Quick Summary (Plain Language)
This is a friendly summary to help you understand the Privacy Policy. The full policy below controls if anything here is unclear or incomplete.
- The public site is mostly a static CDN page plus browser-local TypeScript and WASM.
- Guest progress, preferences, saved programs, and BBS disk files stay in your browser unless you use optional cloud features.
- Cloud features only: accounts, OAuth, cloud sync, realtime services, and server-side storage apply only when those features are enabled and you choose to use them.
- Production telemetry is limited to typed launch, dial/connect, WASM timing, and closed-class failure metadata. It is not used for marketing.
- You can opt out of browser telemetry for a visit by adding
?notelemetry=1to the URL. - We do not sell your data or send marketing emails.
0. What This Deployment Does
emulator.ca is designed to work as a static, browser-local retro computing site. On a normal visit, the terminal, modem simulation, games, interpreters, manuals, phonebook, and most "backend" services run in your browser from static files. These experiences do not require a live application server.
Some source code exists for optional account, cloud sync, admin, telemetry, and realtime features. Those features apply only when they are enabled on the deployed site and when you choose to use them. Sections marked Cloud features only do not describe the default anonymous static experience.
1. Introduction
This Privacy Policy explains how emulator.ca ("we", "our", or "the Service") collects, uses, and protects your personal information. We are committed to protecting your privacy and handling your data with transparency.
emulator.ca is operated from Canada. For the default static experience, most data remains on your device. If optional cloud features are enabled and you use them, cloud data is handled under applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta's Personal Information Protection Act (PIPA).
2. Information We Collect
2.1 Information You Provide
Cloud features only: if account or cloud features are enabled and you choose to create an account, you may provide:
- Handle (Username) - Your chosen display name
- Password - Securely hashed; we never store plain-text passwords
- Email Address - Only collected if needed for authentication or support
- User-Generated Content - Programs, messages, or files you choose to sync or publish
2.2 Information Collected Automatically
When you use the default browser-local site, your browser and the static host necessarily exchange standard web request data such as IP address, user agent, URL, and timing information. In production, the telemetry SDK may send system-level diagnostics so we can tell whether the site loads, dials, connects, and recovers from failures.
- Static hosting logs - IP address, user agent, requested URL, and standard CDN/security logs
- System telemetry - WASM load timing, public dialled service id, dial outcome (success, busy, no carrier, spawn failure, or aborted), runtime class, connection type, connection duration, and time from dial to first prompt
- Browser-local session data - A random browser UUID, guest handle/session state, onboarding flag, preferences, achievements, and local statistics
We do not intentionally collect terminal input, prompts, program source, message text, file contents, filenames, full URLs, passwords, cookies, JWTs, account identifiers, or private storage keys through telemetry. Automatic browser telemetry that can include resource URLs or free-form JavaScript error messages is disabled in the frontend SDK.
To disable browser telemetry for the app page, open emulator.ca with ?notelemetry=1 (for example, https://emulator.ca/?notelemetry=1). The SDK also honours browser Do Not Track and Global Privacy Control signals where available.
2.3 Third-Party OAuth Information
Cloud features only: if OAuth sign-in is enabled and you use it, we receive:
- Your unique identifier from that provider
- Your display name or username (depending on provider)
- Your email address (if provided by the OAuth service)
We do not receive your password from OAuth providers.
3. Local Storage (Browser Data)
We use your browser's localStorage to store information locally on your device. This data never leaves your browser unless you choose to use a feature that explicitly syncs or transmits it.
| Storage Key | Purpose | Data Stored |
|---|---|---|
| emulator:session | User session | Handle, account type, achievements, unlockables, equipped items, statistics |
| emulator:first-visit-seen | Onboarding | Boolean flag indicating whether first-visit onboarding has been seen |
| emulator:user-uuid | Browser identification | Random browser UUID used for local guest identity |
| emulator.modemStyle, emulator.crtTheme | User preferences | Modem faceplate and CRT theme choices |
| emulator.audioModem, emulator.modemAudioPlayback, emulator.peripheralAudio | Audio preferences | Boolean flags for modem/peripheral audio modes |
| emulator.volumeDb, emulator.volumeBeforeMute, modemVolume | Volume preferences | Current volume (first-run default is -30 dB), pre-mute volume, and legacy volume migration value |
| emulator.ca/disk/... | Browser-local BBS disks | Saved programs, files, and service data for local backends such as BASIC |
The homepage also uses a short-lived sessionStorage flag, emulator:start-here-click, to preserve one performance mark across the START HERE navigation. It is removed on the next page load. You may clear local data at any time by clearing your browser's storage for emulator.ca. This resets your browser-local guest session.
