Updated October 23rd, 2024 (Mountain Time)

This document applies to https://penguinmod.com, https://jwklong.github.io/penguinmod.github.io, https://extensions.penguinmod.com, https://projects.penguinmod.com, and any other penguinmod.com subdomains.

You may see websites such as "Scratch", "TurboWarp", "Scratch OAuth2", and "Scratch Authentication" referenced in multiple places.

A "Service Administrator", "Admin", "Moderator", "Mod" or "Administrator" is a person who can either directly access the server files for PenguinMod, or a person who can contact the server host that is able to access the server files and server process. "Host" may also refer to the server host of PenguinMod's project sharing.

A "Project Moderator" is a person who has the ability to remove projects or content from those projects, and reply or send messages to users who had moderation actions happen towards their project or account. These users may also be able to edit profile information about another user.

These people can contact Administrators aswell, and may have extra permissions such as banning users.

General

We may log anonymous aggregated data such as how many people use the site, how often a feature is used, what operating system and browser is used, how much user content is on the site, and diagnostic information such as cache hit ratios.

When using the website, your IP will be logged and stored to your account if you log in. This is to help us identify users who may be spamming or attacking the site.
Your IP will also be stored temporarily when viewing a project, along with information about the project you viewed being logged temporarily.

This temporary amount of time will be around 1 week, and this applies to all "temporarily stored" content listed here.

How We Use Your Date of Birth and Country Information

When you provide us with your date of birth and country during registration, we use this information to ensure that:

  • You (or your child) only have access to content that is appropriate for your age, in compliance with laws and regulations that protect minors.
  • Your account only accesses content that is permitted in your country or region, in accordance with local laws and content rating systems.

This helps us create a safe and age-appropriate environment for all users. We will not use your date of birth or country information for any other purposes without your explicit consent.

Your date of birth and country/region is not shared with project moderators directly.

Advertisements

When advertisements are served on any PenguinMod page, third parties may be placing and reading cookies on your browser, or using web beacons to collect information. Your provided birthday and country is not shared by PenguinMod to these third-parties, though they may obtain this information from methods or websites outside of PenguinMod's control. You may be able to find more information here:

Project Sharing & Accounts/Profiles

Accounts are created and logged into using either a Username and Password, or using one of the OAuth2 login methods. These login methods are "Scratch OAuth2" requiring a "Scratch" account, "Google" requiring a "Google" account, or "GitHub" requiring a "GitHub" account.

When you use the "Scratch OAuth2", "Google", or "GitHub" login methods, they can access:

  • your IP address
  • your general location (using your IP address)
  • your public account information on their respective platforms (in some cases, emails or other information the login method provides to PenguinMod on authentication)

Accounts created will have their IP and creation date stored with them.

Any logins to an account using any login method will also have that IP and login date stored on the account.
PenguinMod may require an email to be attached to an account for certain features or account security.
This will be stored on the account if provided.

When using our Services:

  • any projects uploaded will have their project name logged
  • any projects uploaded are publicly viewable (including unapproved or under review projects if you have the URL to them)
  • any private profiles or projects are visible to site moderators or admins (or visible to other users depending on the profile's settings)
  • any profile info you set (bio/about me, featured project) is publicly viewable to all users (and private profiles are visible to site moderators or admins)
  • any projects uploaded can be modified by admins or hosts of the service in any way (project image, project name, project code, etc.)
  • any profile info you set can be modified by admins or hosts of the service in any way (profile about me, etc.)
  • any projects, accounts, or content created on the platform may be logged when deemed neccessary

Uploaded projects will be publicly visible to all users on the website. Any user may report a project or report another user to Project Moderators if they believe the Uploading Guidelines have been violated.

Project Information available to users, Project Moderators and Service Administrators include:
  • the project name, project instructions & notes, project thumbnail, project data, uploader's username, and uploader's profile picture for any project
  • the date any project was uploaded, updated or featured
  • the likes, votes, favorites and views attached to that project
  • whether or not the project has been updated
  • any other internal information about the project
  • the uploader's Scratch account (if they used it to create the account or use information from it)
  • the uploader's GitHub account (if they used it to create the account or use information from it)
Information available only to Project Moderators and Service Administrators include:
  • the date a project was removed
  • the date, contents, and type of any moderator message or response to a moderator message
  • any above information users can access
Information available only to Service Administrators include:
  • the indiviudal users who liked, favorited or voted a project
  • the IP of users who viewed a project
  • any above information users or Project Moderators can access
  • the uploader's Google account (if the account has it as a login method)
  • the uploader's GitHub account (if the account has it as a login method)
  • the uploader's Scratch account (if the account has it as a login method)

Your IP will temporarily be saved in the server when you view a project. This is used to make sure you are not the same user reloading the page to gain multiple views.

Account information may be logged or saved to the server when interacting with a project.

This information is used to save liked, favorited, or voted projects for users and also to debug any issues present in the server.

