Caped Carousers

Privacy Policy & Cookie Information​

This policy applies to the following websites:

  • carousers.org
  • *.carousers.org (any and all subdomains)

Cookies

Our websites may utilize cookies to deliver content to you, or manage settings. Zero tracking cookies are set via our websites.

Carousers.org will set a cookie if you log into the website for administrative purposes, which is to identify which account is to be used.

members.carousers.org will set a session cookie which will store hashed data to identify which account is to be used.

forum.carousers.org will also store a session cookie with hashed data, but will also set a preference cookie containing a single integer that tells the website which set of forums to display. A cookie may be set, depending on the theme, that will collapse certain forum sections a user may wish to hide. The forums may also set a remember me cookie, which can be opted out of at login, which will automatically renew a session when it expires.

Hashed data for the session cookies are set by the system and matched to a database entry. These data pieces are not possible to unhash for readability, and only exist to ensure a session is valid, and not a cookie hijack.

Privacy

This section will outline when, how, and post-collection information regarding your data.

members.carousers.org and forum.carousers.org will collect the following information (as they share users and utilize the same login methods):

  1. Email address – used for account recovery. This field is not accessible by anyone other than the end-user. If a member loses their email, an admin can only wipe the field so the account user can set a new one.
  2. Ip address – used for login sessions, and are irreversibly hashed. Data is wiped after the session expires or is forced to expire.
  3. Browser data (user agent) – which browser is being used. This is irreversibly hashed for the session and is fully wiped when the session expires.
  4. Social logins – the ability to sign in with a social account can be programmed in to use OAuth2 protocols. Discord logins will only collect the user’s public account name & legacy discriminator (ie – johnsmith#1234), which is matched to an account associated with it to validate, and then a standard login session is generated.
Users must ensure that they do not provide their real name, address, location data, or any other personally identifiable information, as none of it is ever collected or stored. Admins reserve the right to remove any information which may be deemed personally identifiable without notice if needed.

Due to how the limited information that is gathered is stored and purged, zero data is transmitted to any other entity outside of the internal code used to deliver site content in the ways outlined above.