4. Cloud Storage
Cloud features only: if account/cloud sync features are enabled, and if you create a registered account and use those features:
- Your data is transmitted over encrypted connections (HTTPS/WSS)
- Data may be stored on servers located in Canada
- Files are associated with your user account and namespace
- Content hashes may be used for change detection and deduplication
- Data is isolated per user; you cannot access other users' data
5. Cookies
We do not use browser cookies for tracking. The default browser-local app uses localStorage and sessionStorage. Cloud features only: first-party session or CSRF cookies may be used for account features, and third-party OAuth providers may set their own cookies during authentication.
6. How We Use Your Information
We use the collected information to:
- Provide and maintain the Service
- Save your browser-local progress, achievements, and preferences
- Improve and optimise loading, dialling, and connection reliability
- Respond to support or feedback requests
- Cloud features only: authenticate users and manage accounts
- Cloud features only: enable cloud synchronisation, realtime, or multiplayer features
We do not sell, rent, or share your personal information with third parties for marketing purposes.
We do not send marketing or promotional emails. If we ever introduce optional email updates, we will request express consent and provide an easy unsubscribe option.
7. Data Sharing
We may share your information only in the following circumstances:
- With Your Consent - When you explicitly authorise sharing
- Service Providers - With providers who assist in operating the Service, such as static hosting, telemetry, and optional cloud features
- Legal Requirements - When required by law, court order, or governmental request
- Protection of Rights - To protect our rights, privacy, safety, or property
8. Data Security
We implement appropriate security measures to protect your information:
- Static pages and assets are delivered over HTTPS
- Browser-local data remains under your browser's storage controls
- Cloud features only: passwords are hashed using a secure modern algorithm
- Cloud features only: JWT tokens are signed and expire after a limited time
- Cloud features only: rate limiting and parameterised database queries protect server-backed features
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
9. Data Retention
We retain your information as follows:
- Guest Data - Stored in your browser until you clear it
- Registered Account Data - Cloud features only; retained until you request deletion
- Cloud Storage - Cloud features only; retained until you delete files or request account deletion
- Log Data - Static hosting, telemetry, and optional server logs are retained according to the provider and operational settings used at the time
10. Your Rights
You can clear default browser-local data by clearing site storage for emulator.ca in your browser. Under Canadian privacy law, you may also request access, correction, or deletion of personal information we control.
Cloud features only: account deletion, cloud file deletion, and data export requests apply only to server-backed data that exists outside your browser.
11. Children's Privacy
The Service is not directed at children. If you are under the age of majority in your province or territory, you should use the Service only with the consent of a parent or guardian. We do not knowingly collect personal information from children without appropriate consent. If you believe we have collected information from a child without proper consent, please contact us immediately.
12. Third-Party Services
The Service may integrate with third-party services:
- Static hosting/CDN - To serve pages and assets
- Telemetry collector - For system-level health and performance diagnostics in production
- OAuth Providers - Cloud features only; for optional authentication
- Google Fonts - Some non-terminal pages may request fonts from Google Fonts
Most terminal routes use locally served fonts. Some pages, such as the phonebook, may request fonts from Google Fonts. This may result in Google receiving your IP address and browser information when the font is requested.
13. International Users
The Service is operated from Canada. For the default browser-local experience, most data remains on your device. Static hosting and telemetry providers may process request or diagnostic data in their own regions. Cloud features only: if cloud storage is enabled and used, account data may be transferred to, stored, and processed in Canada.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date and, where appropriate, providing additional notice. Your continued use of the Service after changes constitutes acceptance of the updated policy.
15. Contact Us
For questions about this Privacy Policy or to exercise your privacy rights, please contact Stephen Olesen via slepp.ca or use the feedback page.
If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.