Updated March 19th, 2024 (Mountain Time)

This document applies to https://penguinmod.com, https://studio.penguinmod.com, https://extensions.penguinmod.com, https://projects.penguinmod.com, and any other penguinmod.com subdomains.

You may see websites such as "Scratch", "TurboWarp", and "Scratch Auth" referenced in multiple places.

A "Service Administrator", "Admin", "Moderator", "Mod" or "Administrator" is a person who can either directly access the server files for PenguinMod, or a person who can contact the server host that is able to access the server files and server process. "Host" may also refer to the server host of PenguinMod's project sharing.

A "Project Moderator" is a person who has the ability to remove projects or content from those projects, and reply or send messages to users who had moderation actions happen towards their project or account. These users may also be able to edit profile information about another user.

These people can contact Administrators aswell, and may have extra permissions such as banning users.

General

We may log anonymous aggregated data such as how many people use the site, how often a feature is used, what operating system and browser is used, how much user content is on the site, and diagnostic information such as cache hit ratios.

When using the website, your IP will be logged and stored to your account's name if you log in. This is to help us identify users who may be spamming or attacking the site.
Your IP will also be stored temporarily when viewing a project, along with information about the project you viewed being logged temporarily.

This temporary amount of time will be around 1 week, and this applies to all "temporarily stored" content listed here.

Advertisments

When advertisements are served on any PenguinMod page, third parties may be placing and reading cookies on your browser, or using web beacons to collect information. PenguinMod itself does not do this, and you may be able to find more information here:

Project Sharing & Accounts/Profiles

Accounts are logged into using Scratch Auth, which requires you to have a Scratch account.

When you use Scratch Auth, it can access:

  • your IP address
  • your general location (using your IP address)
  • your public Scratch Account information

Accounts do not actually exist on PenguinMod, but instead PenguinMod stores data that is attached to a certain username. When you "log-in" to an account, you are actually only gaining access to perform actions to data that is attached to a certain username, or create data to be attached to your username.

When using our Services:

  • any projects uploaded will have their project name logged
  • any projects uploaded are publicly viewable (including unapproved projects if you have the URL to them)
  • any profile info you set (bio/about me, featured project) is publicly viewable to all users, unless stated otherwise
  • any projects uploaded can be modified by admins or hosts of the service in any way (project image, project name, project code, etc.)
  • any profile info you set can be modified by admins or hosts of the service in any way (profile about me, etc.)

Uploaded projects will be publicly visible to all users on the website. Any user may report a project or report another user to Project Moderators if they believe the Uploading Guidelines have been violated.

Project Information available to users, Project Moderators and Service Administrators include:
  • the project name, project instructions & notes, project thumbnail, project data, uploader's name, uploader's Scratch account and uploader's profile picture for any project
  • the date any project was uploaded, updated or featured
  • the likes, votes, favorites and views attached to that project
  • whether or not the project has been updated
  • any other internal information about the project
Information available only to Project Moderators and Service Administrators include:
  • the date a project was removed
  • the date, contents, and type of any moderator message or response to a moderator message
  • any above information users can access
Information available only to Service Administrators include:
  • the indiviudal users who liked, favorited or voted a project
  • the IP of users who viewed a project (until server reset)
  • any above information users or Project Moderators can access

Your IP will temporarily be saved in the server when you view a project. This is used to make sure you are not the same user reloading the page to gain multiple views.

Account Usernames are saved in the server when that user liked, favorited or "voted to feature" a project.

Account Usernames and project info will also be logged when a project is liked, favorited or voted for. This is for debugging purposes for the developers.

Other services

When using cloud variables, the project ID and your username may be logged for up to 14 days.

Your randomly generated or chosen username is stored in your browser's local storage. To mitigate the potential to track users with this feature, all randomly generated usernames are anonymized before the server receives them. However, usernames explicitly set by a user may be logged to help prevent abuse.

Built-in Scratch extensions that require Wi-Fi (such as Translate, Text to Speech, LEGO, micro:bit, etc.) may connect to the Scratch API to implement these features. Refer to the Scratch privacy policy for more information. The Translate extension may instead make requests to a TurboWarp API, which may then forward your request to the Scratch API and log the message being translated and the result for caching and performance.

In rare circumstances, connections that are appear to be spam may have their IP logged for up to 24 hours. This happens very infrequently and only in cases of extreme abuse.

Built-in PenguinMod and Custom extensions that require Wi-Fi or use Wi-Fi to get online data (HTTP, Website Requests, Extended Audio, CloudLink, HTML iframes, Storage, etc.) may connect to any user-specified API, which will grant the owner of the website being connected to:

  • your full IP address (and possibly general location using your IP address)
  • the ability to show or display anything (if the extension is showing the info returned to the user)
  • any other things public APIs can do or access

This document does not apply to third-parties, including other users or bots connected to cloud variables, links to external websites, custom extensions, or some advanced URL parameters.

Editor extensions

Core - HTML iframes (referred to as "iframes" here)

"iframes" may connect to user-specified websites. These websites may be allowed to access:

  • your IP address
  • your general location (using your IP address)
  • any web API

The websites specified may also display any content, however PenguinMod will attempt to automatically scan the website for any potential viruses or vulnerabilities. Major adult websites are also blocked, and most others are blocked aswell.

PenguinMod does not allow projects uploaded to only display content from other websites. Uploaded projects must contain content of their own, and certain websites may cause the uploaded project to be deleted or rejected.

Core - Scratch Authentication (referred to as "Scratch Auth Extension" here)

The "Scratch Auth Extension" will connect to Scratch Auth for Log-In. Scratch Auth can access:

  • your IP address
  • your general location (using your IP address)
  • your public Scratch Account information

The "Scratch Auth Extension" also allows your public Scratch account information to be accessible to the PenguinMod project, however other tools, extensions or APIs are required to get information past your Scratch username.

User-submitted (G1nX) - Better Storage

Better Storage will connect to Scratch Auth for Log-In. Scratch Auth can access:

  • your IP address
  • your general location (using your IP address)
  • your public Scratch Account information

Better Storage can also access any info that Scratch Auth can. The owner of Better Storage may also view any saved data using their keys for security and safety.

User-submitted (MubiLop) - PenguinGPT

PenguinGPT will connect to reverse.mubi.tech by default for AI communication. This site can access:

  • your IP address
  • your general location (using your IP address)
  • any prompt or responses given to any AI on the site
  • any prompt or responses from any AI on the site
  • any images from any AI on the site

The owner of PenguinGPT logs and reads this information for security and preventing malicious attacks.

User-submitted (RubyDevs) - TurboWeather

TurboWeather uses Browser APIs to geolocate the user.
PenguinMod will ask the user to confirm this action before the extension attempts to do this.

PenguinMod will not ask the user to confirm this action if the project is compiled using the PenguinMod packager.
In this case it is up to the user's browser to prompt the user if they would like to allow the website to access their location.

The Ruby Developer team promises that they do not store or keep your location data in any way when using the extension.
TurboWeather does however connect to third-party services to get user information that may store your info:

When using the extension, third-party services may be able to access:

  • your IP address
  • your general location
  • info about your location (weather, temperature)

TurboWeather does make efforts to avoid returning private info, such as:

  • latitude and longitude
  • specifically chosen or user coordinates (provided for geolocation)
  • any other info returned by the third-party services that may be used to find the user in real life

Contact

Email us at penguinmodhelp@gmail.com

Join our Discord Server