May 24, 2018
We may update this document in the future, and will provide a site notice when we do so. We may not provide a notice however when it's a minor change such as a spelling mistake or a sentence rewording but, however for major changes we will inform our users.
The short version
We collect only the bare minimum amount of information that is necessary to protect the service against abuse. We do not sell your information to third parties, and we only use it as this document describes. We aim to be compliant with the EU GDPR.
What information PonySFM collects and why
Information in cookies
Our cookies for any users of the service may contain this information:
- The unique session token for the website
- An encrypted session identifier to persist their login
- An encrypted verification token used for generating unique download links
- A list of announcement IDs that have been dismissed
- The current site background
- One or more "flash" messages (temporary notifications of an action's success or failure, to be displayed at the top of the next page load and then deleted)
We might add to this list in the future as needed.
Information in user-submitted content
User-submitted content is considered by PonySFM to collectively refer to any content that you may submit to the site, which includes, but is not limited to, comments, images, messsages, posts, reports, resource edits and votes.
User-submitted content by users (authenticated or not) may contain any or all the following information:
- The IP address at the time of submission
- The browser fingerprint at the time of submission (see below)
- The browser version, as provided by the browser
- The page on PonySFM that initiated the submission
These items are only used for the "legitimate interests" of identifying and controlling abuse of the service and are not shared with any external party.
Information from users with accounts
create an account,
we require some basic information at the time of account creation. You will be asked to provide:
- a username, shown on your profile and non-anonymous user-submitted content
- a password, stored only as a cryptographic hash
- an email address, used only for sending password resets or account unlocking instructions
- a Google Captcha to be solved
We also store your IP address whenever you log in for security reasons.
Everytime your log into your account, the following information is temporarily saved and associated with your newly created session. This helps you track when and where you accessed your account for security reasons.
- Browser name and version
- Operating system name and version
- Creation date
Each time you access the site we update the timestamp of your session.
Information that PonySFM does not collect
We do not intentionally collect personal information, but users may include it in user-submitted content. We will remove personal information if we deem it too sensitive. Inform us if you believe shared information is too sensitive.
This is especially important because information shared in public user-submitted content may be indexed by search engines or used by third parties without your consent.
Information that may potentially be shared with third parties
We do not in any way share individual account information with third parties except in response to court orders. We make public certain statistics about how users use PonySFM (for example,
), without personally-identifying information.
Users are able to link to external images not hosted on PonySFM in descriptions and comments, however we have no control over these images and do not collect or store any data except the image URL which is necessary to display the image itself to the user. In this case the ToS of the externally hosted website applies.
Most of PonySFM is public-facing, and third parties may access and use it.
If you have concerns about the way PonySFM is handling your personal information, please let us know immediately. You may contact us by emailing us directly at firstname.lastname@example.org