Privacy Policy

Your Data

cesoid.com

cesoid.com servers automatically log:

  • IP addresses (the internet equivalent to a "return address")
  • HTTP requests (e.g., the page you're asking for and some of what you submit in a form)
  • Probably some other things (honestly, pretty much all machines log data, so I don't know about all of it)

This is what it logged about me when I visited just now (with the IP address and request_id changed, just in case):

2021-04-18T15:11:07.941365+00:00 heroku[router]: at=info method=GET path="/2048/supermerging?theme=original" host=www.cesoid.com request_id=9c9463ef-73f0-7684-90f0-f0e86afc84af fwd="0.0.0.0" dyno=web.1 connect=0ms service=334ms status=200 bytes=21615 protocol=https
2021-04-18T15:11:07.886378+00:00 app[web.1]: I, [2021-04-18T15:11:07.886259 #4]  INFO -- : [9c9463ef-73f0-7684-90f0-f0e86afc84af]   Rendered comments/_comment.haml (23.2ms)
2021-04-18T15:11:07.912663+00:00 app[web.1]: D, [2021-04-18T15:11:07.912518 #4] DEBUG -- : [9c9463ef-73f0-7684-90f0-f0e86afc84af]    (17.5ms)  SELECT COUNT(*) FROM (SELECT  1 AS one FROM "comments" WHERE "comments"."discussion_slug" = $1 ORDER BY "comments"."created_at" DESC LIMIT $2) subquery_for_count  [["discussion_slug", "2048"], ["LIMIT", 4]]

You can see that most (or all) of this data is boring. It is also automatically deleted eventually, but I might keep some of it for debugging for a bit longer.

cesoid.com intentionally stores things when you do certain things that obviously require this to happen:

  • Submitting a comment makes it store the comment, and if you provide an email address with the comment, the comment is connected with that address.

This data sticks around indefinitely, but I can remove it if you ask me to, by sending me an email at support@cesoid.com.

cesoid.com cannot possibly be storing certain things like names or street addresses unless you intentionally send those things (such as by putting them into a comment ... please don't put your address into a comment). Your computer doesn't send those things automatically, and, oddly enough, might not even know those things.

Google Analytics

Google Analytics has a privacy policy that is a part of Google's overall (very long) privacy policy.

Google Analytics assigns a random sequence of letters and numbers to each browser, which looks kind of like this:

f81a953c355531cde2ed553319311428

It encrypts this, and probably some other things, and sends them to your computer. Your computer sends this back each time a page is loaded and after some other actions such as when clicking certain buttons.

By doing this, Google Analytics can keep track of which actions came from the same browser, even if it doesn't know who is using that browser.

We (at cesoid.com) can see individual paths that were taken at our website, with these paths tied to things like browser window sizes, operating system, and (often inaccurately) the city where the browser is communicating from. This isn't tied to your IP address, and it doesn't include Google Analytics information from other websites.

Most of the time, we just use this to see a bigger picture, such as how many people visited a particular page today.

Google Sign-In

Google Sign-In should also have privacy information in the same privacy policy as Google Analytics, which is here.

Google Sign-In only pertains to people who choose to use Google to create and login to an account here.

Google Sign-In only gives us a little bit of information, including the primary email associated with your Google account (if you have one) and an id like this:

123456789012345

We won't send you any email unless you ask us to, or if we are obligated to for some legal reason or because you'll be adversely affected if we don't. The only purpose of the email address is to prevent people from creating a separate email-based login account. A lot of people do this by accident because they forget whether they used Google Sign-In to login. They also might do it to try to make another account after they do something they shouldn't have and their account gets disabled. If you do use a Google Sign-In with an email address that already exists as an email login, you will just be logged in to that same account, regardless of which method you use.

The id that Google Sign-In gives us is "sort of" publicly available. In other words, you might be able to find someone's Google account id if you have their email address, but it probably doesn't matter because you already have their email address, and Google doesn't let two accounts use the same verified email address. We don't share your id with anyone. The only purpose it serves for us is to know which cesoid.com account you are logging into by matching it up to the id that was given to us the last time you logged in using Google.

Facebook Login

If you want to delete data related to your Facebook Login, follow instructions in How to delete your data

This only applies to people who use Facebook Login to create or login to an account here.

We will NOT post anything on Facebook for you, or change anything in your profile unless we, as clearly as we can, ask for your permission to do this, and we currently do not ask for your permission to do this anywhere, because we currently don't have any features for currently doing these things. I personally have, in the past, had apps add to my timeline without me realizing that they were going to do it, and was very unhappy about it, so, I'm on your side here.

Facebook gives us an email address (if you have one associated with your account), and an id specifically limited to cesoid.com. This may enable us to get a publicly available profile picture if you have one, but we haven't tried this yet. If we do have access to such a picture, we may display it to you while you're logged in so that you realize which Facebook account you're logged into. Currently, there is no way for users to see which Facebook accounts were used for anything, or even whether a given Facebook account was used to login to cesoid.com, but if we do make this possible in the future we will ask you whether you want yourself to be visible and warn you if your profile picture will be shown.

We will not send you any email unless you ask us to, or if we are obligated to for some legal reason or because you'll be adversely affected if we don't. We respect that the purpose of a Facebook login isn't to give us the ability to email you, but to create an account on cesoid.com. As is currently described above for the Google Sign-In, the purpose of the email address is to prevent people from creating a separate email-based login account. A lot of people do this by accident because they forget whether they used Facebook to login. They also might do it to try to make another account after they do something they shouldn't have and their account gets disabled. If you do use a Facebook with an email address that already exists as an email login, you will just be logged in to that same account, regardless of which method you use.

