Who is responsible
Forgemage.net is a fan project run by its maintainer, who acts as the data controller: the person who decides what is collected and why. For anything related to your data, reach out through the GitHub page linked in the footer.
What we collect
Your account: your email address, your display name, your password (stored hashed, unreadable to us), your profile photo, and your Discord identifier and avatar if you sign in with Discord.
What you publish: your player or smithmagus profile, your portfolio images, your maging requests, your reviews, and your messages with their attachments.
Your activity: profile and request views, search appearances and statistics, response times, and your online presence. This is what powers the stats pages and the search rankings.
Your sign-in history: IP address, device and approximate location of recent sign-ins, visible to you in your security settings.
What we use it for
To run the service: your profiles and requests exist to be found, your messages to be delivered, your reviews to inform others. This is the contract between us.
To keep accounts safe: the sign-in history exists so that you (and we) can spot an intrusion.
To email you when the service needs it: confirming your address, resetting your password, review invitations and reminders, referral invitations. There is no newsletter and no marketing email.
What we never do
We do not sell your data. We do not show ads. We run no analytics or tracking scripts. We do not profile you beyond the statistics the site itself displays. If this ever changed, this page would change first, and loudly.
Who can see what
Public, by design: smithmagus profiles, portfolios, reviews, and maging requests. That is the marketplace working.
Private: your messages are visible only to the people in the conversation. Moderators may read a conversation when one of its participants reports it.
Your email address, sign-in history and settings are visible to you alone, and technically to the maintainer who operates the database.
Third parties
Discord — only if you choose to sign in with it. Discord tells us your identifier, username and avatar; we never see your Discord password.
Google Fonts — the site's fonts load from Google's servers, so your browser sends them your IP address when a page loads.
dofusdu.de — the request wizard fetches Dofus item data from this community API, directly from your browser.
An email delivery provider carries the transactional emails described above.
That is the whole list. Real-time features (messages, online status) run on our own infrastructure.
How long we keep it
Profile and request views are deleted after one month. Account data lives as long as your account does.
When you delete your account, it is anonymized: email, password, photo and Discord identifiers are erased, your display name becomes [deleted], and your portfolio images are removed. Messages and reviews remain, detached from your identity, because other users' conversations and reputations depend on them.
Your rights
European data protection law (GDPR) gives you the right to access, correct, delete and receive your data, and to object to some uses of it. Most of it you can do yourself from your account settings; for the rest, contact us through the GitHub page linked in the footer.
If you believe we mishandle your data, you can complain to the CNIL, the French data protection authority.
Security
Passwords are stored hashed, the site runs over HTTPS everywhere, and your recent sign-ins are listed in your security settings so anything unusual has nowhere to hide. No system is unbreakable; if a breach ever affects your data, we will tell you.
Changes to this policy
When this policy changes in a way that matters, we announce it on the site before it takes effect. The date at the top always tells you which version you are reading.