What we collect
- Your Username
- Your Email
- Your Password (unreadable by us, using industry standard bcrypt hashing)
- IP Addreses used to access our services
- Browser user agents
How we use this data
We need to collect this information to operate this service.
- IP Addresses and browser user agents are required to prevent malicious abuse of our systems, hereby defined as "generic information".
- The password field is only used for making sure you're the one who is trying to log in.
- The email, username and password fields are required to log users in and provide account security mechanisms, hereby defined as "PII".
We may use third party services help us operate our services, including running various systems (such as Freshdesk for customer support). Your data is never sold, but it may be transferred or transmitted via our Data Processors (as defined below).
Managing your data
We allow a user to request PII associated with their account to be deleted upon request. A user may also request all of their information to be downloaded upon request. These requests will be fulfilled within thirty (30) days. Requests can be made by emailing firstname.lastname@example.org with the subject line being one of, although not limited to, the following:
- Account deletion request
- Account data download request
- Account data download and deletion request
- Stop processing my account’s data
- Withdrawal of data processing consent
Due to technical limitations, users can only request their information be downloaded, not directly transferred to a competitor.
Due to all collected data being required for an account to be operational, any user request related to withdrawal of data collection consent will result in the user's account being deleted (the user will be notified of this before their account is deleted).
For security and authentication purposes, we require the email be sent from the email on the account. Requests to delete accounts with emails different from the sender’s email will be denied. We may also deny requests for account deletion if we believe an email to be spoofed (via email spoofing services) or otherwise not sent from the account’s owner.
Upon a request being sent, we will verify the sender with a response email requiring one more confirmation that they would like their account be deleted. This is done to prevent email spoofing. After a reply email that confirms they want the account deleted, the account and all PII associated with the account will be deleted within 1 month with a response email.
If a user decides to delete an account, and does not send another email before we delete the account to cancel the request, the user understands that their account and related information, including the user’s toons and other in-game content, will be permanently lost.
Profiling and automated Decision Making
We do not perform profiling or automated decision making on users’ behalf beyond verifying that a user has authorized specific IP addresses to access their account. Users let us know themselves what IP addresses are authorized.
When you link your Corporate Clash account to Google or use "sign in with Google", we receive some of your data from Google, such as your name, email, and a unique ID. This data will only be used to associate your Google account to your Corporate Clash account in order to provide the account linking and Google sign-in feature. We will never sell or export this information to anyone other than transmitting it via our data processors (detailed below) in order to store the data in a database or transfer it to your browser.
We use first-party cookies to contain a "session" that allows you to stay logged in between page loads. This session is associated with PII related to your account, but is not used to track you in places other than our websites.
We use some third-party cookies like the Cloudflare
__cfduid cookie and
__cf_bm cookie to ensure our website is protected against malicious attacks. These cookies are used across Cloudflare-operated websites in order to stop bots from performing malicious actions, such as signing up fake accounts.
When we use Twitter or Youtube embeds to show content from their services, we ask them to use a "no cookie" or "no tracking" version of the embed. It is up to them to honor this.
Updates to this document
We retain the right to update this document without notice. Users who continue to use our service after this document has been updated automatically agree to the new data processing terms defined in the updated document.