SFS2X Docs / Overview / privacy
» Data collection and privacy
In this document we're going to discuss what data SmartFoxServer 2X collects during its activity, where it is stored and how to delete it, when necessary. We will also briefly discuss a few best practices that will improve the overall security of the collected data.
» Log files
By default SmartFoxServer 2X logs the server activity under the SFS2X/logs/ path. The log files contain data such as the connection and login time of a certain user, disconnection events, info about Rooms being created and destroyed etc.
No sensitive data is ever stored by SFS2X in the log files, however personal data such as the IP address and nickname are collected and stored.
The log files can be removed by deleting all smartfox.log.* files under the SFS2X/logs/
SFS2X Analytics is an add-on for SmartFoxServer 2X that provides in depth statistics about player traffic and server activity. It is included in every release as a trial and it must be activated manually. If you don't activate the log analysis you don't need to worry in terms of privacy or additional data collection.
If you do use Analytics you should know that the tool analyzes the log files, storing and processing the extracted data to a local database. As with the logs, the only personal data collected are the IP address and the nickname.
To delete the local database used by Analytics you can remove all files under SFS2X/data/statsdb/
» License Server
SmartFoxServer 2X can connect to a central License Server to validate commercial licenses. This is not the case when the license is file-based or when using the free Community Edition, available for download on our website.
When running a commercial license SmartFoxServer will communicate through an HTTPS connection with our License Server, hosted on the Google App Engine platform. Besides the IP address of the caller, no other personal or sensitive data is ever transmitted to our License Server.
» Best practices for privacy and security
- Protect communications with TLS: activating the protocol encryption allows to protect all data being transferred over the network, using the same standards used in browsers with HTTPS.
- Encrypt database data: if you have integrated a database in the system, activating the encryption will protect your data, and that of your customers, from attacks aimed at stealing it.
- Storage encryption: this is mostly useful for protecting against physical theft and can add an extra layer of security, especially if you're storing very sensitive data (e.g. credit cards, billing data, bank account numbers etc.)
- Restrict file permissions: make sure that sensitive data is protected by sufficient file system permissions. Developers that have access to the server but don't need to access sensitive data should work with limited permissions.