Privacy Policy for osu!somtum

osu!somtum ("we," "us," or "our") is a private osu! server operated by an individual person and managed by the somtum!team. Your privacy is important to us, and this Privacy Policy explains how we collect, use, and protect your personal data.

By registering and using osu!somtum, you agree to the collection and use of information in accordance with this policy.

We collect and store the following personal data when you register and use our services:

• Username
• Email Address
• Password (securely hashed using bcrypt + salt)
• IP Address and Country
• Gameplay Data (scores, rankings, achievements, and related stats)

2.1 On Updating Your Profile

When building your user profile (which is publicly visible to all other users), you can optionally provide:

• Your current location
• Your interests
• Your occupation
• Your social media presence (Twitter, Discord, Skype, website)
• Your avatar and profile cover images
• Your signature

All of the above fields are publicly visible but can be removed immediately and permanently at any time via the settings page.

2.2 On Uploading User-Submitted Content

When posting on the forums, participating in chat, or uploading content to our service such as a beatmap, you are expressly making all submitted content public. In most cases, it can be edited or deleted after submission at your discretion. However, in certain cases, this functionality may be restricted to maintain the relevance and integrity of the service.

For example, if you upload a beatmap and it is "ranked," it becomes the basis for the wider user base to achieve scores. At that point, the option to delete the submission will be revoked.

2.3 On Logging In to the Game Client

When connecting to our service from the osu! game client, a client-specific string is submitted to help us identify your current play environment. This string is generated from a combination of hardware and software identifiers, and hashed so that it contains no personally identifiable information. However, it can be used to track access across logins.

The primary purpose of this is to maintain a fair ranking system and to enforce account security in case of unauthorized access. This data is considered private, stored only as long as necessary, and is non-transferable.

2.4 On Playing the Game and Submitting a Score

When completing a game session (whether passing or failing a beatmap), details of your performance are automatically submitted to our servers. This submission includes replay data and scoring information, which may be displayed publicly on the Global Leaderboards and your User Profile. These records cannot be deleted or modified.

2.5 Anti-Cheat System

Our anti-cheat system (circlecore-somtum) operates entirely on our private servers. We do not inject code into your osu! client, nor do we spy on or violate your privacy. We strive to avoid tracking any personally identifiable data while processing replays for anti-cheat purposes.

Your data is used strictly for the following purposes:

• Gameplay Analytics & Leaderboards – To provide an engaging experience with accurate score tracking.
• Security & Moderation – To prevent cheating, enforce rules, and manage bans/appeals.
• Account Management – To allow users to log in, play, and interact with the community.

We do not share, sell, or distribute your data to third parties. Only the somtum!team has access to this data.

We do not use cookies or tracking technologies to monitor user activity beyond what is necessary for site functionality.

All website services are handled by Cloudflare to ensure security, performance, and reliability.

If you make donations or purchases, we only collect your legal name. We do not have access to your debit/credit card details, as payments are processed securely by third-party payment processors.

For more details, please refer to the respective payment processor's privacy policy:

• TrueMoney Privacy Policy (for Thailand players): https://www.truemoney.com/privacy-notice
• Stripe Privacy Policy (for players outside Thailand): https://stripe.com/th/privacy

Your data and our server infrastructure may be backed up or located in one of the following cloud service providers:

• Dritestudio (Located in Thailand, operated by DRITESTUDIO CO., LTD.)
• Oracle Cloud Infrastructure (Located in Singapore, operated by Oracle Corporation)
• DigitalOcean (Located in Singapore, operated by DigitalOcean, LLC.)

These providers are used to maintain high availability, redundancy, and performance.

We retain user data until a deletion request is made. Users can request to delete their data by contacting privacy@somtum.fun.

We follow privacy regulations based on the user's region:

• Thailand Users: Thailand PDPA (Personal Data Protection Act)
• European Union Users: General Data Protection Regulation (GDPR)
• Other Countries/Regions: We strive to comply with the privacy laws applicable in your specific country or state.

Security measures include:

• Encryption of stored passwords (bcrypt + salt).
• Access Control to ensure only authorized personnel can manage data.
• Regular Security Audits to detect vulnerabilities.

• Access & Deletion: Users can request access to their data or request deletion by contacting privacy@somtum.fun.
• Account Appeals: Users who have been banned may appeal by emailing accounts@somtum.fun.

We may update this Privacy Policy from time to time. Users will be notified of changes via email.

For any privacy concerns, contact us at:

• Email: privacy@somtum.fun

By using osu!somtum, you acknowledge that you have read and understood this Privacy Policy.