Privacy policy

What we collect

  • Your Username
  • Your Email
  • Your Password (unreadable by us, using industry standard bcrypt hashing)
  • IP Addreses used to access our services
  • Browser user agents

How we use this data

We need to collect this information to operate this service.

  • IP Addresses and browser user agents are required to prevent malicious abuse of our systems, hereby defined as "generic information".
  • The password field is only used for making sure you're the one who is trying to log in.
  • The email, username and password fields are required to log users in and provide account security mechanisms, hereby defined as "PII".

We may use third party services help us operate our services, including running various systems (such as Freshdesk for customer support). Your data is never sold, but it may be transferred or transmitted via our Data Processors (as defined below).

Managing your data

We allow a user to request PII associated with their account to be deleted via the website account page. A user may also request all of their information to be downloaded upon request. These requests will be fulfilled within thirty (30) days. Requests can be made by emailing

Due to technical limitations, users can only request their information be downloaded, not directly transferred to a competitor.

For security and authentication purposes, we require the email be sent from the email on the account. Requests to download data of accounts with emails different from the sender’s email will be denied. We may also deny requests if we believe an email to be spoofed (via email spoofing services) or otherwise not sent from the account’s owner.

When a user deletes their account, the user understands that their account and related information, including the user’s toons and other in-game content, will be permanently lost.

Parental opt-out

If you are a parent or legal guardian, and would no longer like you and your child to be bound to this privacy policy, you may follow the same steps defined in the above section to withdraw your consent. Note that since this information is required to operate the account, the account will be deleted. For security purposes, you must send the opt-out email from your child's e-mail address. Your PII will no longer be stored on our systems once the request is fulfilled.

Profiling and automated Decision Making

We do not perform profiling or automated decision making on users’ behalf beyond verifying that a user has authorized specific IP addresses to access their account. Users let us know themselves what IP addresses are authorized.

Google and other sign-in provider Data

When you link your Corporate Clash account to Google or another sign-in provider, or use the "sign in with..." feature, we receive some of your data from the sign-in provider, such as your name, email, and a unique identifier. This data will only be used to associate the account you have with the sign-in provider to your Corporate Clash account in order to provide the account linking and "sign in with..." feature. We will never sell or export this information to anyone other than transmitting it via our data processors (detailed below) in order to store the data in a database or transfer it to your browser.

Your use of the feature is contengent on accepting the terms of service and privacy policy of the sign-in provider. It is not required to use this feature to access the main service.

Data Processors


We use first-party cookies to contain a "session" that allows you to stay logged in between page loads. This session is associated with PII related to your account, but is not used to track you in places other than our websites.

We use some third-party cookies like the Cloudflare __cfduid cookie and __cf_bm cookie to ensure our website is protected against malicious attacks. These cookies are used across Cloudflare-operated websites in order to stop bots from performing malicious actions, such as signing up fake accounts.

When we use Twitter or Youtube embeds to show content from their services, we ask them to use a "no cookie" or "no tracking" version of the embed. It is up to them to honor this.

Updates to this document

We retain the right to update this document without notice when we clarify existing policies. We will notify users via email if our privacy policy is modified to include new third-party entities or change what data we collect. Users who continue to use our service after this document has been updated automatically agree to the new data processing terms defined in the updated document.

View history of changes on GitHub.

Toon Mail