EN - English (default)
1) General privacy rant statement
Your privacy if of the utmost importance yadda yadda yadda... no, i will spare you the PR spin, because i actually do not give a shit about who you are, where do you live, how old are you, what you identify as and so on, and this is the best possible scenario for you.
If you're wondering, yes, i'm being serious. You could deal with someone who asks you for your personal data and swears over and over that they won't do anything wrong with them, pinky promise, or you could deal with someone who couldn't care less about your personal data and doesn't even bother to ask you what's your name. If you're concerned with your privacy, which one would you go with? I'd choose the latter without even blinking.
Unfortunately, someone in Bruxelles decided that email addresses and IP addresses are to be considered personal data worthy of a whole slew of regulations in the form of 80 pages of the most boring tome i had to read in my whole life (yes, i really read it and yes, i'm still pissed about it), even if most of the email addresses are in the form of abc123@example.com, and 99% of the IPs this site is logging are dynamic, because they still might potentially give off or help reveal personal informations about you IRL.
Actually, this might indeed happen in case of fixed IPs and work emails, but why would you want to use any of that to create an account or play here? Don't you have a gmail or something? And aren't you supposed to... work while at work? Anyway, if you signed up and the email address you supplied is something like:
name.surname@my_employer.whatever
then you are one of the reasons why i'm wasting my time writing this, while i could waste my time in countless, more enjoyable ways, and i want you to feel guilty about that.
All the personal data about you that may be collected or generated by your usage of this site will be stored as long as necessary, deleted immediately thereafter, protected within commercially reasonable means to prevent theft, disclosure or unhautorized access and will NOT be shared publicly, to other users or to third parties, except when required by the law.
Ok, this is a bit of legalese, but it had to be said because reasons.
2) Email address
In case you decide to create an account with the signup form, you are required to provide a valid, functioning email address in order to sign up, validate your account, log in and possibly request a password reset should you need it. Plus, you might receive automated messages about the status of your account or about important updates in this site that might be of interest for you... supposing i want to be bothered with writing the necessary code, and it might well be the case that i won't, because i know very well that the vast majority of users give exactly zero effs about these kinds of emails. I, for once, am one of them.
Your email address will be stored as long as your global user account exists, and deleted immediately upon termination of your account.
Concerned by that? Then, just use a throwaway from some free email service. If it asks anything about you, feed it with bogus data. Seriously, i don't care. All i need is that email to work so you can validate your account, have fun with using this site and tell all your family, friends, peers and acquaintances how awesome it is. Ok, the last part is not really required, but if you do it you will be rewarded with a huge load of the most hearthfelt "thanks" i can come up with.
Or, if you're into social media, you can log in with either Facebook or Google and skip the entire signup process entirely. If you choose this option, i won't ask for anything at all, not even your email, nor i will fish any data about you from the social platform you're logging in with. If you want to know more about what happens regarding your privacy when you log in with a social media account, it's all explained in detail in section 9 of this document.
3) Nickname and password
The unique nickname that you are required to provide upon signing up is, in the general case, not to be considered as private info. In other word, it MAY be shown around. If you are concerned about being recognized as a user of this site, please choose a nickname that won't reveal anything about your true identity.
Your password, on the other hand, is the most sacred thing. It will be stored in an encrypted form, in a way that would make it almost impossible to retrieve the plain-text password from the encrypted string, so it is as much safe as it can be.
I won't enforce password restriction mechanisms if not at a very basic levels, so it's up to you to choose a password that is strong enough. Please do not use stupid passwords like "password" or "12345": not only they can be cracked in a split second with a dictionary, but they would also expose you as a complete idiot, and you might want to keep it as a secret. Best of things, use a password that is pure gibberish and/or nonsense and feed it to a password manager. Also, never, NEVER give your password to anyone. Not only it is totally reckless, but it's also completely unnecessary.
4) Security question and answer
To be able to request a password reset, you will need to provide a security question and an answer. For data protection purposes, this data falls into the personal data that i will use and protect as stated in section 1, but please don't be an idiot about that. Don't put questions like "what is my SSN", "what is my credit card number", or "what is the password to my bank account". Although such informations would still be reasonably safe here, i don't want any of that shit recorded on my site. It gives me creeps. So please be reasonable and use a question that won't seriously harm you in case the answer would be known.
Even better, find something that is meaningful for you but meaningless to anybody else. A good example would be "what is the name of my youngest cat" when you actually have dogs, and the answer might be something along the lines of "i'll let you know as soon as i have one". Seriously dude, it's YOUR privacy, not mine. Do your job.
5) Activity logging by the web server
In using this site, connections and usage activities are logged in the server logs. Heck, i wouldn't be even writing about server logs if not for the fact that, under EU rules, IP addresses are specifically defined as personal data, so here we are.
Each time you request a page (i.e. click somewhere) the web server records the page requested, the browser engine used to perform the request, the IP address the request comes from and the timestamp of the request. It does not identifies the user, it doesn't even tell if it's activity from some registered user of from a visitor.
Server logs are stored for the exclusive purpose or detecting and preventing fraud, unauthorized system accesses or possible security breaches and for enhancing the security of the site and the data it collects. Server log files are kept in plain-text status for a maximum period of 24 hours, turned into encrypted files thereafter, and permanently deleted after a maximum period of one year.