Third Parties

When uploading a project, getting a project "featured", or having a project deleted by a moderator, information about the project and account's public information will be sent to the third-party site "Discord".

The purpose of this logging is for site moderators to easily find projects that violate the Uploading Guidelines or see any previous actions other moderators have done to a project.

The purpose of logging "featured" projects is to allow users to view projects other users may enjoy or like.

When an account is banned, has punishments placed on it, or gets it's information updated by a moderator, information about the account will be sent to the third-party site "Discord".

When an account sends a message to a moderator, receives a message from a moderator or uses language not appropriate for PenguinMod on the platform, account will be sent to the third-party site "Discord".

The purpose of this logging is for site moderators to handle or respond to users that may have violated PenguinMod's Terms of Service.

Information about accounts, projects, or other content on the platform may be sent to the third-party site "Discord" for any reason that deems it neccessary.

Other services

When using cloud variables, the project ID and your username may be logged for up to 14 days.

Your randomly generated or chosen username is stored in your browser's local storage. To mitigate the potential to track users with this feature, all randomly generated usernames are anonymized before the server receives them. However, usernames explicitly set by a user may be logged to help prevent abuse.

If a user is logged into PenguinMod, their username used by Cloud Variables, other extensions, and the editor "username" block will be set to their PenguinMod account's username.

Built-in Scratch extensions that require Wi-Fi (such as Translate, Text to Speech, LEGO, micro:bit, etc.) may connect to the Scratch API to implement these features. Refer to the Scratch privacy policy for more information. The Translate extension may instead make requests to a TurboWarp API, which may then forward your request to the Scratch API and log the message being translated and the result for caching and performance.

In rare circumstances, connections that are appear to be spam may have their IP logged for up to 24 hours. This happens very infrequently and only in cases of extreme abuse.

Built-in PenguinMod and Custom extensions that require Wi-Fi or use Wi-Fi to get online data (HTTP, Website Requests, Sound Systems, CloudLink, HTML iframes, Storage, etc.) may connect to any user-specified API, which will grant the owner of the website being connected to:

  • your full IP address (and possibly general location using your IP address)
  • the ability to show or display anything (if the extension is showing the info returned to the user)
  • any other things public APIs can do or access

This document does not apply to third-parties, including other users or bots connected to cloud variables, links to external websites, custom extensions, or some advanced URL parameters.

Editor extensions

Core - HTML iframes (referred to as "iframes" here)

"iframes" may connect to user-specified websites. These websites may be allowed to access:

  • your IP address
  • your general location (using your IP address)
  • any web API

The websites specified may also display any content, however PenguinMod will attempt to automatically scan the website for any potential viruses or vulnerabilities. Major adult websites are also blocked, and most others are blocked aswell.

PenguinMod does not allow projects uploaded to only display content from other websites. Uploaded projects must contain content of their own, and certain websites may cause the uploaded project to be deleted or rejected.

Core - Scratch Authentication (referred to as "Scratch Auth Extension" here)

The "Scratch Auth Extension" will connect to Scratch Auth for Log-In. Scratch Auth can access:

  • your IP address
  • your general location (using your IP address)
  • your public Scratch Account information

The "Scratch Auth Extension" also allows your public Scratch account information to be accessible to the PenguinMod project, however other tools, extensions or APIs are required to get information past your Scratch username.

User-submitted (G1nX) - Better Storage

Better Storage will connect to Scratch Auth for Log-In. Scratch Auth can access:

  • your IP address
  • your general location (using your IP address)
  • your public Scratch Account information

Better Storage can also access any info that Scratch Auth can. The owner of Better Storage may also view any saved data using their keys for security and safety.

User-submitted (MubiLop) - PenguinGPT

PenguinGPT will connect to reverse.mubi.tech by default for AI communication. This site can access:

  • your IP address
  • your general location (using your IP address)
  • any prompt or responses given to any AI on the site
  • any prompt or responses from any AI on the site
  • any images from any AI on the site

The owner of PenguinGPT logs and reads this information for security and preventing malicious attacks.

User-submitted (RubyDevs) - TurboWeather

TurboWeather uses Browser APIs to geolocate the user.
PenguinMod will ask the user to confirm this action before the extension attempts to do this.

PenguinMod will not ask the user to confirm this action if the project is compiled using the PenguinMod packager.
In this case it is up to the user's browser to prompt the user if they would like to allow the website to access their location.

The Ruby Developer team promises that they do not store or keep your location data in any way when using the extension.
TurboWeather does however connect to third-party services to get user information that may store your info:

When using the extension, third-party services may be able to access:

  • your IP address
  • your general location
  • info about your location (weather, temperature)

TurboWeather does make efforts to avoid returning private info, such as:

  • latitude and longitude
  • specifically chosen or user coordinates (provided for geolocation)
  • any other info returned by the third-party services that may be used to find the user in real life

Contact

Email us at penguinmodhelp@gmail.com

Join our Discord Server