What we collect
- Your Username
- Your Email
- Your Password (unreadable by us, using industry standard bcrypt hashing)
- IP Addreses used to access our services
- Browser user agents
How we use this data
We need to collect this information to operate this service.
- IP Addresses and browser user agents are required to prevent malicious abuse of our systems, hereby defined as "generic information".
- The password field is only used for making sure you're the one who is trying to log in.
- The email, username and password fields are required to log users in and provide account security mechanisms, hereby defined as "PII".
We may use third party services help us operate our services, including running various systems (such as Freshdesk for customer support). Your data is never sold, but it may be transferred or transmitted via our Data Processors (as defined below).
Managing your data
We allow a user to request PII associated with their account to be deleted via the website account page. A user may also request all of their information to be downloaded upon request. These requests will be fulfilled within thirty (30) days. Requests can be made by emailing firstname.lastname@example.org.
Due to technical limitations, users can only request their information be downloaded, not directly transferred to a competitor.
For security and authentication purposes, we require the email be sent from the email on the account. Requests to download data of accounts with emails different from the sender’s email will be denied. We may also deny requests if we believe an email to be spoofed (via email spoofing services) or otherwise not sent from the account’s owner.
When a user deletes their account, the user understands that their account and related information, including the user’s toons and other in-game content, will be permanently lost.
Profiling and automated Decision Making
We do not perform profiling or automated decision making on users’ behalf beyond verifying that a user has authorized specific IP addresses to access their account. Users let us know themselves what IP addresses are authorized.
Google and other sign-in provider Data
When you link your Corporate Clash account to Google or another sign-in provider, or use the "sign in with..." feature, we receive some of your data from the sign-in provider, such as your name, email, and a unique identifier. This data will only be used to associate the account you have with the sign-in provider to your Corporate Clash account in order to provide the account linking and "sign in with..." feature. We will never sell or export this information to anyone other than transmitting it via our data processors (detailed below) in order to store the data in a database or transfer it to your browser.
We use first-party cookies to contain a "session" that allows you to stay logged in between page loads. This session is associated with PII related to your account, but is not used to track you in places other than our websites.
We use some third-party cookies like the Cloudflare
__cfduid cookie and
__cf_bm cookie to ensure our website is protected against malicious attacks. These cookies are used across Cloudflare-operated websites in order to stop bots from performing malicious actions, such as signing up fake accounts.
When we use Twitter or Youtube embeds to show content from their services, we ask them to use a "no cookie" or "no tracking" version of the embed. It is up to them to honor this.
Updates to this document