Privacy Policy

1. Definitions

• For a full list of the definitions used in this document, please refer to the Compensation VR Terms Of Service.

2. Agreements

By using Compensation VR or any other service or API related to Compensation VR and maintained by Subsurface Studios, you agree to this Privacy Policy in it's entirety.
If you do not agree to this, you may not use Compensation VR or any other Subsurface Studios service or application.

3. Opt-Out

If You so choose, You can request either:

• A copy of all information stored about You by Subsurface Studios
• The deletion of all data, files, and otherwise information pertaining to You.
  This includes Your Compensation VR account as well as any information We have collected about you, for moderation purposes or otherwise.
• To request deletion of this information, please contact us at [email protected] with your username. We will verify your identity from there and proceed as requested.

These options are not mutually exclusive.
For more information on either of these Opt-Out paths, please contact the Compensation VR development team directly with Your inquiry.

4. Data Collection

We collect a certain amount of data about You when you use Compensation VR.
Some of this data is given directly to Us, and some is gathered automatically as you play Compensation VR.

Information You provide to Us directly, (for example, Your username) is referred to as Direct Disclosure.
Information We gather automatically as you play Compensation VR is referred to as Automatic Disclosure.

Direct Disclosure includes:

• Your username.
• Your password. (This data is stored as hashed data and therefore is not retrievable by Subsurface Studios staff.
• Your personal pronouns.
• A short biography about You.
• (if applicable) Two-Factor Authentication data pertaining to authenticating You when you log in with 2FA.

Automatic Disclosure includes:

• The IP address You connect to Our servers with.
• Automatically generated Economy Data for in-game currency and inventory tracking services.
• Your current location in-game.
• Reports made against You for violating the Code Of Conduct or Terms Of Service.
• Bans placed upon Your account.
• Users You have reported for poor conduct.
• Notifications You have recieved in-game.
• The 'Tags' available to you in-game.
• Your in-game 'acquaintances', 'friends', 'favorite friends', and all users you send friend requests to.
• Hardware Identification information (HWID) used when logging in with Two-Factor Authentication to see if you have previously logged in with a device.
  This only applies to users who have enabled & verified Two-Factor Authentication.
• Data pertaining to Opt-In Automatic Exception Reporting - for more information, please see Section 6 - Automatic Exception Reporting

5. Data Usage

Data collected by Us will be used for the following purposes:

• Basic functionality of Compensation VR, such as multiplayer support, social features, and authentication services.
• Moderation of Compensation VR, including (but not limited to) preventing ban evasion, ensuring we can verify integrity of reports, and identifying troublesome users.
• Internal anonymized analytics, which do not collect any data about specific players.
  These analytics are simple and do not contain any Personally Identifiable Information, primarily Online Player Count, Open Instance Count, and Number of Generated Accounts.
• Opt-In (optional) non-anonymized analytics, which can be enabled using an explicit setting either in Compensation VR or over the Compensation VR API. For more information, see Section 6 (Automatic Exception Reporting).
• If you would like to guarantee the authenticity of these claims, the full and complete source code of our backend servers is open source & available on GitHub.

6. Automatic Exception Reporting (AER)

AER is an opt-in program in which the Compensation VR software will automatically report any errors and/or exceptions encountered during excecution. These reports consist of the raw error message emitted by the erroneous code, as well as the relevant stack trace. Measures exist to anonymize this information, however, the raw contents of the report may breach these measures, and there are no guarantees as to the anonymity of any data submitted via AER. Participation in AER serves to fill potential gaps in manual bug reporting, for example, in cases where a software bug is either not easily visible, or where a user may be unwilling to report an issue.
Care is taken to ensure all data collected through AER(API logs notwithstanding) is encrypted at-rest, and the database server is completely blind to the unencrypted form of stored information. Decryption is performed by means of a physically distinct server, access to which is granted only to authorized members of the Subsurface Studios team.
As part of AER, participants may additionally opt in to including their user ID in AER reports. By opting into this, you give permission for relevant members of the Subsurface Studios team to contact you in regards to collected reports.