NetPass Privacy Policy
We take the privacy of our users seriously. As such, we collect the minimum amount of data required to operate our service. Below you can read about which data is stored, why and for how long.
Cookies
The following cookies are used while using our website:
Identification Cookie:
This Cookie is used to identify the user between page loads, so that the server knows who you are while you access and edit your profile. This is a short-lived session cookie.
Auth Cookies:
These cookies are cookies that are used during authentification to prevent an attacker to gain control of your identity. These are short-lived session cookies.
Data
We collect various bits of data to make the service work:
Identifying bits:
To identify the console connecting to NetPass, we store the consoles mac address together with a console-unique hash consisting out of the device id and the mac. While the mac is stored in plain text, it does not seem feasable to do otherwise, as throughout the StreetPass protocol the mac address of a user apears in the transmitted payloads frequently.
For background collection of passes to work, we also store the BOSS UID, as that is needed to identify the console when doing StreetPass-Relay requests. These identifying bits are stored indefinitely.
Outbox:
The outbox contains all the messages that your console is trying to send to others via NetPass. These messages, together with a list of which titles are activated, and the capacity of messages on the console itself all make up the outbox data. This data is stored for up to 30 days.
Inbox:
Similar to the outbox, the inbox contains all that the messages that your console will receive upon opening NetPass. These messages are stored for up to 15 days.
Back Alley:
When you used the Back Alley to get a specific pass, the time of when this is happening is stored on the server. This is to prevent cheating by using the back alley more frequently than intended. These time entries are stored for up to 3 days.
Bans:
When you are issued a ban, the reason for the ban and the time when it expires is stored indefinitely. This is to be able to enforce the ban and to be able to provide moderators a history of when and why a ban occured, to be able to detect repeat offenses.
Integrations:
For integrations to function, the HTTP headers that the console sends on StreetPass-Relay requests are stored, so that those can then be sent off to the integration. This data is stored indefinitely.
Additionally, Which integration is active and when it has to run again is also stored, for them to be able to function. This data is only stored while an integration is active, and for the duration the integration is active.
Reports:
When a message is reported, the report reason along with the messages associated with the report are stored on the server, for moderators to be able to take action, if needed. This data is stored indefinitely.
Account:
When using an account on our website, we store the data you submitted there: Your account name, the consoles you connected, the name of your consoles and the settings for them. This data is stored indefinitely.
Subscriptions:
Our subscriptions are being processed by Stripe. To be able to associate a subscription to a user, we store the stripe customer id, price id, subscription id and expiracy of a subscription. This data is stored for the duration of the subscription.
Third-Party identifiers:
If you configure a third-party identifier for your account (e.g. Login with Discord) we store the user id of the third-party provider. This data is stored indefinitely.
Aggregated data:
We store some aggregated data for research of the StreetPass protocol and to be able to provide some services. This aggregated data is stored indefinitely, however, it is not able to draw conclusions to specific consoles from this. This aggregated data includes: Research of interesting StreetPass message values; names of StreetPass titles; hmac of StreetPass titles.
Data Sharing
Subscriptions
We use Stripe as our payment processor. For this to work, stripe will know what subscription you subscribed to. Stripe does not know your internal user id or any other bits that link your subscription to your NetPass account. This all happens on the NetPass side.
While Stripe may ask for your card details, name or email, NetPass never receives that information.
Third-Party identifiers:
If you decide to identify yourself with a third-party service, the service will know that you tried to identify with it. The service will never receive any data from NetPass itself, meaning we do not give any data to them
Integrations:
For integrations to work, the StreetPass-Relay HTTP headers your console uploaded are being transfered to the third-party service. This includes your consoles BOSS UID.
Contact
If you have any questions or want further clarification about our privacy policy, please reach out to our Discord or via email.