Security and Privacy
Security
Our GUI clients connect via SSL/TLS. MUD clients capable of secure connections can use port 9095 (TriadCity), 9195 (Midgaard) or 9295 (Dungeon). Insecure connections are available on port 9094 (TriadCity), 9194 (Midgaard) or (9294), but we encourage secure connections whenever possible.
The web site is secured via HTTPS/TLS. All registration and login actions are over https.
Credit card processing is via secure third-party portal. SmartMonsters never sees your credit card info and is incapable of accessing it.
The database storing player information is encrypted. Passwords are additionally hashed, meaning, SmartMonsters has no ability to view them.
Our server and AI compute infrastructure is platformed 100% on Amazon Web Services, one of the most secure compute platforms available. Our infrastructure is designed for security, and we carefully follow all AWS and OWASP security recommendations.
Privacy
No player-identifiable information is ever shared with third parties. SmartMonsters analyzes player demographics to better optimize the user experience but we're looking at aggregates like average ages and average times of day of logins. Player-sensitive info such as passwords is stored hashed in our databases, meaning, we have no ability to read it.
Player commands including chats are logged and kept for seven days. We don't review these unless there's a complaint about player behavior, which is extremely rare.
Our mobile and Web GUI clients log errors to a central location where we can monitor them. This helps us eliminate bugs in the clients. The information we collect includes device and operating system details. We do not collect passwords or other sensitive data. These error logs are automatically deleted after seven days.