Privacy policy


What we collect

  • Your Username
  • Your Email
  • Your Password (unreadable by us, using industry-standard bcrypt hashing)
  • IP Addresses used to access our services
  • Hardware identifiers used to access our services
  • Logs, metrics, and events generated by use of our services
  • Browser user agents

How we use this data

We need to collect this information to operate this service.

  • IP Addresses, hardware identifiers, and browser user agents are required to prevent malicious abuse of our systems.
  • The password field is only used to make sure you're the one who is trying to log in.
  • The email, username, and password fields are required to log users in and provide account security mechanisms.

We may use third-party services to help us operate our services. Your data is never sold, but it may be transferred or transmitted via our Data Processors (as defined below).

Managing your data

We allow users to request PII associated with their account to be deleted via the website account page. We may impose security and authentication checks during deletion to prevent unauthorized use of this feature and will not authorize account deletion via other means.

When you delete your account, you understand that your account and related information, including access to your toons and other in-game content, will be permanently lost.

Parental opt-out

If you are a parent or legal guardian and would no longer like you or your child to be bound to this privacy policy, you may use the information above to delete your child's account. Since this information is required to operate the service, the account will be deleted. For security purposes, this can only be done manually by logging into the account and performing the deletion yourself.

Third-party sign-in provider data

When you link your Corporate Clash account to a sign-in provider/use the "sign in with..." feature, we receive some of your data from the sign-in provider, such as your name, email, and a unique identifier. This data will only be used to associate your account with the sign-in provider to your Corporate Clash account to provide the account linking and "sign in with..." feature. We will never sell or export this information to anyone other than transmitting it via our data processors (detailed below) in order to store the data in a database, process it for business usage, or transfer it to your browser.

Your use of the feature is contingent on agreeing to the terms of service and privacy policy of the sign-in provider. You are not required to use this feature to access the main service unless you want to use features reliant on them.

Signing-in and linking with third-party websites

We partner with certain third-party websites to allow you to log in to them with your Corporate Clash account and provide information on your account to them via "Oauth" - this might include game data such as your toon's look, name, progress, etc., as well as personal data, such as the username or email associated with your account.

When you agree to share data with these third parties, any shared information will be bound to the third party's own terms of service and privacy policy, and we cannot guarantee any level of security, privacy, or access control regarding such data. However, if you reasonably suspect a third-party website is using information gained via Oauth data sharing in a way inconsistent with proper data security and privacy standards or our privacy policy, please report it and any evidence you might have by emailing security@corporateclash.net.

Data Processors

Cookies

We use first-party cookies to contain a "session" that allows you to stay logged in between page loads. This session is associated with PII related to your account, but is not used to track you in places other than our websites.

We may use Cloudflare cookies to ensure our website is protected against malicious attacks. Cloudflare uses various cookies to maximize network resources, manage traffic, and protect customers’ sites from malicious traffic.

We may use cookies generated by Datadog to track your usage of our website in between page loads. This is not used for cross-site tracking, and you may inspect the full scope of information collected here.

When we use Twitter or YouTube embeds to show content from their services, we ask them to use a "no cookie" or "no tracking" version of the embed. It is up to them to honor this.

Updates to this document

We retain the right to update this document without notice when we clarify existing policies. Users who continue to use our service after this document has been updated automatically agree to the new data processing terms defined in the updated document.


View history of changes on GitHub.