Table of contents
Code::Stats stores user data to provide its services. This document describes the data storage and usage policies.
Name and contact details of the personal data register holder
- Mikko Ahlroth
- Email address
- mikko.ahlroth ⓐⓣ gmail.com
Inquiries about the register and the data contained should be directed to the above addresses.
Name of the register
Code::Stats (later "the service") user database.
Location of the register
The user database is stored on a cloud server hosted by Hetzner Online GmbH in Finland.
The purpose of data collection
Data is collected about the users of the service to enable and improve the service's functionality. User data is not used for any other purpose.
Data contained in the register
The service collects the following personal data from the users:
- Username and password for authentication purposes. Stored as long as the user does not delete their account.
- Email address (optional) for notifying the user about important announcements related to the service and for account recovery in the case of a lost password. Stored as long as user doesn't delete their account or remove the email in preferences.
- IP addresses and browser user agent strings from both authenticated and unauthenticated users are stored in the server request logs for 4 weeks. They are used for statistical purposes and abuse prevention.
All data is provided by the user and their client software. No data is collected from other sources.
Sharing of data with 3rd parties
Data is never shared with 3rd parties, except in the following cases:
- to send an email to a user from the service (the email address and the contents of the email must be transferred to the email delivery service),
- to store backups with a backup storage provider described later in this document, or
- to comply with an official, legal, written order from the Finnish authorities to release customer data (so far this has not happened).
Transfer of data to outside the EU or ETA
Data will not be moved outside the EU or ETA, except in the following cases:
- to send an email to a user from the service (the email address and the contents of the email must be transferred to the email delivery service).
Security of the register
Logins and communication with the server are secured with SSH. On the server, the database is protected by a further login known to only the register holder. Passwords in the database are hashed using Bcrypt with a randomized salt to prevent their decryption in case of a data breach. If a strong password is used, it cannot be feasibly decrypted.
Physical security of the server in the datacenter is managed by Hetzner Online GmbH.
Register data requests
All users of the register have a right to get a copy of the data stored about them. To get a copy, use the data export feature in the preferences page when logged into your account. If you are not logged in, send a free form written request to the data register holder described above.
Deletion of data and stopping of data processing
If you wish to delete all your personal data from the register, use the account deletion feature in the preferences page. Your data will be deleted from the database immediately, and from any backups within 5 weeks.
When you delete your account, your data is no longer processed by the service, except for the IP addresses and user agent strings collected in the server logs as mentioned earlier, and any unscrubbed analytics data as noted below.
Note about backups
The service's filesystem is backed up daily. The backups are created and stored by Hetzner. Backups older than a week are automatically deleted.
Note about analytics
The service uses Tilastokeskus to store simple analytics data about its users. The data is stored on the same server and is not transferred to any outside party.
The stored data includes the following:
- IP address (for abuse prevention)
- Autogenerated session ID (stored in cookie, lasts for 15 minutes after last request)
- User-Agent header sent by browser
- Request URL
- Referer header sent by browser
- Screen resolution
- Timezone offset from UTC
- City and country based on GeoIP data
After 90 days, stored requests in the analytics data will be scrubbed to remove private information. This removes the IP address, full User-Agent header, and city from the data.
If you wish to prevent the storage of your request information in the analytics data, use an extension such as uBlock Origin to block requests to
/tilastokeskus/* on this website.
Note about advertisements
The service may contain advertisements. These advertisements are handled by 3rd party advertisement providers. The advertisement providers may use the advertisements to collect certain information about the user. This collection of data and the behaviour of the advertisement providers are not under direct control of the service. If you suspect abuse from an advertisement provider, please contact the service administrators for assistance.
Advertisement providers are never given access to the data register itself.
Note about email
Emails from the service are sent using Mailgun by Rackspace Inc, a US based company. This means user details contained in the emails (such as the user's email address) are sent to the email service as a necessary part of the email delivery process. If you do not wish to have your email address sent to either of these services, you can remove your email address in the preferences.
For more information, please see Mailgun's GDPR page.
Terms of service #
Code::Stats (later "the service") is a free service. Using it is a privilege, not a right. There is no SLA promised or implied.
The rules of using the service:
- Don't hammer or attempt to DoS the API or the server or you will be banned.
- Don't try to insert fake XP for yourself through the API.
- Don't be mean to other people.
- Do check the source code of the service and the plugins and suggest improvements.
- Have fun.