Privacy Policy for Oblit.io Effective Date: December 9, 2025 This Privacy Policy explains how this game (“the Game”) collects, uses, stores, and protects information when you play through the WebGL client, desktop version, or mobile version. By launching, accessing, or playing the Game, you agree to the practices described in this Privacy Policy. 1. Information We Collect Device Fingerprints (Non-Personal Technical Identifiers) The Auth Server automatically creates and stores a hashed device fingerprint, including: Browser user-agent Accept-language header Accept-encoding header IP address UUID generated by server or provided by client This fingerprint is used strictly for security, cheat detection, and anti-abuse rate limiting. Evidence in code: device-fingerprinting creation, identifier hash, UUID storage. Connection Logs and Security Metadata The system logs: Timestamps of connections Number of connection attempts DoS protection strikes and refusals Disconnection reasons Server-side boot and chain-of-custody logs for internal verification These logs are necessary for detecting malicious activity, verifying server integrity, and protecting all players from cheating or abuse. Gameplay Information When playing the Game, the following gameplay-related data is processed: Username (player-chosen) High scores and leaderboard positions In-game statistics such as kills, ammo, hits, shots, performance metrics Movement, position, and interaction data Aimbot/cheat validation metrics (shot accuracy calculations) This data is required for gameplay, ranking, matchmaking, and cheat prevention. WebSocket Network Data Your device sends and receives: Join/leave events Challenge/response authentication tokens Ping and latency measurements Password-rotation validation packets Gameplay action packets These packets are necessary for allowing the Game to function in real time. Client Crash Reports If your client throws an exception, the Game sends a crash report containing: The error message Stack trace This is only used to diagnose bugs and improve stability. 2. How We Use Your Information To Operate the Multiplayer Game Your data is processed to: Maintain active game sessions Validate each client for fairness and security Route your connection to the correct server instance Synchronize real-time gameplay across all players To Prevent Cheating and Abuse Security-related data is used to identify and prevent: Aimbot and abnormal accuracy behavior Message-spamming / DoS attacks Protocol violations Unauthorized client modifications Server attacks or tampering Cheat-detection examples include HMAC validation, rate-limit checks, accuracy thresholds, and challenge-response verification. To Maintain Leaderboards Usernames and score data are stored to maintain global rankings. To Protect Server Infrastructure The Auth Server may generate: Administrative alerts Unlock-code notifications Security warnings Chain-of-custody validation reports These ensure the server has not been tampered with and operates in a trusted state. 3. Information We Do Not Collect The Game does NOT collect: Real names Emails Phone numbers Payment information Location/GPS Contacts Photos, microphone, or camera data Any personal information unrelated to gameplay The Game collects technical identifiers only, never personal identity data. 4. Data Sharing The Game does not sell, share, or transfer any collected data to third parties. Data is shared only internally between: The Auth Server The Game Server instances The client device This internal communication is required strictly for gameplay and security. 5. Children’s Privacy The Game does not knowingly collect personal information from children. Users may select any username, but no age-specific data is collected. If you believe data was collected from a minor inappropriately, contact support and it will be removed. 6. Security Measures The Game employs multiple layers of security, including: Challenge/Response HMAC authentication Per-connection passwords and rotating client passwords UUID-bound fingerprinting Anti-cheat validation DoS rate limiting Server boot-integrity checks Strict protocol enforcement These systems are built directly into the Game Server, Auth Server, and client networking logic. 7. User Rights Since the Game does not collect personal identity information, traditional “personal data rights” (such as deletion of personal identity) generally do not apply. However, you may request: Removal of your leaderboard score Removal of your device fingerprint Reset of your UUID 9. Changes and Severability We may update these Terms; check periodically. If any provision is invalid or contradicts something, the remainder remains enforceable. 10. Contact Us You can contact us at Oblit.io/contact By playing Oblit.io, you acknowledge reading, understanding and agreeing to this policy. Thanks for playing! Copyright © 2025 Zyausi. Oblit.io™. All rights reserved.