Last Updated 25th May 2018. View history here
In addition to this policy, please also make sure to visit and understand our Terms of Service.
osu! is run by an Australian entity (ppy Pty Ltd), with the majority of servers operating from the United States.
osu! offers a wide variety of services to users from almost every country around the world, with a vibrant community and many opportunities for users to share their creativity with others by means of user profiles, beatmaps (game levels), forums, private messages, in-game chat, replay comments.
This document aims to describe what information we collect on our network and in the use of our products and services, how we use that information and what options we offer you to control your personal information.
Information we collect
On account registration
While limited functionality can be enjoyed without an account, it is often required that a user register an account to experience certain services. When registering an account, we store
- Your username
- Your email address
- Your password (bcrypt+salt)
- Your IP address and country
This personal information, with the exception of your username and country, is never shared publicly.
On updating your profile
When building up your user profile (which is publicly visible to all other users), you can optionally provide
- Your current location
- Your interests
- Your occupation
- Your social media presence (twitter, discord, skype, website)
- Your avatar and profile cover images
- Your signature
All the above fields are publicly visible but can be withdrawn immediately and permanently at any point from the settings page.
On uploading user submitted content
When posting on the forums, participating in chat or uploading content to our service such as a beatmap, you are expressly publicising all submitted content. In most cases, it can be edited and deleted after submission at your discretion, but in certain sometimes this functionality may be locked to maintain relevance and provisioning of service to our user base.
As an example, if you upload a beatmap and it is "ranked", it becomes the basis for the user base at large to achieve scores on. At this point the option to delete a submission will be revoked.
On logging in to the game client
When connecting to our service from the osu! game client, a client-specific string is submitted to help us identify your current play environment. It is created based off a combination of identifiers from your hardware and software configuration and hashed in such a way that it contains no personally identifiable information, but can be used to track your access across logins to our service.
The main purpose of this is to maintain a fair ranking system and help us enforce account security should your account be accessed from a compromised location. This is considered private and only stored as long as it is deemed relevant. It is also non-transferrable, and has no meaning outside the osu! ecosystem.
On playing the game and submitting a score
When completing a game session (passing or failing a beatmap), details on your performance will be automatically submitted to our server. The scoring portion of this submission includes game replay data and may be displayed publicly in the Global Leaderboards and on your User Profile and can not be deleted or modified.
Analytics and Logging
We utilise error log collection and web analytics which collect technical and usage information as you use our services. This may include IP address, your username, browser type and version, time zone setting and location, operating system and platform and other details on what devices you use to access our services.
This collected data is aggregated and only retained as it is useful. Generally the period of retention for non-aggregated data (such as error logs) is less than one month, with automatic purge rules.
Disclosures of your personal data
We do not perform any marketing, advertising nor send any unsolicited emails. The only emails you will receive from us are the result of an action on our service (such as requesting two-factor authentication, purchasing a product or enabling notifications for a discussion).
We may share your personal data with third parties in very specific cases:
- Where you have expressly made information public
- To fulfil your store orders
- To process payments via payment processing providers like Paypal and Xsolla
- To process your customer service tickets (we use Enchant)
- In order to improve our service, via error logging (we use Sentry)
Your rights and control
As a user you have the right to migrate, update or delete your personal information. This can be done primarily from the user settings, or where not available from a localised "Edit" feature on the relevant section of our site. In cases you wish to programmatically retrieve your full account data, please use our public API.
In many cases, user submissions such as forum posts and beatmaps can be deleted on an individual basis. You will find delete buttons directly associated with the items that can be deleted.
If you are covered by the European Union, you have the option of deleting your account from our service. Please note that this is currently a manual process and may take several days to complete (contact us to file a request). In the case of account deletion, portions of your public contributions may remain intact, as detailed in "Information we collect".
As we have a strict one-account-per-user policy to maintain fair leaderboards, after account deletion you may not be able to return to our service. To enforce this, we will also maintain the unique identifying string as mentioned in "Information we collect".
Security is very important to us. osu! follows accepted standards to protect your personal information during processing, transferring, and storage. We employ HSTS to ensure all sites on our domain are encrypted via TLS and maintain high standards in data security for access to our servers, restricting access to your personal data when we do not need to access it.
We also regularly purge data on an ongoing and automatic basis as to only keep as much historical data as necessary to perform our legitimate business interests.
osu! services are not designed for children under the age of 13. If we discover that a person under the age of 13 has submitted personal information to us without parental permission, we will endeavour to delete the information from our systems.
Hi, I am Dean (commonly known as peppy) and I am your data controller. If you have any privacy concerns or requests to exercise your legal rights, don't hesitate to contact me directly at the address listed below.
Email: email@example.com (24 hour response guaranteed)
Dean Herbert 41 Gregory Street Wembley, WA, 6014 Australia