Rather than a policy about how we're going to protect the data we gather about you, we've got a simpler plan: We'll try as hard as we can to not gather data about you. We'd also like to help you defuse and poison other tracking services.
We log HTTP requests in order to help maintain our site - fix broken links, block spammers, and so on. These logs look like
188.8.131.52 - - [03/Sep/2014:13:45:06 +0000] "GET /heroik/heroik.html HTTP/1.1" 200 1616 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:32.0) Gecko/20100101 Firefox/32.0"
They contain your IP, the URL you visited, when you visited
it, what browser you were using, and (sometimes) where you
came from. Your browser sends this to every site you visit. If
you think it's too much information, most browsers have some
way to send less - for example, in Firefox you can
false and install User Agent Switcher.
We host our own email service. Email sent to yukkurigames.com does not go through GMail on our end.
We use extremely short-lived cookies to prevent request forgery. These don't contain any identifying information and they self-destruct after a few seconds.
For long-term data we use HTML5 localStorage and other similar client-side storage. This gives you the benefits of cookies, plus your data is never sent to the server, so there's nothing to secure.
We don't track any user data via this site, so we have no special databases to secure.
If you are concerned about your connection being intercepted by someone else, we offer HTTPS for our main domain. We would like to offer it for more, but the CA racket means we can't afford it. In the future we hope CAs are replaced by something like Convergence so cheap security is available for everyone, but right now it doesn't work reliably.
Because this is the web, we link to other sites. Some of our games are only available from other sites, because trading money for games requires handling at least a little personal data. We'd rather that be done by people good at doing it.
Most of these sites don't care about your privacy. Sometimes at least they'll be providing you a useful service in exchange for surveilling you, but usually they're willing to sell you out to a dozen firms via Google in exchange for a pretty bar graph.
We think it's awful, too. Sorry.
To protect yourself on these sites, we recommend you use tools to help you browse the web safely and securely. One easy and reliable one is Disconnect. PRISM Break has more suggestions, though it's unfortunately-named because this problem neither begins nor ends with the PRISM program or state surveillance.
Other Stuff We Don't Do That You Should Push Other Sites To Also Not Do
- We don't run Google Analytics or Cloudfront Analytics or Cloudflare Clicky or any of that garbage. Even if a site needs to collect data for its own operation, these services also feed that data into even larger and more troubling corporate databases.
- We don't use Google's fonts; we host them ourselves. Most Wordpress sites are helping Google track their readers and they don't even know it. At the very least, demand a cut of Google's revenue if you're going to work for them.
- We don't put stock "share" buttons on our site. Aside from being useless eyesores these buttons are used by social media companies to track you on other sites. Tools like EFF's Privacy Badger and Disconnect can help block these on other sites.