is stored via:
- Our database software (MySql-compatible databases)
- Access log files (IP Addresses and browser user agent only)
Why do we need to collect this?
Ip addresses and browser user agents stored in log files are deleted after 6 months in case we need to audit past access to our services. Ip addresses are stored as a general public interest in order to ensure to users of our platform that their user account is not being accessed by an unauthorized party.
Upon receiving valid information, or we discover on our own accord, regarding unauthorized access to stored user data or a breach in our computer systems, we will notify local law enforcement if applicable as well as notify all users as to what information was breach via email within a fortnight or a reasonable time frame (unless encrypted and inaccessible to the breaching party).
In order to use our services, upon sign up a user agrees that it is truthful that they are older than 16 years of age. While we to the best of our ability try to ensure our service is friendly for all ages, in order to comply with EU and US law, users must be at least 16 years of age to use our services.
Updates to this document
We take security seriously at Corporate Clash. All communication between users and our servers is over TLS/SSL with up-to-date protocols, and our systems are protected with modern access control to prevent unauthorized users from accessing stored user data. We operate a security bug reporting email at [email protected]