Privacy Policy
How we collect, use, and protect your information.
Overview
This privacy policy explains what data we collect when you use our website and game servers, and how that data is handled. We are a community-run project, not a corporation -- we keep things simple and only collect what we need to run the site.
Steam Authentication
When you log in through Steam, we receive the following information from your public Steam profile:
- • Steam ID -- Your unique Steam identifier, used to identify your account.
- • Display Name -- Your public Steam username, shown on your profile.
- • Avatar -- Your Steam profile picture, used as your avatar on the site.
We do not have access to your Steam password, email address, purchase history, or friends list. Authentication is handled entirely through Steam's official OpenID system.
Game Data Collection
When you play on our tracked Arma Reforger servers, we automatically collect gameplay data including:
- • Player kills, deaths, and combat statistics
- • Connection times and play sessions
- • XP gains, base captures, and other in-game events
- • In-game chat messages
- • Your in-game player name and UUID
This data is used for leaderboards, player profiles, anti-cheat monitoring, and server administration. It is collected automatically when you connect to our servers.
Two-Factor Authentication
If you choose to enable two-factor authentication (2FA), we store the following additional data:
- • TOTP Secret -- An encrypted secret key used to generate time-based one-time passwords. This is stored encrypted at rest and is never exposed in plain text.
- • Recovery Codes -- A set of encrypted single-use backup codes for account recovery. These are stored encrypted and each code is deleted after use.
- • Activation Timestamp -- When 2FA was enabled on your account.
2FA is entirely optional and user-initiated. When you disable 2FA, all related data (secret key, recovery codes, and timestamp) is immediately and permanently deleted from our database. We also log 2FA events (enabled, disabled, recovery codes regenerated) in our audit log for security purposes.
Data Storage & Security
Your data is stored on our servers and backed up regularly. We use standard security practices to protect your information, including:
- • Encrypted connections (HTTPS) for all traffic
- • Passwords hashed using industry-standard algorithms
- • Sensitive data (such as 2FA secrets and recovery codes) encrypted at rest
- • Security-relevant actions logged in an audit trail
We do not sell, trade, or share your personal data with third parties.
Your Rights
Under applicable privacy laws (including the EU General Data Protection Regulation and US state privacy laws such as the CCPA), you have the following rights:
- • Right to access -- You can view your personal data through your profile and settings pages at any time.
- • Right to rectification -- You can update your linked accounts and profile settings at any time.
- • Right to erasure -- You can request deletion of your account and all associated data by contacting an admin on Discord.
- • Right to restrict processing -- You can set your profile to private to limit how your data is displayed.
- • Right to data portability -- You can request a copy of your personal data by contacting an admin.
- • Right to opt out of sale -- We do not sell your personal data. Period.
Data Removal
If you would like your account and associated data removed, please contact a server admin on Discord. We will delete your account information upon request. Note that anonymized game statistics (such as aggregate server stats) may be retained.
Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date below. Continued use of the site after changes constitutes acceptance of the updated policy.