6) Activity logging by the website
While creating a global user account, and during its subsequent usage, some activity data is generated and stored in the database log. This kind of data is tied to the user generating it and therefore is treated as if it was considered personal data by EU rules (i'm not sure it's even the case, but i'd rather use some extra caution than worry about having my ass fined into bankrupcy).
Activity data is stored for the exclusive purpose of detecting and preventing fraud, unauthorized system accesses or possible security breaches and for enhancing the security of the site and the data it collects. Furthermore, activity data from game accounts is stored to prevent, detect and deal with cases of cheating, breach of the individual game rules and fraudolent behaviour in general.
Activity data is stored in appropriate encrypted tables and permamently deleted after a maximum period of one year from the moment it's been generated. If a global user account is terminated, either as a consequence of violations of the terms and conditions or by voluntary decision of the user, the activity data pertaining to that global user account is stored for a maximum period of one month from the termination and then permamently deleted.
7) Cookies
This website uses cookies. Seriously, literally every frigging website in existence uses cookies, why should i even waste my time writing this? Damn bureaucrats writing regulations on things they know jack shit about, i hope they all burn in hell.
Cookies are necessary to have this site function as intended. Once you log in, the system needs to recognize you as that particular user, and this is done by carrying around a session id as a cookie. Furthermore, cookies are used to store some personal preferences, like your default language of choice, or as helpers in order to increase efficiency by having some data readily available for use.
So, either accept the idea that this website will send you cookies or just avoid logging in entirely, there's no middle ground.
8) Posts and personal messages
In the general case, public posts or personal messages created or exchanged through this site are not to be considered private in absolute and will not be given the protection granted to personal data. This is an important point and you need to be aware of it: if you choose to use any means of communication provided by this site, you accept that the content you create with them it may be seen by third parties, at least in the case when the owner of the site or an operator acting on their behalf will be checking them as a consequence of alleged unruly behaviour.
If you need real privacy in your conversations, use something else. Or, even better, make a phone call.
9) Login from social media accounts
If you choose to log in with a social media account, then the following applies:
- You are not required to provide an email address, unless you decide to add an internal login option to your account at a later time, because the validation of your account has already been done by either Facebook or Google by whatever means they deem necessary. The fact that your account on that social platform exists, works, and can be used to log in into a third-party website counts as a proof of validity. Put it simple, if Google or Facebook say your account is good, by all means it's good.
- For the same reason, and with the same "unless", you are not required to provide a username and a password for login purposes. You might still need to authenticate with your credentials on Facebook or Google, but this is a flow of data between you and the social platform you're using to log in, this site is not involved in it at all and does not gather any type of data from your login process through these platforms.
If you log in with Facebook or Google, some additional cookies are fed to your browser by either of these platforms. These cookies are never sent to this server and are never used or manipulated by the client-side code that runs on your browser when you browse this site. If you want to know more about these cookies, you have to look for the individual platform's informative about their privacy and/or cookie policy and no, don't ask me where they are, i don't know and i don't care.
Following a successful login, this site retrieves your unique user ID from your platform of choice. This ID is treated as personal data because it can identify you on these platforms. It is fetched in a secure way, from token IDs that expire regularly, and by either an encrypted intra-server request (Facebook) or by querying them against a certificate file that is automatically and regularly updated (Google). Your unique user ID never travels from this server to the browser, or vice-versa.
Your full name on that social platform is also retrieved, but in quite the opposite way. It is requested from the browser, using a specific API from the social platform and the cookies they set on your browser upon login. Its data flow is from the social platform to the browser, and there it stops. It is not stored on the server, it doesn't even pass through it, and it's not stored on the browser either. Its only function is to place a meaningful name on the user menu. It goes away the moment you leave the page, only to be fetched again if you land on another page that contains a user menu while still logged in.
Your social user ID is stored in the database at the first login, and is used to identify you in the successive logins. It resides in the database as long as your global user account exists, and is deleted immediately thereafter. Your full name simply never reaches the server.
You need to be aware that by using a social login, you gain some ease of use and some extra privacy at the cost of a slightly reduced security. If you close your Facebook or Google page while logged in, you remain logged in, and if somebody else has access to your computer or device, that someone may gain access to your global user menu with the social login button and do whatever they want with it. So be conscious about it.
Moreover, and unless your global user account has more than one way to access it, your ability to log in it depends on the ability to log in into the social platform you're using. If your social account gets hacked, stolen, suspended, banned, deleted, or for whatever reason you lose the ability to log in into it, you are effectively locked out of your global user account for the whole time you're locked out of your social account, and there's nothing i can do about it. So, once again, be conscious about it.
Ah, yes, almost forgot. Facebook and Google are registered trademarks by their respective owners yadda yadda yadda whatever.
10) Final statements
This document may be updated at any time. By using this website, you agree to it as it is written at the moment. Therefore, check it once in a while, just to see if perhaps it has been changed to "by using this website, you agree to surrender all your present and future possessions to the owner of this site".
If you reached this point, chances are that you've wasted time into reading something you do not care about and will never care about in the slightest. Don't be sad, here's a cookie for you.
Last updated on: 25 april 2021, 11:21 UTC