Last updated: 2019-06-06, adding Other Services section, moving the PayPal information to said section, adding information about Patreon, other minor clarifications and advice.
I've tried to write this in plain English using a minimum of jargon - if you feel you need clarification, you can email firstname.lastname@example.org with your concerns and I'll elaborate further in this document.
Improbable Island collects the following information from you:
Your email address
You're only required to give your email address if you want to interact with other players - if all you want to do is fight monsters and do the single-player storyline, you don't have to give an email address.
Your email address is stored so that we can let you know when someone contacts you via the Distractions system (this is an option that can be toggled in your Preferences) or so that the moderators or admin can contact you if we need to talk to you about something (like technical problems with your account, chat about bug reports, someone else wanting to take over a land claim stake you hammered in two years ago and never developed, that kind of thing). We don't generally send out email to all of our players at once unless we're talking about a planned service outage, a change to our agreements with you, an emergency, or a major event - mass emails average one every couple of years, and are not used for marketing.
Ironically, as I type this, we're collecting and re-confirming everyone's email addresses so that I can send out an email directing people to this page that tells people that we don't usually email them.
Your IP address
We have to store your IP address so that the game knows which page to serve to which player. Your IP address is a string of numbers that can effectively serve as a semi-unique identifier for a piece of network-connected hardware at a particular point in time. When you're at home, your router will present an IP address to Improbable Island (and any other website) whenever you visit. When you're at a library or at work, using a different router, you will present a different IP address. On your phone, yet another different IP address.
Most people's IP addresses are assigned dynamically by their internet service providers. It's not generally practical to use an IP address to identify an actual human person because a) many devices will be assigned a different IP address each time they're rebooted, and b) each device connected to a given router will present the same IP address to the web server, so a bank of computers in a library or a bunch of laptops on the public Wi-Fi in a coffee shop or airport will all appear as one IP address. Regardless, proxy services exist to hide your IP address from websites you visit, which can be useful to avoid intrusive ads and sophisticated spyware.
Historical login data
Each time you log in, the IP address from which you log in is stored alongside your character ID (your character ID is a number that internally represents your player character). This is to help track and prevent abuse - without such a system, a banned player could simply make a new account and log right back in again. This also helps us track down the culprit if we suspect that your account may have been accessed by someone else.
Things you type into the Improbable Island website
This and the following "actions you take" section are typically represented in privacy policies using such vaguenesses as "input necessary for the function of the Service" et cetera, but we figured we'd spell it out here.
Content such as chat, Distractions, Mementos, descriptions you type into Places - all of this has to be stored in a database so that other people can see it, or there wouldn't be much point in typing it in the first place. Chat is typically erased after seven days unless someone draws a moderator's attention to an area. Distractions are erased when you erase them. Mementos are erased when the owner of the Memento erases them, likewise with Places. There are many other places on Improbable Island where you type things, and they all follow the common-sense rule of "When you type something into the game, it goes into the game." Moderators and administrators can see anything you type into any page on improbableisland.com or any subdomain - this includes messages between players using the Distractions system, which we occasionally have cause to monitor in cases of stalking, grooming, harrassment etc in order to keep our players safe.
Owners of Places, or those who have Keys to those Places that grant them moderation powers over the Place, can see everything you type in a Place that they control.
For the avoidance of doubt, we do not have any mechanism in place to store text that has been typed but not submitted. For example, if you start to type a line of chat, change your mind, and go back and edit it, we only store the final product that you submit by clicking "Speak" or pressing Enter. It is standard practice on websites such as Facebook to store and analyze the half-formed messages that you never actually send, but we think that's creepy as hell and don't do it.
Actions you take on the Improbable Island website
Information about what links you click and the actions your character takes (for example, fighting monsters, receiving experience points or Requisition tokens, picking up crates, moving from space to space, healing, and so on and so forth) are recorded because if they weren't, the game wouldn't know you'd done them, and it would be extremely frustrating and rather pointless to fight a monster that constantly forgets it's been hit.
For the avoidance of doubt, we don't track or record things like your scrolling position, your mouse cursor position, links that you hover over and change your mind before clicking, or anything that a reasonable, non-paranoid person would not assume was tracked. Again, intrusive tracking like this is standard practice on many websites, and we recommend that you install browser extensions to block this sort of thing because in addition to being extremely creepy, these sorts of functions waste your CPU cycles, heat up your processor, slow down your computer, inflate your electricity bill and contribute to climate change for no good reason.
Abusive behaviour records
Moderators collaborate when presented with spammers, scammers, stalkers, trolls, or other users that threaten the safety, privacy or enjoyment of other players. When an incident is reported to us, or when we find one ourselves, we log the date and time, which characters were involved, and how we dealt with the problem. This log does not include IP addresses, email addresses, or other personally-identifiable information, except in cases where the player involved has broken the law and faced legal consequences for their actions, in which cases we record the above plus such information as has been already made a matter of public record.
Information from Other Services
Improbable Island doesn't make use of third-party analytics services such as Google Analytics, as they frankly cannot be trusted. However, we do have to use third-party services for processing donations. The services we use are PayPal and Patreon, and they have their own privacy policies that you should read and understand before using them.
When you make a donation to Improbable Island using PayPal, PayPal sends us a receipt email that includes your real name (or, at least, the name you entered into the PayPal website), whether we want it or not (we don't). These emails are stored separately from game data - no system is in place to associate your real name with your character's name or ID, but the receipt emails do have to be archived for tax purposes. PayPal also sends a ping to the game server to tell it that you've made a donation. This ping includes your real name and your character's numeric ID, but the game server only records the numeric character ID, the date and time, and the donation amount - other information sent in the ping is never written to disk, and is instead discarded immediately.
When you sign up for a payment subscription using Patreon, we're given an authentication token that we can use to get information from Patreon about your subscription. Using this authentication token, we retrieve from Patreon the total amount you've ever given us (so we know how many Supporter Points to give), and your Patreon account ID, which we record in a way that's associated with your Improbable Island character ID (so that we know which character to give the points to). We don't record any other information about you.
We record the bare minimum of information required to give donation rewards and nothing more, because we don't want your personal information sitting on our server's hard drive being bait for hackers.
Who we share this information with
We don't share it with anybody.
Improbable Island runs on the somewhat old-fashioned idea that an internet business can survive just by people liking it enough to give it money. There's a saying that goes "If you're not paying for the service, then you're not the customer - you're the product being sold." Most websites make money by selling your browsing habits to advertisers, marketing executives and basically anyone who'll pay to see it, including the likes of Cambridge Analytica, foreign governments, and normal everyday stalkers. We don't do this, and have never done this. Improbable Island does not sell your data, whether individual or aggregate, whether personally-identifiable or anonymized, to anyone, ever - and even if we wanted to, we don't have it in the first place. We don't want it! We think of personally-identifiable information as toxic waste, and we want it as far away from us as possible. The more of it we keep around, the more likely it is that it'll get breached and we'll get into serious trouble someday.
The only circumstances in which we divulge data concerning any player is when law enforcement is involved, or when we have reason to believe that a player or the website may be in danger.
If you have given us money, you're a customer, not the product being sold to advertisers. If you haven't given us money, you're still not the product being sold - you're a potential future customer, who we're hoping will give us a tenner some day, and we intend to treat you as a valued member of our community and not as a source of data to be sold to corporate sociopaths.
If you've made it this far, I hope you're reassured by what you see here, and if you have any questions please feel free to email me at email@example.com.