Switch to Reading Mode

Site Policies: Privacy Policy

Revised: November 18, 2023 15:23:38 • By Natasha L. • 1435 words
Last update: Added information about Second Life systems/API interactions and bots on 18 November 2023.

Scripts and static content for this site are served from the domain cdn.fur.vc. This domain is solely owned and operated by Lupinia Studios, so it is also held to this same privacy policy.

The underlying application code powering this site is entirely open-source, and may be reviewed on GitHub.

General Browsing Information Collected

When you browse through any website, information about your visit can be collected. I automatically collect and temporarily store the following information:

  • Your IP address;
  • The date and time of your visit;
  • The pages you visited;
  • The address of the website you came from when you came to visit (if you have referrer information turned on); and
  • The type of browser used to view the site.

I use analytical software to process this log information (locally installed and privately maintained), but it's never shared with or sent to third parties under any circumstances, not even for my own analysis. This log data contains no personally-identifiable information (PII); browser data can potentially be identifying, but I have no interest in doing this, I'm only interested in statistical information to improve the site. So, I welcome anyone to anonymize any or all of their browser information; it's helpful for me to know what browser you're using, what language(s) you read/speak, and the date/time of your visit, but you are under no obligation to provide this information, so please use whatever proxies/anonymization measures you feel are necessary. For more information about browser fingerprinting, and to see what information your browser transmits when browsing, go to https://panopticlick.eff.org/.

Cookies

This site does not use any third-party tracking cookies or statistic systems whatsoever. No Google Analytics, no Sitemeter, nothing.

Session cookies are used to enhance various features, but most of the site will work fine without them, so they can be disabled in your browser unless you're a registered user attempting to log in, or attempting to view mature content (see the Personally-Provided Information section below). As of the last revision to this document, there are no persistent cookies currently in use.

Javascript

For various reasons, including personal preference and engineering experience, this site makes minimal use of Javascript. And in areas where scripting is required, all functionality will gracefully function without Javascript enabled. So, if you choose to disable Javascript for privacy/security reasons, everything should function correctly (and if it doesn't, please let me know). In fact, I encourage all internet users to disable Javascript by default on all sites they visit, for privacy and security reasons.

If you do want to enable Javascript-related functionality, allow scripts for cdn.fur.vc and mapbox.com in addition to the domain you used to access this site. No other Javascript domains should be necessary for this site.

Mapbox

All embedded maps use Mapbox, and they're completely Javascript-based. To enable them, allow Javascript for mapbox.com. As far as I can tell, there are no cookies placed by the scripts I used to embed their code, but if you encounter them, please let me know. You can find Mapbox's privacy policy at https://www.mapbox.com/privacy/.

Personally-Provided Information

You don't have to provide any information to use this site, but there are a few areas that invite you to do so. Any information you provide through these methods will be carefully guarded, and not shared with any third parties.

User Accounts

User accounts may be created, using only as much information as you supply. A valid email address is required to activate your account, but it is absolutely never shared with third parties for any reason, nor is it used for anything other than account maintenance and account-related communications. Please note that logging in to your account requires session cookies - this is an inescapable limitation of all internet architecture.

Birthdate

The mature content filter for non-logged-in users requires a valid birthdate to ensure that visitors are over age 18 when viewing mature content. This is not stored in any way, once it is processed by the filter script, and it cannot be retrieved by third parties in any way.

For users with user accounts, entering your birthdate into the form will set a True/False flag in the database indicating whether you were over age 18 when you provided that data, along with the date/time when you submitted the form (for validation purposes), but the birthdate you enter will not be stored.

For anonymous users, entering your birthdate into the form will set a session variable for 48 hours indicating whether you are over age 18. The underlying code for this form can be found here. Please note that this functionality will not work without session cookies - this is an inescapable limitation of all internet architecture.

Contact Form

The contact form is only used to send an email to me. A valid email address is required in order to receive a response. Upon successfully sending a message through the form, your IP address and user agent will be recorded in a temporary caching system for up to 24 hours, as a spam/abuse reduction measure - it will not be stored, recorded, or used in any way beyond that time, and I have no means of retrieving it once the "cool down" time has passed. This information is never shared with third parties.

If I determine a message sent through this contact form to be spam, I will add certain keywords from the message to a database on this site. Future messages sent through the contact form will be checked against this list, and if a match is found, the sender's email address, IP address, and user agent will be recorded permanently, in order to block that sender from future access to the site. I maintain this spam keyword list manually, and I prioritize avoiding false positives when selecting keywords to add to the list, but if you feel I've made a mistake, please open a support issue and I'll review your request. I reserve the right to share this information (spam keywords, spam sender addresses, and spammer IP addresses/user agents) with security researchers of my choosing, for academic purposes or for the development of defensive technologies.

The underlying code for the contact form can be found here.


Second Life Systems

In addition to browsing this website directly, some scripted systems within Second Life interact with this site indirectly, via the use of various web APIs running on this server. At a minimum, these systems may record and store additional information beyond what's described above, including:

  • Second Life legacy usernames and unique identifiers (UUIDs) of users who own objects containing scripts that directly connect to web APIs on this site.
  • In-world location of objects containing scripts that directly connect to web APIs on this site, including region name and coordinates.
  • The unique identifiers (UUIDs) of objects containing scripts that directly connect to web APIs on this site

This information is required for in-world scripts to authenticate with the web APIs on this site and ensure usage of these APIs is restricted to authorized scripts/users only.

Sales and Rentals (CasperVend, CasperLet, and Second Life Marketplace)

I use CasperLet to manage Second Life rental properties, and CasperVend for in-world sales (including distribution of certain free items). Both of these systems are governed by the CasperTech Privacy Policy. Sales of my items on the Second Life Marketplace are governed by the Linden Labs Privacy Policy, and records of my Marketplace sales are synchronized with CasperVend.

Second Life Scripted Agents ("Bots")

Within Second Life, "bots" are normal user accounts operated by automation software instead of by a human operator. The usage of bots in SL is governed by Linden Labs' Official Scripted Agent Policy, and all bots I operate fully comply with this policy. As of this policy revision, this includes only one bot account, Lupinia Studios DeerBot (frolickingdeer Resident).

All bots I operate run independently on servers I manage, using the Corrade viewer. No data received/viewed by my bots is shared with any third parties.

Chat/conversations received by bots (including local chat at reduced range, as well as IMs sent to bots and group IMs in groups the bot is a member of) are automatically logged as a normal function of bot operation, and while these logs may be reviewed manually as-needed for diagnostic purposes or to investigate security/abuse incidents, these logs are considered temporary/ephemeral and are discarded when no longer necessary for minimal engineering/security purposes.


This article has been updated as of November 18, 2023 15:23