Logo
Every Saturday at 20:00 UTC
Discord

Next jam:

Privacy

This page outlines the data which is collected and stored, how it is transmitted and stored, why it is stored and how you can control this. We're a tiny operation who fully support your ability to control your own data.

What we collect and store

  • For each user, the following user data is stored:
    • User ID (number used to identify each user internally)
    • User registration date and time
    • Username
    • User registration IP address
    • User registration User Agent (browser and operating system data)
    • Display name (set in Configuration)
    • Password validation information (salt, hashed password, number of hashing iterations)
    • Last login date and time
    • Last login IP address
    • Last login User Agent (browser and operating system data)
    • Email address (set in Configuration)
    • Twitter handle (set in Configuration)
    • Bio (set in Configuration)
    • Current role (user or administrator)
    • Last login IP address
  • For each suggested theme, the following user data is stored:
    • Submission date and time
    • IP Address and User Agent of user who suggested it
    • Username of user who suggested it
    • Theme text (user entered)
  • For each suggested theme vote, the following user data is stored:
    • Date and time when vote was cast
    • IP Address and User Agent of user who cast the vote
    • Username of user who cast the vote
    • Theme which was voted on
    • Cast vote (-1, 0, +1)
  • For each submitted game (often called an entry), the following user data is stored:
    • Date and time when the entry was submitted
    • IP Address and User Agent of user who submitted the entry
    • Title of entry (user entered)
    • Description of entry (user entered)
    • Username of user who submitted the entry
    • URLs to where the entry is hosted (user entered; Web, Windows, Linux, Mac, Android, iOS, Source and Other)
    • Screenshot image for entry (uploaded by user)
    • Entry color (selected by user)
  • For each poll vote, the following user data is stored:
    • The option which was voted for
    • The username of the user who voted
  • For each satisfaction vote, the following user data is stored:
    • Date and time when the vote was cast
    • IP Address and User Agent of user who cast the vote
    • The question identifier which was voted on (for example JAM_160 when casting a satisfaction vote for jam 160)
    • The option which was voted for
    • The username of the user who voted
  • For each user session, the following user data is stored:
    • The ID of the logged in user
    • Date and time when the session started
    • Hashed session ID

How data is transmitted and stored

All data is transmitted in plaintext. This includes passwords and session IDs. Session IDs are stored in cookies. None of this is good, but it's what we have.

All data is stored in plaintext, except passwords and session IDs. These are salted, peppered and hashed with SHA256 between 10000 and 20000 times (random number for each user). The result is stored. This same process is done again whenever a password or session ID is provided and the result is checked against the stored hashed values. As far as we're aware, this method means a breech of our database would not result in username/password combinations being obtainable through brute-forcing with current technology. Weak passwords are however easily obtainable no matter what encryption we use.

Why data is stored

  • User IDs and usernames are stored to determine which user is related to each bit of content.
  • Event dates and times, IP Addresses and User Agent information is stored to identify users in cases of abuse.
  • Usernames, password validation information, session IDs and the user's role are stored to authenticate and authorize users.
  • Email addresses, Twitter handles, Bio, Theme text, Cast vote, Entry title, Entry description, Entry URLs, Entry image, Entry color, Voted for option and any other user-entered fields are considered voluntarily entered. Removing these fields (e.g. submitting them as blank) will (unless otherwise stated upon submission) remove them from public visibility, the old versions may however remain in logs or administrator-only tools. See "How can you control your data" for more details.
  • For theme votes, poll votes and satisfaction votes, the cast votes are directly tied to the user who cast them. This is done to ensure each user can only cast one vote and to indicate to the user what they voted for. In the case of theme votes, it is so we can color the currently-voted-for option. This is also done to mittigate cases of vote abuse or to check what different groups of users voted for - for example select only what recent participants voted for. This does mean that there is enough data available to check what each user individually has voted for (themes, polls and satisfaction).

How you can control your data

If you wish to get a copy of all the data we have on you, please visit us on Discord by clicking the button in the page's header and ask for an administrator. We'll need to authenticate you first though.

If you wish us to delete the data we have, please visit us on Discord by clicking the button in the page's header and ask for an administrator. We'll need to authenticate you first though.

Validate these claims

This software is open-source. Please feel free to validate these claims by examining the code for yourself. The code is linked in the page's footer.

One Hour Game Jam is open-source, Get One Hour Game Jam software on GitHub.
Content posted to this website might be subject to Copyright, consult with content authors before use.
Established 2015