We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
🛡️ The "No-Nonsense" Privacy Notice for copi.owasp.org
Welcome to the legal side of threat modeling! We know you’re here to master Cornucopia and EoP, not to read a 50-page document written by a robot from the 90s.
Here is how we handle your data while staying compliant with the General Data Protection Regulation (GDPR).
1. What Data Do We Collect?
We keep it "lean and mean." We only care about:
- Player Names: This is whatever name you type in. It doesn't have to be your real name (and honestly, "ThreatMaster4000" sounds cooler anyway).
- Game Progress: We store the state of your game so the service actually, you know... works.
We process this data based on Art. 6(1)(b) GDPR (Performance of a Contract). We need this info to provide the essential game services you’re here for.
2. The IP Address Situation
We are not in the business of tracking your digital footprint. We do not store your IP address in our long-term database.
However, we do process it temporarily for security and "Digital Wellness" (aka: making sure you don't burn out).
3. The "30-Game Limit" (Anti-Addiction & System Safety)
We love enthusiasm, but there is such a thing as too much threat modeling. To protect our servers and your mental health, we enforce a limit of 30 games per hour.
- How it works: We monitor incoming IP requests to detect if a single household is trying to play more than 30 games in 60 minutes.
- The Consequence: If you hit that limit, we’ll hit the "pause" button for you and your housemates until the hour resets.
- The Legal Bit: This processing is based on Art. 6(1)(f) GDPR (Legitimate Interest). It keeps our service stable and prevents automated abuse.
4. Your Rights
Even though we collect very little, you still have the power. Under the GDPR, you have the right to.
- Access your data (see your player name).
- Rectify it (change your player name).
- Erase it (delete your game session).
- Object to our processing.
In order to tidy up these bits and pieces we need to know that you are you, so please provide us with the full url to your game session.
The full url to your game session is needed for being able to do the legal bits. How are we else going to know that you are the infamous "ThreatMaster4000" if you don't have anyway of proving it? We don't want to mistake you for the other "ThreatMaster4000" that's a fake!
We don't keep your names forever. Once the game is over and the session expires, your data heads to the digital afterlife.
5. Questions?
If you have concerns about how your "ThreatMaster4000" persona is being handled, feel free to reach out to the OWASP project.