What we collect
- Your Username
- Your Email
- Your Password (unreadable by us, using industry-standard bcrypt hashing)
- IP Addresses used to access our services
- Hardware identifiers used to access our services
- Logs, metrics, and events generated by use of our services
- Browser user agents
How we use this data
We need to collect this information to operate this service.
- IP Addresses, hardware identifiers, and browser user agents are required to prevent malicious abuse of our systems.
- The password field is only used to make sure you're the one who is trying to log in.
- The email, username, and password fields are required to log users in and provide account security mechanisms.
We may use third-party services to help us operate our services. Your data is never sold, but it may be transferred or transmitted via our Data Processors (as defined below).
Managing your data
We allow users to request PII associated with their account to be deleted via the website account page. We may impose security and authentication checks during deletion to prevent unauthorized use of this feature and will not authorize account deletion via other means.
When you delete your account, you understand that your account and related information, including access to your toons and other in-game content, will be permanently lost.
Third-party sign-in provider data
When you link your Corporate Clash account to a sign-in provider/use the "sign in with..." feature, we receive some of your data from the sign-in provider, such as your name, email, and a unique identifier. This data will only be used to associate your account with the sign-in provider to your Corporate Clash account to provide the account linking and "sign in with..." feature. We will never sell or export this information to anyone other than transmitting it via our data processors (detailed below) in order to store the data in a database, process it for business usage, or transfer it to your browser.
Signing-in and linking with third-party websites
We partner with certain third-party websites to allow you to log in to them with your Corporate Clash account and provide information on your account to them via "Oauth" - this might include game data such as your toon's look, name, progress, etc., as well as personal data, such as the username or email associated with your account.
- Cloudflare (Cloudflare DPA)
- DigitalOcean (Digitalocean DPA)
- Amazon Web Services/AWS (AWS DPA)
- OVHcloud (OVH DPA)
- Google Cloud Platform (GCP DPA)
- Microsoft Azure (Azure DPA)
- Elastic Cloud (Elastic DPA)
- Datadog (DD DPA)
We use first-party cookies to contain a "session" that allows you to stay logged in between page loads. This session is associated with PII related to your account, but is not used to track you in places other than our websites.
We may use Cloudflare cookies to ensure our website is protected against malicious attacks. Cloudflare uses various cookies to maximize network resources, manage traffic, and protect customers’ sites from malicious traffic.
When we use Twitter or YouTube embeds to show content from their services, we ask them to use a "no cookie" or "no tracking" version of the embed. It is up to them to honor this.
Updates to this document
We retain the right to update this document without notice when we clarify existing policies. Users who continue to use our service after this document has been updated automatically agree to the new data processing terms defined in the updated document.