Privacy

Last updated: June 13, 2026

Winterlude Forums is run by Winterlude Interactive. This page explains what the forum stores, why it stores it, and what is private.

What We Collect

  • Your username, display name, email address, password hash, account status, roles, and profile fields.
  • Posts, threads, reports, private messages, and moderation actions made through the site.
  • Session records, verification tokens, IP address, and browser user agent for account security.
  • Avatar settings, including remote avatar URLs if you choose one.

How We Use It

  • To create and manage accounts, sessions, profiles, forums, threads, posts, and private messages.
  • To verify email addresses, send account emails, prevent abuse, and enforce forum rules.
  • To keep audit trails for moderation, administration, and account security.
  • To run automated safety checks before content is published or delivered.

Automated Review

Posts, threads, replies, and private messages may be checked by OpenAI's moderation API before they are accepted. We send the text being reviewed, not your password, session token, or account email. The result may accept the content, hold it for staff review, report it for review, or deny it.

Accepted content is published normally. Held or denied content is kept with an audit record so staff can understand what happened and correct mistakes. Private-message moderation is more restricted than public-post moderation: moderators do not get general access to private chats.

Private Messages

Private messages are meant to be private between the two people in the conversation. Staff cannot casually browse private chats. A moderator can see a specific reported private message. Seeing the full chat requires a request and approval from an admin or owner.

Automated review may hold a private message before it is delivered. Admins and owners may need to inspect held private-message content to decide whether it should be approved or denied.

Cookies

We use necessary cookies for login sessions and request protection. These cookies keep you signed in and help stop forged requests. We do not use analytics cookies, advertising pixels, or tracking cookies.

Third-Party Services

  • Brevo sends forum email such as verification messages.
  • OpenAI provides automated moderation checks.
  • Remote avatar services may receive your browser request when you choose a remote avatar.
  • Google Fonts are loaded for site typography.

Retention

Accounts remain until deleted. Posts, threads, reports, private messages, and moderation records are kept as part of the forum record unless removed through account tools or moderation. Session and verification tokens expire.

Your Choices

  • You can edit your profile and account details.
  • You can delete your account from the account page.
  • You can choose not to use remote avatars.
  • You can ask for help with account or privacy questions by emailing [email protected].

Security

Passwords are stored as hashes, not plain text. Sessions use secure cookies. Sensitive account actions require CSRF protection. Staff tools are role-restricted and moderation access is audited where privacy-sensitive content is involved.

Changes

This policy may change as the forum changes. The date at the top will be updated when that happens.