The id that Facebook gives us is particular to cesoid.com. For this reason, it couldn't be used to connect your identity to a login at some other site. The only purpose it serves for us is to know which cesoid.com account you are logging into by matching it up to the id that was given to us the last time you logged in using Facebook.

Adinplay and advertisers

Privacy Settings NOTE: This link isn't working for me and might only work for people in an area that requires GDPR compliance. The code is made and maintained by AdinPlay so I have no idea what's going on and I don't think I can predict it or change it.

Adinplay has its own privacy policy, which contains a list of "Ad technology providers" and links to their privacy policies.

We allow them and their providers to interact with your computer when you visit cesoid.com, which means they can give you cookies and read them, but cesoid.com cannot see these cookies, because the communication occurs directly between your computer and their servers. Because some of these providers are used by many websites, they may be able to connect interactions from different sites. This is why ads are often influenced by your other activity on other sites. cesoid.com does not have access to any of this information.

Deleting Your Data

Send an email to support@cesoid.com with the subject "Delete my data", and include one of the following ways for us to find your data:

  • If you want to delete an account, the easiest way is to give us an email address associated with the account (just in case it is not the same as the one you're sending from).
  • For accounts that have no associated email address, such as some accounts created by Facebook Login, you may need to give us the url of a theme or something else associated with the account, and we may want to verify that it is your account by having you login to it.
  • Some data, such as comments, feedback, text included when flagging something, and some other content may not be connected to an account, and you will need to give us more information to find it.

We delete data as soon as we can, and within any timeframe required by policies or laws. Our own policy is to get back to you within 48 hours with any further information that we require to delete data and/or notify you of actions that we are taking.

What data can be deleted?

  • Data connected to a login, including:
    • Email addresses given to us by Google or Facebook when you use Google Sign-In or Facebook Login
    • Email addresses you gave us directly by creating an email based login
    • Themes you created, including images that are connected to those themes
  • Comments, feedback, and other text that you posted on the site, if you can give us enough information to find it.
  • Personal data that is publicly visible but should not be, regardless of whether it is your data, such as an email address or phone number in a comment, or photos of people who are otherwise not publicly visible. (In other words, if you tell us about data that shouldn't be there at all you don't have to show that it is yours.)

We may want to make sure you are not deleting someone else's account, but we will err on the side of caution by doing some things without that verification. For example, images of a nonfamous person might be considered sensitive enough to delete without verification. A theme that has no sensitive data might be removed from public visibility but deleted only after verification.

What cannot be deleted?

  • Data associated with abuse of the site when it is necessary to prevent further abuse of the site, such as email addresses, or IDs from third party logins that could be used to create new accounts by banned users. Any such data will be made unavailable to the public. It may also be encrypted using one-way encryption so that it would be difficult to decode, but possible to match by using the same encryption and comparing the two.
  • Account data stored by Google, Facebook, or other third parties on their servers, such as profile pictures, names, or email addresses (we can only delete our copy of any data, if it exists)
  • Data stored by other third parties such as Adinplay, or advertisers, which includes interactions with their ads, and cookies that they have given to your browser
  • Data that we can't find because it is not connected to an account and you can't give us enough details to find it, which could happen with comments, feedback, or text included when flagging something
  • Anonymized data, such as data stored by Google Analytics, because anonymizing data intentionally makes it difficult to connect it to a person, browser, or account
  • Corrupted data that we can't find or access because a bug or internet connection problem prevented it from being connected to an account or caused it to be too garbled to be found
  • Data your browser stored on your computer for us but that your browser won't let us delete, such as the state of games you were playing, high scores, game stats, fractal images. (Settings or other changes to your browser may prevent us from accessing or deleting data, even if your browser initially allowed us access to it.)
  • Browser cache data that is on your computer, such as images or other files that your browser downloaded from our site. (Your browser probably has a way to delete this data, but we have no control over that.)
  • Data stored on your computer by other sites, such as cookies, because almost all browser data is limited to a site's domain or a set of domains authorized by the site that gave it to your browser.
  • Any data that must be retained to protect ourselves or others, except when it is prohibited by law.

Summary

Whenever the policies above cannot be followed or don't indicate what we should do, we generally try our best to avoid knowing or allowing others to know information that should not be known, but we also try to avoid knowing information for which we have no purpose.

Why do we avoid knowing things about you? Because there are a lot of rules, regulations, and moral implications about who should know what, and what they should do with that information, and the best way to avoid breaking those rules is to:

  • receive less information
  • store less of what is received
  • get rid of what is stored sooner
  • explain all of the above as clearly as possible

Regulations about privacy are awesome, though attempts to follow them are sometimes difficult when literally anyone on Earth can accidentally give information to you and you might not know that they did, AND you can't just ignore everything because otherwise you won't know anything about what people are doing at your website. I'm doing the best I can. I can't believe you read the end of this privacy policy.

Contact Information

At this moment this site is run by one person, and occasionally moderated by an additional person. This may change in the future. If you have any issues, including if you want me to delete some data related to your use of this site, you can email support@cesoid.com, and I will handle your email in the order it arrived, which is first and last within its own order, and at some point within the order that all of the other emails arrived.