From 261d2e28790305bc833e3867e20ebc234156eed4 Mon Sep 17 00:00:00 2001
From: Jesusaves <cpntb1@ymail.com>
Date: Wed, 19 Jan 2022 23:07:14 +0000
Subject: This is our new Privacy Policy

---
 policies/privacy-policy.md | 278 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 275 insertions(+), 3 deletions(-)

diff --git a/policies/privacy-policy.md b/policies/privacy-policy.md
index fdfb9cd..98d146c 100644
--- a/policies/privacy-policy.md
+++ b/policies/privacy-policy.md
@@ -3,10 +3,282 @@ name: Privacy Policy
 description: How we handle your data
 aliases: [privacy]
 
-ignore: yes # not ready for publication yet
-
 autoupdate:
   wiki: The_Mana_World:Privacy_Policy
 ---
 
-TO-DO
+# Privacy Policy
+
+This is the general Privacy Policy for The Mana World Project ("we", "us"), along
+all its services, including websites, forums, wikis, repositories and game servers,
+Containing information regarding the types of information that is collected and
+recorded by us. If you have additional questions or require more information about
+our Privacy Policy, do not hesitate to contact us at legal@themanaworld.org
+
+This Privacy Policy does not extend to third party services we may host, such as
+guild websites; please refer to their privacy policies instead.
+
+## Consent
+
+By using any of our services, you hereby consent to our Privacy Policy and agree
+to its terms. By doing so, you become a "User".
+
+## Information that we collect
+
+Our services may collect standard traffic information in log files, such as your
+Internet Protocol (IP) address, browser or client type, Internet Service Provider
+(ISP), date and time stamp, and requested resource/page; both in order to prevent
+our services from Denial of Service (DoS) attacks, to find and prevent fraud, to
+analyze trends, and to better administer and maintain our services.
+
+Some of our services which are used in conjunction with other service, such as IRC
+Bots used in conjunction with IRC, or game bots used in conjunction with the game,
+may further log timestamps for the last sighting of nicknames or hold private
+messages for users. Typically, these will be using the same permission scopes
+which a normal user of the IRC Network and/or game would have access to.
+Typically, these sub-services do not enjoy any additional data collection
+privileges apart from being optionally exempt from some anti-flooding policies and
+being under our direct control in case of the need for assistance regarding their
+usage.
+
+Our services typically offer the users "accounts", which any natural person may
+register provided the user's consent and acceptance of this Privacy Policy and
+our terms of use.
+
+Do note that some services like repositories, wikis and forums may collect data
+subject to irrevocable license terms, such as the GNU General Public License
+version 2 or later. This Privacy Policy does not supersede nor prevail over the
+license terms, except when required by law.
+
+### Information that TMW Forums collect
+
+To create an account, you need to provide a username, email, and password
+(which will be stored in a hashed form). The forum uses standard TLS to protect
+your information from Man In The Middle (MITM) attacks, and implements Perfect
+Forward Secrecy to protect past sessions against private key compromises.
+
+Creating an account will prompt the creation of defaults and storing of further
+personal data automatically, such as registration date and IP, logs on the actions
+performed within the forums, language, forum theme, timezone, date format, posting
+preferences, display options and team memberships. They are stored to provide you
+functionality, to improve and personalize user experience, to communicate
+with you, and to find and prevent abuse.
+
+When registering or posting to our forums, we may share your username, email and/or
+IP address with privacy-respecting third-parties in order to protect our website
+from spambots, such as Spamhaus or Stop Forum Spam. By registering, you consent to
+this sharing. The services we use may change at any time and without prior notice.
+However, you may request this information from us at any time you desire.
+
+You may optionally provide profile data such as contact information, birthday, avatars,
+signature or attachments to be shared with the public.
+
+The accounts created for the forums will be kept until termination, as defined by
+the Terms of Service. Personal data may be deleted upon request, however forum
+posts will be anonymized or pseudo-anonymized. Logs may be kept to assist us in
+protecting other users from abusive behavior.
