Privacy Policy
Home About Guides How to Play Maps FAQ Patch Notes Rules Privacy Terms Contact

Effective May 19, 2026

Privacy Policy

What data we collect, why it exists, who sees it, and what you can do about it. Plain language where possible, with the details that matter.

Fister gameplay banner

Quick reference

1. Data we collect

Only what's needed to run the game, keep accounts working, and stop abuse.

Category Source Purpose
Discord username, user ID, avatar Discord OAuth (only when you sign in) Authentication, display name, profile
Email address (optional, for email login) You, when you create or recover an account Account recovery, transactional notifications
Session cookie, identity token Your browser, after sign-in Keeping you logged in across requests
Gameplay stats (kills, deaths, rounds, damage, wins) Official game servers Leaderboards, match analytics, balance work
Cosmetic inventory and loadout Your saved selections Rendering your chosen appearance in-game
IP address, user-agent string Server and CDN logs Security, rate limiting, anti-cheat, regional routing
Bug reports, clips, chat messages You, when you submit them Support, moderation, incident review

2. How we use your data

  • Authentication: Discord or email login is how we know who you are and how the game shows your name to other players.
  • Account and cosmetics: Your inventory, equipped loadout, and saved name follow you between sessions and devices when you are signed in.
  • Leaderboards and stats: Aggregated and per-player gameplay numbers feed public ranking pages and in-game profiles.
  • Anti-cheat and moderation: Gameplay events, connection information, and reports are reviewed when a player is suspected of cheating, exploit abuse, or breaking community rules.
  • Support: Bug reports and clips help us reproduce issues and fix them.
  • Service quality: Aggregated, non-identifying analytics help us tune performance, balance, and infrastructure.

3. Where data is stored

Account, cosmetic, and stat data is stored in a managed PostgreSQL database hosted on Vultr (US East). Asset uploads (custom banners, custom patch images) are stored in Cloudflare R2 object storage. Static site assets are served by Cloudflare Pages. Live game servers in the US, EU, and Asia regions process gameplay in memory and do not persist match data locally beyond the current session.

Sessions expire after 30 days of inactivity. Identity tokens stored in your browser are also rotated and revocable.

4. Third parties

Fister runs on a small stack of services. Here is who may process which information.

Service Role Data shared
Discord OAuth provider, community chat Authentication tokens, profile fields you have agreed to share
Cloudflare (Pages, DNS, CDN, Tunnel, R2) Hosting, asset delivery, edge caching IP address, request metadata, asset upload contents
Vultr Game server and database hosting Gameplay events, account data, IP address during sessions

We do not sell your personal data to data brokers or any third party.

5. Cookies and similar technologies

Fister uses a small number of cookies and similar storage mechanisms:

  • Session cookie: Keeps you signed in after a Discord or email login. Required for account features. Domain scoped to .fister.fun.
  • Identity token (localStorage): Allows cross-origin authentication between fister.fun and game servers. Cleared when you log out or clear browser storage.
  • Preference storage: Local-only settings such as graphics quality, sensitivity, and last-used name.

You can clear cookies and site data at any time using your browser settings. Doing so will sign you out and reset local preferences.

6. Data retention

  • Account data (profile, cosmetics, loadout): kept until you request deletion.
  • Gameplay stats: retained in aggregate for leaderboards and balance. Per-match raw event data is not stored long-term.
  • Sessions and identity tokens: expire after 30 days of inactivity or when you log out.
  • Server logs: rotated on a short schedule and deleted automatically.
  • Reports and moderation records: kept for as long as needed to enforce community rules and investigate repeat issues.

7. Children’s privacy

Fister is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has used Fister and provided personal data, contact us via the support channels listed on the contact page so we can remove the account and associated information.

8. Your rights

Depending on where you live, you may have the right to:

  • Request a copy of the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Lodge a complaint with your local data protection authority.

To make a request, contact us via the official Fister Discord server or the methods listed on the contact page. We may ask for information to verify your identity before acting on a request.

9. Security

All site and game traffic uses HTTPS. Database access is restricted operationally. Auth tokens are signed with Ed25519 keys and rotated. No service is perfectly secure, so guard the Discord or email login tied to your Fister profile.

10. Changes to this policy

We may update this Privacy Policy as the game and the services it depends on evolve. Material changes will be reflected on this page along with a new effective date. Continued use of Fister after a change is posted means you accept the updated policy.

11. Contact

For privacy-related questions, data export requests, or deletion requests, reach us through the Fister Discord server. The contact page also lists in-game bug reporting and community channels.

About Guides How to Play Maps FAQ Patch Notes Rules Privacy Terms Contact