Privacy policy


What we collect

  • Your Username
  • Your Email
  • Your Password (unreadable by us, using industry standard bcrypt hashing)
  • IP Addreses used to access our services
  • Browser user agents

How we use this data

We need to collect this information to operate this service.

  • IP Addresses and browser user agents are required to prevent malicious abuse of our systems, hereby defined as "generic information".
  • The password field is only used for making sure you're the one who is trying to log in.
  • The email, username and password fields are required to log users in and provide account security mechanisms, hereby defined as "PII".

We may use third party services help us operate our services, including running various systems (such as Freshdesk for customer support). Your data is never sold, but it may be transferred or transmitted via our Data Processors (as defined below).

Managing your data

We allow a user to request PII associated with their account to be deleted upon request. A user may also request all of their information to be downloaded upon request. These requests will be fulfilled within thirty (30) days. Requests can be made by emailing [email protected] with the subject line being one of, although not limited to, the following:

  • Account deletion request
  • Account data download request
  • Account data download and deletion request
  • Stop processing my account’s data
  • Withdrawal of data processing consent
  • Withdrawal of TOS/Privacy Policy consent

Due to technical limitations, users can only request their information be downloaded, not directly transferred to a competitor.

Due to all collected data being required for an account to be operational, any user request related to withdrawal of data collection consent will result in the user's account being deleted (the user will be notified of this before their account is deleted).

For security and authentication purposes, we require the email be sent from the email on the account. Requests to delete accounts with emails different from the sender’s email will be denied. We may also deny requests for account deletion if we believe an email to be spoofed (via email spoofing services) or otherwise not sent from the account’s owner.

Upon a request being sent, we will verify the sender with a response email requiring one more confirmation that they would like their account be deleted. This is done to prevent email spoofing. After a reply email that confirms they want the account deleted, the account and all PII associated with the account will be deleted within 1 month with a response email.

If a user decides to delete an account, and does not send another email before we delete the account to cancel the request, the user understands that their account and related information, including the user’s toons and other in-game content, will be permanently lost.

Parental opt-out

If you are a parent or legal guardian, and would no longer like you and your child to be bound to this privacy policy, you may follow the same steps defined in the above section to withdraw your consent. Note that since this information is required to operate the account, the account will be deleted. For security purposes, you must send the opt-out email from your child's e-mail address. Your PII will no longer be stored on our systems once the request is fulfilled.

Profiling and automated Decision Making

We do not perform profiling or automated decision making on users’ behalf beyond verifying that a user has authorized specific IP addresses to access their account. Users let us know themselves what IP addresses are authorized.

Data Processors

Cookies

We use first-party cookies to contain a "session" that allows you to stay logged in between page loads. This session is associated with PII related to your account, but is not used to track you in places other than our websites.

We use some third-party cookies like the Cloudflare __cfduid cookie and __cf_bm cookie to ensure our website is protected against malicious attacks. These cookies are used across Cloudflare-operated websites in order to stop bots from performing malicious actions, such as signing up fake accounts.

When we use Twitter or Youtube embeds to show content from their services, we ask them to use a "no cookie" or "no tracking" version of the embed. It is up to them to honor this.

Updates to this document

We retain the right to update this document without notice. Users who continue to use our service after this document has been updated automatically agree to the new data processing terms defined in the updated document.


View history of changes on GitHub.