+
+If you sign up for a The Mana World Team membership, do note that a different agreement may apply
+to you.
+
+### Information that TMW Wiki collects
+
+The wiki does not allow edits from unregistered users. To create an account, you
+need to provide a username, email and password which will be stored in a hashed
+form, and it will automatically log the IP and timestamp of the registration.
+Optionally, you may also provide your real name for attribution purposes.
+
+You are also required to provide a biography of at least 200 characters, which is
+public. The account creation is a manual process and will have manual review.
+
+You may request by email to have your account terminated and the personal data
+removed, which will also prompt anonymization or pseudo-anonymization of your username.
+
+When contributing, you grant us a special license described at the footer of the
+wiki website, or at the submission form. This license will cover the entirety of
+your contribution, including edit messages, and shall take precedence and priority
+over this Privacy Policy and the rights connected to it. The biography field is
+also subject to this special license.
+
+Several actions on the wiki are logged and these logs are often kept public. You
+can see which logs are enabled in the Special pages. Several actions require a
+special team membership or wiki authority, which may be subject to a different
+policy.
+
+### Information that TMW Vault collects
+
+The Mana World Vault collects registration date, IP, email, a hashed password, any
+two factor authentication (2FA) secret, credentials for game accounts, ban state,
+settings and variables from multiple worlds, to provide functionality to you.
+
+In this context, a world is a game server, but it may have unique characteristics.
+
+TMW Vault allows you to connect to worlds which may or may not be controlled by
+The Mana World Team. If you decide to use TMW Vault to connect to a world, it will
+share the variables scope and your Vault ID, but it will not share your email,
+password, or 2FA secret.
+
+Requesting termination of your Vault account implies the termination of all
+connected sub-accounts and their related data. To avoid termination of a
+sub-account, you may disconnect it from your Vault account prior to requesting
+termination of your Vault account.
+
+The data collected by TMW Vault is strictly used to identify, contact, or provide
+authentication functionality for you.
+
+### Information that our git repositories collect
+
+The git repositories have their own privacy policies and terms of use. When
+contributing to a The Mana World repository, you may be asked for your nickname
+and/or a legal name for attribution. This attribution will be added to the git
+history and cannot be removed. Rectification may be possible via the “.mailmap” file,
+however, different git implementations may ignore this file, in which case the
+data cannot be rectified.
+
+Therefore, please be mindful on how you want to be attributed for git
+contributions as it is a mostly irreversible process.
+
+### Information that our IRC Bot collects
+
+Our IRC bot uses Limnoria. You may create accounts with it, which will collect
+usernames, passwords, hostmasks and settings. It provide its own controls for the
+personal data it collects, which should be available at
+[Limnoria's documentation](https://docs.limnoria.net/use/plugins/User.html).
+
+You do not need to create an account in order to use Limnoria. The data it
+collects, such as messages sent to it, serve to prevent abuse and to protect
+other users from misusing the bot.
+
+Do note that anyone can bring an IRC bot to our channels, and we may, but are not required to
+keep track of these bots in our channels.
+
+All bots are subject to our rules and regulations.
+
+### Information our Game bots collects
+
+Any user may write a game bot and connect it to our game. Said bot may collect
+public data to provide its own functionality. We may, but are not required to
+keep track of these bots.
+
+Our game bots may collect public information shared with clients like your
+nickname, and the time you were online (via access list protocol). They may also
+collect other data to provide functionality, such as access lists and sales.
+
+All bots are subject to our rules and regulations.
+
+### Information our game servers collect
+
+Our game servers collect character data, like inventory, quest data, level,
+experience, creation date, number of deaths, skill usage, and several others to
+provide functionality. Character data is bound to the account and will be deleted
+when the account is terminated.
+
+Do note our servers share your online activity with others, and you cannot opt-out from
+this. While Game Masters may be able to disguise their online activity, this is only acceptable for moderation purposes and not for regular gameplay as it would
+compromise the functionality of the game.
