What we collect
- Your Username
- Your Email
- Your Password (unreadable by us, using industry standard bcrypt hashing)
- IP Addreses used to access our services
- Hardware identifiers used to access our services
- Browser user agents
How we use this data
We need to collect this information to operate this service.
- IP Addresses, hardware identifiers, and browser user agents are required to prevent malicious abuse of our systems.
- The password field is only used for making sure you're the one who is trying to log in.
- The email, username and password fields are required to log users in and provide account security mechanisms.
We may use third party services help us operate our services. Your data is never sold, but it may be transferred or transmitted via our Data Processors (as defined below).
Managing your data
We allow a user to request PII associated with their account to be deleted or downloaded via the website account page. Data downloads can only be performed every 30 days.
Due to technical limitations, users can only request their information be downloaded, not directly transferred to a competitor.
We may impose security and authentication checks during deletion or download requests to prevent unauthorized use of our system.
When you delete your account, you understand that your account and related information, including access to your toons and other in-game content, will be permanently lost.
third-party sign-in provider data
When you link your Corporate Clash account to Google or another sign-in provider, or use the "sign in with..." feature, we receive some of your data from the sign-in provider, such as your name, email, and a unique identifier. This data will only be used to associate the account you have with the sign-in provider to your Corporate Clash account in order to provide the account linking and "sign in with..." feature. We will never sell or export this information to anyone other than transmitting it via our data processors (detailed below) in order to store the data in a database or transfer it to your browser.
signining in and linking with third-party websites
We partner with certain third-party websites to allow you to log in to them with your Corporate Clash account and provide information on your account to them - this might includes data such as your toon's look, name, progress, etc, as well as personal data, such as the username or email associated with your account. This can be initiated from the third-party's website.
- Cloudflare (Cloudflare DPA)
- DigitalOcean (Digitalocean DPA)
- Amazon Web Services/AWS (AWS DPA)
- OVHcloud (OVH DPA)
We use first-party cookies to contain a "session" that allows you to stay logged in between page loads. This session is associated with PII related to your account, but is not used to track you in places other than our websites.
We may use some third-party cookies like the Cloudflare
__cf_bm cookie to ensure our website is protected against malicious attacks. These cookies are used by Cloudflare to detect and stop bots from performing malicious actions, such as signing up for fake accounts.
When we use Twitter or YouTube embeds to show content from their services, we ask them to use a "no cookie" or "no tracking" version of the embed. It is up to them to honor this.
Updates to this document
We retain the right to update this document without notice when we clarify existing policies. Users who continue to use our service after this document has been updated automatically agree to the new data processing terms defined in the updated document.