Privacy Policy

Who we are

We are Mudlet, an Open Source application for Multi-User Dungeon and text-based games.  Our collection of Open Source developers and MUD enthusiasts collaborates to produce both the application known as Mudlet and the services and resources represented by our website, wiki, and forums.

Our website address is: https://www.mudlet.org.
For contact information see: https://www.mudlet.org/contact/

 

What personal data we collect and why we collect it

User Accounts

Our website, wiki, and forum each allow visitors to create or register accounts with which they can further view and publish content to the respective services. When a visitor registers a user account, we collect the information requested on each specific registration form which may contain personally identifiable information such as a User Name and an Email address in order to verify your account (and to provide password reset and user validation when required).   Additionally the visitor’s IP address and browser user agent string are logged at registration and during authentication for the purposes of spam/abuse detection.

Mudlet.org collects this data in order to provide you with services as well as to help Mudlet.org administration protect the services from abuse.

 

Comments

When visitors leave comments on our website or forums we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help with spam detection.

In some cases, an anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

 

Media

If you upload images to the website, forum, or wiki, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

 

Contact forms

We provide contact forms by which to reach administrative personnel of Mudlet.org and the Mudlet project which require the visitor to supply an Email address to which an administrative personnel may respond.  The information requested and submitted into a contact form may be stored in a database or sent via email for review and response by any of the Mudlet.org administrative personnel.   The information submitted into these forms will not be published on our site(s) in an automated way but may be visible to multiple administrative persons.

 

Cookies

If you visit our website, you should see a cookie notice at the bottom of the page. This notice also controls the activation of Google Analytics on our WordPress web pages. Should you choose not to accept, you will also opt-out of GA tracking.  You may also revoke your acceptance later.  A cookie is required for remembering this choice, it contains no personal data and will expire after 1 month.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Similarly our Wiki and Forum services utilize and will set temporary cookies to provide “Remember Me” functionality or store service-specific settings which typically do not include personal data.

Cookies may be set on your computer by third-party services such as Google ReCAPTCHA, which should not contain any personal data and may be required for proper function of the Google ReCAPTCHA service, which we use to help protect our various submission forms from automatic abuse.  At this time we cannot provide an opt-out for ReCAPTCHA.

Mudlet.org hosts it’s own analytics service powered by Matomo On-Premise, in an attempt to migrate away from Google Analytics in the near future.  Matomo will set cookies when you visit our website or domains which utilize our tracker.  Some cookies may be used to track your interactions as you visit our domains, while others simply store your settings or preferences with our tracking system.  These cookies are not shared outside of the mudlet.org domain or sub-domains.  

 

Embedded content from other websites

Articles on this site, our wiki, or forum, may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

 

Analytics

Mudlet.org and it’s web services make use of first and third-party analytics services such as Webalizer, Matomo On-PremiseGoogle Analytics, and Wordfence in order to gain insight into the activities taking place on our services as well as to aid in securing and further improving of the services we provide to the public.

At this time you may opt-out of Google Analytics by denying or revoking the cookie notice at the bottom of our WordPress pages.  This does not however apply to pages on the Forum or Wiki sections of this website (which do not use WordFence and may not use Google Analytics at all.)   There is currently no opt-out available for Webalizer as it is anonymized data.  Similarly for WordFence no opt-out is available as it is only applied to WordPress login data and account creation on WordPress is reserved for Mudlet.org administrative personnel.

Mudlet.org hosts an Analytics service powered by Matomo On-Premise.  This locally-hosted service is only available to the Mudlet.org administrators and Mudlet core development team members.   Users can opt-out of this local tracking system by using the embedded form bellow: 

 

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.

 

Who we share your data with

Mudlet.org does not sell, trade, or publish user data.  We will only disclose personal data if required to by law or if deemed reasonable by involved parties.

