Privacy Policy
Statbus (the application) does not record any data about its users, byond what is necessary in order to facilitate a secure and informative experience. Wherever possible, the application relies on the game server database (the external database) to look up information about players and other associated data. This data is only displayed by the application and never stored. In some circumstances, data from the external database may be cached; this data is ephemeral and not generally accessible outside of the application. Some functionality requires storing user information on a database used exclusively by the application (the internal database), or in session files. This functionality will be listed and explained below.
Externally Accessed Data
In several places, data about the user is accessed from external services that do not include the game database server. This is done as part of the authentication process (OAuth), and is designed to be non-invasive.
TGStation Forum Data
When you authenticate to the application via the TGStation forums, some information is transmitted back to the application and securely stored as part of your PHP session. The data received from TGStation consists of:
- Your PHPBB username used on the forums
- Your Byond key, which is your “full”, un-interpreted username from Byond
- Your Byond ckey, a simplified version of the Byond key with everything except letters, numbers, and the
@character stripped out The only information stored by the application from the TGStation forums is the Byond ckey.
Discord Data
Authenticating to the application with Discord returns information about your Discord account. Note that the application specifically does not request access to the email address associated with your Discord user.
All information from your Discord profile is discarded, except for the id field, which is used by the application to look up your information in the external database.
Data Stored on Statbus Servers
Session Data
The following data is stored in PHP's session mechanism, and is used to re-authenticate users across multiple visits:
| Key | Use |
|---|---|
ckey |
Used to re-authenticate users across visits to the application |
This information can be deleted by logging out. Session data is also purged automatically after 30 days of inactivity.
Logs
Webserver logs are not retained in any meaningful way. The application has a facility to support error logging. This is disabled by default, and only used when necessary to debug an issue. In those cases, logging is temporarily enabled, and once it is no longer needed, it is disabled, and any generated logs are removed. The following pieces of information are collected in error logs:
| Key | Use |
|---|---|
url |
The URL the user was visiting that triggered the error |
ip |
The IP address of the user who triggered the error |
ckey |
The ckey, if the user is logged in |
The Internal Database
Information currently stored by the internal database:
- The round ID, ticket number, and unique identifier for tickets that users have marked as public
Analytics
Statbus utilizes Matomo to track website analytics. This data is collected and used to inform decisions about topics such as:
- Which screen dimensions and resolutions to design for
- Features to focus on improving
- Where Statbus users are coming from
Matomo is designed from the ground up to place an emphasis on maintaining the privacy of visitors. From the Matomo documentation, this is what data is collected:
- User IP address (Statbus uses IP anonymisation)
- Optional User ID (Statbus does not utilize this feature)
- Date and time of the request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user’s timezone
- Files that were clicked and downloaded (Download)
- Links to an outside domain that were clicked (Outlink)
- Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed)
- Location of the user: country, region, city, approximate latitude and longitude - (Geolocation)
- Main Language of the browser being used (Accept-Language header)
- User Agent of the browser being used (User-Agent header)
At the same time, many adblock lists include Matomo's tracking snippets by default. If you want to help support the development of Statbus, please consider allowing matomo.statbus.space in your ad blocker's allow-list. Below is a custom filter snippet to allow Matomo in uBlock Origin:
! 2023-08-27 https://statbus.space
@@||matomo.statbus.space^$1p
Source Code
The application source code is publicly available on GitHub.
1.3 Rev. 2025-01-19