Last updated: February 22, 2020
TL;DR: We don't want to invade on anyone's privacy and believe that information we do not directly need for the safe operation of the website should not be stored, and no information should be shared with or sold to 3rd parties. Don't deliberately give us any personally identifiable information, and your privacy is safe with us.
The MLP Vector Club ("us", "we", or "our") operates https://mlpvector.club/ (the "Site"). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.
We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.
Information Collection And Use
While using our Site we do not ask nor encourage you to provide us with any Personally Identifiable Information ("PII", "Personal Information") that can be used to identify you as an individual. PII may include, but is not limited to: your name, birth date, national identification numbers, location, phone number.
However, in order to facilitate easier authentication, we provide Users with the option to voluntarily enter their e-mail address in their Account Settings. This information is used strictly for the purposes of authentication (logging in, recovering forgotten passwords) and will not be shared with third parties under any circumstances.
When performing certain actions on our Site (including, but not limited to the creation and deletion of Requests and Reservations, adding, modifying and deletion of Personal Color Guide Appearances) we store the IP address associated with the user and the action being performed in an Application Log.
Entries in the Application Log are stored permanently, but IP addresses are removed from the entries after 3 months. Additionally, any Personal Information that might have inadvertently been recorded can be wiped on request.
We allow the submission of user-generated material (text and images) on our Site. When posting content you should avoid posting any Personal Information because most submitted content is made publicly available immediately. For certain actions you have the ability to remove things you post, removing it from public view immediately. Some information may still be retained in our Application Log, so please contact us using the method(s) described at the end of this document to notify us if our intervention is needed.
Do note that we cannot guarantee that information removed from our website that was previously publicly accessible would cease to exist online as any number of services outside our control may choose to make copies of content found on this site. This includes search engines such as Google.
Sign in is provided using DeviantArt's OAuth 2 API ("API") which is also secured using HTTPS. During the OAuth authentication process our Site does not receive your username or password, we only receive a token that can be used to verify the user's identity using this API. For performance reasons we store the basic information provided by this API (user ID, current and some previous usernames, avatar link) locally.
This information is not removed from our database automatically if you deactivate your DeviantArt account, so be sure to reach out to us if you would like your data removed. Please note that if you have any interactions on the site removing all of your data completely may not be possible.
We collect information that your browser sends whenever you visit our Site ("Log Data"). This Log Data may include information such as your computer's IP address, operating system, browser type, browser version, the pages of our Site that you visit, the time and date of your visit and other statistics.
This Log Data is stored only within our server and is not shared with any third party. Log Data is used for diagnostic purposes, and shared with law enforcement agencies if explicitly requested. It is kept for up to 14 days and discarded afterwards.
Cookies are files with small amount of data. Cookies are sent to your browser from a web site and stored on your computer's hard drive.
We use "cookies" to retain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
For every visitor we store a randomly generated token ("CSRF Token") used to prevent Cross-Site Request Forgery (CSRF) attacks and thus improve the site's security. This CSRF Token is always randomized and cannot be tied to any specific user because it is only stored on the client side and it is not stored after it is compared on the server side on a per-request basis. This cookie is required for most actions on the site that alter stored information, and as such disabling cookies will remove your ability to change or modify site content.
For logged in users a persistent cookie is used to remember the logged in status across browser sessions for 1 year. If you want to stop being remembered you can either sign out or clear the cookies set by our Site.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
When you use a compatible browser you will be connected to a Web Socket Server in order to receive updates to content on the page, including live notifications for signed in users. This feature cannot be turned off separately. Any PII this server receives (which is limited to your IP address) is discarded as soon as the connection is closed, typically by closing the browser window. The data exchange between the Web Socket Server and the Site is done locally and no PII is transmitted between the two parts of the application.
You have the option to set a password for your account for easier authentication in the future (once on-site login becomes available) which is stored in our database after securing it using a non-reversible hashing algorithm. Once saved, the original value cannot be recovered from the database. In the future, in case of a forgotten password the user will be able to request a password reset e-mail to their stored e-mail address in order to set a new password.
In the event of a security breach all users will be notified within 24 hours of discovery through a notice posted on this website, e-mail messages to those affected (who chose to share their e-mail address with us) as well as a journal on DeviantArt.