There exists however a potential for Mudlet.org to disclose your personal information, such as username, email address, and IP address, with a third-party service provider known as StopForumSpam in order to help protect our users and services from abuse by spam agents.   When a visitor or user makes a post or content update on our Forum or Wiki, an automated check is carried out which checks potentially personal data with StopForumSpam’s API for spam agent detection.  In the event that a post or content update is made by a registered user which appears to be spam or vandalism, our administrative personnel may activate a submission of the registered user’s information (username, email, IP) to StopForumSpam to have the information included in their spam detection service.

Logins to this website (WordPress specifically) are monitored by Wordfence and submitted login data (username, email address, and IP address) may conditionally be sent to their services if your login fails or the monitor software detects suspicious activity.

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.

 

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you make threads or posts in our Forum, your submitted content is retained indefinitely to maintain completeness of discussions.

If you make additions or changes to content in the Wiki, your submitted changes and data about your actions will be retained indefinitely to maintain the functionality and integrity of the Wiki.

For users that register on our website, Forum, or Wiki, we also store the personal information they provide in their user profile or registration information. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Information within Security Logs for this website and services are retained for no longer than two months, and may be retained for as few as 4 days.

 

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

If you have created an account on the Forum or Wiki, you can similarly request to receive your personal data and Mudlet.org administrative personnel will attempt to retrieve the data and send it to you in its entirety or delete it if you so desire.  At this time we may not be able to provide a convenient format for the data or a guarantee that any request for deletion of data will be processed in an exact time frame.

 

Where we send your data

Visitor comments may be checked through an automated spam detection service. For our website, this checking is carried out by Akismet when it is enabled.   For our Wiki and Forum, automatic checking of the submitting agent is carried out by StopForumSpam and information about the submitting agent (user name, email, IP address) may be submitted to their service for storage if the submitting agent is deemed as a spamming agent by either automatic checks or the review of administrative personnel.

 

Additional information

How we protect your data

Mudlet.org makes a commitment to providing a stable and secure service by ensuring our services are provided over SSL secured connections and ensuring the software which enables our web services are kept up-to-date as often as we are able.  Critical security patches are applied automatically in many cases and review and application of updates is taken on a monthly basis.  Access and review of the host system is allowed only over secured connections with authorized administrative personnel.

 

What data breach procedures we have in place

In the event that a data breach is detected Mudlet.org administrative personnel will attempt firstly to stop any further information from being leaked if possible.  As soon as a breach is detected, administrative personnel will begin writing a notice to its registered users to inform them of the nature of the breach and the data which may have been disclosed.  Depending on the breach, we will give suggestions that our users make changes to any accounts which may be associated with accounts or information involved in the breach, and in certain cases we may make changes to accounts which are affected to prevent unauthorized access or use of user accounts.

 

What third parties we receive data from

Mudlet.org may make use of information provided by third-parties such as Github, Travis-CI, or other distribution parties to help determine how many downloads the application gets and which OS see the most use of our application.   This information is collected via in-browser and web-based analytics and is not part of the Mudlet application.  The information collected about these demographics helps us to appropriately weight the importance of certain issues with the application.

 

What automated decision making and/or profiling we do with user data

As noted earlier in this policy, our website, Forum, and Wiki utilize third-party services to automatically detect if submitted data is or may be submitted by a “spammer” as well as to detect if certain web-based requests are suspicious or malicious. As such you may find yourself at the receiving end of a “false positive” where you are denied ability to post or update contents such as comments, forum posts, or wiki changes.   Should this occur to you, you may be automatically directed to the third-party service responsible for this automatic profiling.  If you are not directed to the responsible service or are having difficulties resolving a false-positive, please contact Mudlet.org administrative personnel for help.

 

Updates

Updates to this policy may be made without notice to the users.  Users are encouraged keep track of this page and the date given in this section to determine if the policy has been updated. Notifications of substantial changes to our services which would affect this policy or the privacy of our users may be sent to users via E-Mail.

Last Updated: 6/3/2018