Privacy Policy

It is recommended also to read the Terms of Service at https://ii.starshipfights.net/legal/tos, if you have not done so already.

Section I - The Data We Collect

No data is collected by the Game Starship Fights II itself. The executable that is downloaded does not "phone home" to deliver any information that is present on the executing device; in fact, the only connections it makes to the servers that host the official Website are for the purpose of authenticating for online features. The following data is collected by the official Starship Fights II Website:

Discord ID

This is needed to keep your Starship Fights II user account accessible when you log in using your Discord account.

Discord Profile Data: Username, Global Profile Name (if present), Discriminator (if present), Avatar

This is stored to give you the option of displaying your Discord account on your public user profile.

GitGud User ID

This is needed to keep your Starship Fights II user account accessible when you log in using your GitGud account.

GitGud Profile Data: Username, Profile Name, Profile Picture

This is stored to give you the option of displaying your GitGud account on your public user profile.

Peppered hash of your e-mail address

This is stored to prevent people from making sockpuppet accounts. E-mail addresses are not stored in plaintext, instead they are concatenated with a cryptographic pepper stored outside the database, and then hashed using SHA-3 (Keccak) 256.

Salted hash of your browser's User-Agent concatenated to your public-facing IP address

We do not store your browser's User-Agent or your public-facing IP address in plaintext. Instead, your User-Agent, IP address, and an 80-bit (10-byte) random salt are concatenated and hashed using SHA-3 256. This is necessary to prevent session token stealing; if someone with a different IP address or User-Agent attempts to use your session token, then both the token and the session it refers to will be invalidated.

Section II - How We Collect It

Your Discord information is collected using the Discord API whenever you log in with your Discord account, and your User-Agent and public IP address are collected using the HTTP requests that your browser sends to the website.

Section III - How We Collect It

The only people who can see the data we collect are you and the system administrator. We do not sell data to advertisers. The site is hosted on Hetzner Cloud, who can in theory access it, but in practice, Hetzner is a trusted cloud-hosting company.

Privacy policies are nice and all, but they are only as strong as the staff that implements them. I have no interest in abusing others, just as I have no interest in doxing or otherwise revealing what locations people log in from. Nor have I any interest in being worshipped as some kind of programmer-god messiah. I am impervious to such corrupting ambitions.

Section IV - How We Collect It

We protect your data by a combination of requiring TLS-secured HTTP connections, and keeping the database's port only open on 127.0.0.1, i.e. no one outside the server's local machine can even connect to the database, much less access the data stored inside of it.

We protect your Discord account by going through the entire OAuth2 flow every time you log in. Access tokens and refresh tokens are simply not stored; refresh tokens are not used at all, and access tokens are discarded the moment your Discord account's identity is verified.

We protect your GitGud account the same way: by not storing access tokens or refresh tokens.

Section V - Amendment Process

Starship Fights II will notify users when amendments to the Privacy Policy will impact their usage of the Game or the Website. Users will be notified via the #announcements channel of the Official Starship Fights II Discord server.

Section VI - Amendments

November 18th, 2023

Acknowledge addition of GitGud authentication

November 7th, 2023

Switch to peppered hashes of e-mail addresses

November 5th, 2023

Initial writing