+
+Our servers may also optionally collect character information such as gender, partner (if married), party, guild, clan,
+birthday, pincode, pets, homunculus, character names, and other data, also to
+provide functionality to regular gameplay.
+
+To create an account, you may use TMW Vault or register directly in a supported
+game client. Direct registration may lead your personal data being saved without
+the use of modern encryption or security measures, therefore, it is strongly
+advised to use the vault instead. Accounts created with the vault use a token
+instead of a password to communicate with the game server, which provide better
+protection given its one-time nature. Do note most communications with the game
+server happen over plain Transmission Control Protocol (TCP), which isn't
+encrypted in transit.
+
+Additionally, the game servers may or may not log the chat, which is deleted within
+a week, and the game servers also log other actions such as trade logs for a few
+months. Other logs, such as authentication logs, are kept for longer.
+
+Do note that game staff is subject to a different agreement than this privacy
+policy, as most administrative or moderation actions are logged and made available
+for the public.
+
+Non Evol2-based servers do not support token-based authentication, and cannot
+be used with TMW Vault as a consequence.
+
+## Public Data and User Generated Content (UGC)
+
+Information shared in a public manner may be collected by individuals not
+affiliated with The Mana World Team, including bots. This includes User Generated
+Content (UGC), which is available in most of our services and subject to
+moderation.
+
+Our responsibility limits to the scope of the services we provide. It does not
+extend to individuals including bots which may have harvested the publicly available
+data, such as the Internet Archive or our bots.
+
+## Cookies
+
+Cookies are small files that a site or its service provider transfers to your
+computer's hard drive through your Web browser (if you allow) that enables the
+sites or service provider’s systems to recognize your browser and capture and
+remember certain information.
+
+We use cookies to understand and save your preferences for future visits, such as
+to keep you logged in.
+
+If you prefer, you can choose to have your computer warn you each time a cookie
+is being sent, or you can choose to turn off all cookies via your browser
+settings. Like most websites, if you turn your cookies off, some of our services
+may not function properly.
+
+## Your rights
+
+You have the right to request copies of your personal data.
+You have the right to request that we correct any information you believe is
+inaccurate, if your request is deemed reasonable.
+You have the right to request that we complete the information you believe
+is incomplete.
+You have the right to request that we erase your personal data, under certain
+conditions.
+You have the right to request that we restrict the processing of your personal 
+data, under certain conditions.
+You have the right to object to our processing of your personal data, under
+certain conditions.
+You have the right to request that we transfer the data that we have collected to
+another organization, or directly to you, under certain conditions.
+
+To exercise any of these rights, you may need to prove account ownership.
+Account ownership is defined by the ownership of the email associated to it.
+Therefore, you must email data@themanaworld.org to exercise your rights when
+they're not made available on the public interfaces.
+
+Should you lose access to your email account, we will be rendered unable to confirm
+your identity and therefore, unable to provide you your rights.
+
+We will aim to respond to your data requests within one month.
+
+## Children's Information
+
+The Mana World services does not knowingly collect any Personal Identifiable
+Information from children under the age of 13, nor provides service to them
+without parental guidance, supervision or authorization.
+
+If you think that your child provided this kind of information on our website, we
+strongly encourage you to contact us immediately at data@themanaworld.org and we
+will do our best efforts to promptly remove such information from our records.
+ 
+## Changes to this policy
+
+We may change this policy at any time and for any reason. A notice in game, on the
+forums and on IRC will be given every time there is a modification.
+
+## Contacting Us
+
+For legal inquiries, such as pertaining to this Privacy Policy, please use
+legal@themanaworld.org
+
+When otherwise unavailable in the user interface, you may contact us at
+data@themanaworld.org
+to request a copy or the removal of your personal data, to exercise your right to
+be forgotten, or to make requests under the GDPR act.
+
+This Privacy Policy does not supersede the [Terms of Use](/tos) and is subject to
+it.
+
+Do note that we do not provide legal advice.
-- 
cgit v1.2.3-60-g2f50