<meta charset="utf-8">
<meta name=viewport content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/css/main.css" type="text/css">
+ <link rel=apple-touch-icon sizes=256x256 href=favicon_256.png>
+ <link rel=icon sizes="16x16 32x32 48x48" href=favicon.ico>
+ <link rel=icon sizes=128x128 href=favicon_128.png>
+ <link rel=icon sizes=192x192 href=favicon_192.png>
+ <link rel=icon sizes=256x256 href=favicon_256.png>
<title>Privacy Policy ~ Yukkuri Games</title>
</head>
<body>
We don't use cookies or anything like cookies to track you.
</p>
<p>
- We use <em>extremely</em> short-lived cookies to prevent
- request forgery. These don't contain any identifying
- information and they self-destruct after a few seconds.
+ We use cookies to prevent request forgery. These don't contain
+ any identifying information. These <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies">double-submit cookies</a>,
+ are random cookies that reset each time you visit the page.
+ This prevents another site from tricking you into submitting
+ data to our site, because they can't read the random value in
+ the cookie.
</p>
<p>
- For long-term data we use HTML5
+ For long-term data storage we use HTML5
<a href="http://diveintohtml5.info/storage.html">localStorage</a>
and other similar <em>client-side storage</em>. This gives you
- the benefits of cookies, plus your data is never sent to the
+ the benefits of cookies, but your data is never sent to the
server, so there's nothing to secure.
</p>
<h3>Security</h3>
<p>
- We don't track any user data via this site, so we have no
+ We don't track any personal data via this site, so we have no
special databases to secure.
</p>
<p>
- If you are concerned about your connection being intercepted
- by someone else, <a href="https://yukkurigames.com/">we offer
- HTTPS for our main domain</a>. We would like to offer it
- for more, but the CA racket means we can't afford it.
- In the future we hope CAs are replaced by something like
+ Our primary site, which you are reading now, is served
+ exclusively via HTTPS. We would like to offer HTTPS for all
+ our subdomains, but the CA racket means we can't afford it. In
+ the future we hope CAs are replaced by something like
<a href="http://convergence.io/">Convergence</a> so cheap
security is available for everyone, but right now it doesn't
work reliably.
<h2>Changes</h2>
<p>
We may update this Privacy Policy from time to time. Since
- this document is <a href="http://git.yukkurigames.com/yukkurigames.com.git">stored in our site's Git repository</a>, you can easily track these changes.
+ this document is <a href="http://git.yukkurigames.com/?p=yukkurigames.com.git;a=history;f=privacy.html">stored in our site's Git repository</a>, you can easily track these changes.
</p>
</main>
</body>