Privacy Policy

Last updated: April 21, 2026

1. What We Collect

We collect the minimum data necessary to operate the Service:

  • Account data: email address, username, and display name you provide during registration
  • Authentication data: hashed passwords, two-factor authentication settings, and session tokens
  • Usage data: authenticated API request counts, response times, error rates, and operational usage logs tied to your account
  • Network Storage data: game data you explicitly store through our API (player saves, leaderboards, configuration)
  • Support data: messages and attachments you submit through support tickets
  • Log data: IP addresses, timestamps, and request metadata for security monitoring and abuse prevention

We do not collect analytics through third-party tracking scripts beyond basic, anonymous page-view counting.

2. How We Use Your Data

  • To provide and maintain the Service (authentication, storage, API delivery)
  • To enforce rate limits, usage quotas, and abuse prevention
  • To respond to support requests
  • To monitor and improve Service performance and reliability
  • To send transactional emails (verification, password resets, security alerts)

3. Data Storage & Third Parties

Your data is processed and stored using the following infrastructure:

  • Bunny.net CDN: Network Storage data (game saves, collections, endpoints) is stored on Bunny.net's global CDN infrastructure
  • PostgreSQL: Account information, sessions, API key metadata, and API usage analytics are stored in a PostgreSQL database on our VPS
  • Mailgun: Transactional emails (verification, password resets) are sent through Mailgun
  • Cloudflare Turnstile: CAPTCHA verification during registration to prevent automated abuse

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

4. Network Storage Data

Data stored through the Network Storage API:

  • Is stored as JSON files on CDN infrastructure and may be cached at edge locations globally
  • Is associated with your project and accessible via your API keys
  • May include Steam IDs and other player identifiers that your game submits
  • Is not encrypted at rest by default (API key files for secret keys are encrypted)
  • Transaction logs and ledger audit trails are retained for operational integrity

You are responsible for ensuring that the data you store complies with applicable privacy laws. Do not store sensitive personal information (financial data, health records, government IDs) in Network Storage.

5. Cookies & Sessions

We use a single session cookie to keep you logged in. This cookie:

  • Contains only a session identifier (no personal data)
  • Expires when your session ends or after the configured timeout
  • Is required for authenticated features (dashboard, settings, support)

We do not use advertising cookies, tracking pixels, or cross-site tracking.

6. Data Retention

  • Account data is retained as long as your account exists
  • Network Storage data is retained as long as your project exists
  • Authenticated API usage analytics and request logs are retained for operational reporting, abuse prevention, and support
  • Security logs (IP addresses, auth attempts) are retained for up to 90 days
  • Transaction and ledger logs are retained indefinitely for audit integrity
  • Data from deleted projects may persist in CDN caches for a short period after deletion

7. Your Rights

You can:

  • Access and update your account information through Settings
  • Export your Network Storage data through the project dashboard
  • Delete your projects and their associated data through the dashboard
  • Delete your account from Settings after clearing any owned or shared Network Storage projects

If you are located in the EU/EEA, you may have additional rights under GDPR including the right to data portability and the right to object to processing. Contact us to exercise these rights.

8. Security

We take reasonable measures to protect your data, including encrypted connections (HTTPS), hashed passwords, two-factor authentication support, and encrypted API secret keys. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes

We may update this policy from time to time. Material changes will be noted by updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

11. Contact

Questions about this policy? Reach out through our Support Center or Discord.