Privacy Statement

Dear Surfer,
this Privacy Policy serves the purpose of making it clear what and how information is gathered and handled while navigating this website (from now on Website), using the ALive API (from now on API) or any other computer software (from now on Applications) created by me, Mordas, the owner of this website.

Please, be aware that I am a simple guy who decided to fuel his passion by creating the Website, the API and the Applications. I'm not a Company, nor do I represent one when using the arduinilive.com name.

While navigating the Website, and all of its sub-domains, please be aware that no personal information is gathered. I do not make use of any Cookies other than those technical ones required to properly run the application.

Should you desire to check what Cookies are used by the Website, please use one of the many tools available on the Internet. You will probably detect some Cookies on one of the sub-domains I have, like roleplaying.arduinilive.com, but, as I mentioned, these are technical cookies only and, besides, that specific sub-domain has a private access that I use with some friends to share our Role Playing D&D sessions over time (feel free to visit, if you can read the Italian language).

If you wish to know more about Cookies, please refer to the Wikipedia page.

I always try to keep the content of my website as clean as possible in terms of what it's published. I write the text you find among these pages myself and when I use offsite content I usually try to quote the source, whenever possible, and always with respect of its license usage.

There are a few images that I have either created myself or that have been created by the AI, mainly Copilot free (like Fantasy images and stuff like that). I'm telling you this because I tend not to publish content of anyone else without having asked for permission first.

My API is provided AS-IS, with no warranty on its uptime, security or anything else. I have in place a Let's Encrypt certificate to secuire a basic HTTPS communication and I have decided not to ask for password or anything that could potentially identify a user, with the following exceptions:

• Each time a call is made to any of the exposed endpoint, the IP address is stored inside a table with the only purpose of serving as a log statement and a way to prevent (in a very base manner) that too many requests are raised from the same IP in a very short time (It's my rudimentary way of attempting to avoid a bombarment on my endpoints by the same caller)
• The e-mail is requested to the caller during the registration process, in order to generate an Access Token and send it back for usage; the e-mail address will only be used in two occasions: during the registration process and during the confirmation one

I'm the only one with access to the DB with the exception of anyone who works at the hosting company, ServerPlan, for the purpose of maintaining my Shared Hosting Space (yes, you read it right, it's a shared hosting, so my instance of the database is hosted with many others I don't know about). I would suggest to check my provider's privacy policy to find out how they handle customer's information or whatever.

Let's start by stating that no Internet communication can be considered 100% secure, be aware that the Website, API and Applications are home-made by me during my sparetime, as a passion I have for programming in general. When possibile, I decided to adopt an HTTPS protocol by having it certified by a Let's Encrypt free certificate, giving a minimal level of security. The API uses the same mechanism from the same provider and I have decided not to ask for password or store any sensitive information.

Registration for obtaining a Token from the ALive API is managed by creating a request via a POST call to the registration endpoint, at which point a record is created on the database and its related ID is transmitted as a part of the sync response from the POST call. In parallel, an e-mail, with the clear token, is sent to the one specified during the POST call. At this point, the user call the same endpoint as before but this time they will pass the Token ID via the request URI and the clear Token in the Authorization header. If the values match, the Token is activated and that's it. Please, be aware that the Token is saved as a crypted string in the database so it's not possible for whoever access the database to actually obtain the clear token, which is transmitted only during the registration process and each time an authenticated request is made.

As stated many times on this page and in other areas of the Website, I'm a guy with a passion for developing software so I decided to create this purly personal Website, along other API and Applications, with the sole purpose of entertaining myself in my spare time. I do not gather information about people surfing my website and I would not certanly sell those information even if they were gathered, I do not send SPAM or anything like that. It is possible that the hosting could be hacked or that my own software could be hacked, in which I will probably can do nothing to prevent the stealing of the only information I have: e-mails and IPs from which the calls where made. So the point is, do not register to my API, or any other service for what it matters, if you feel not confortable using it or if you do, be aware that I cannot guarantee the uptime, security or anything else at all.

I'm sure it won't be necessary, but if you feel in the need of contacting me, you may do so by using my info@arduinilive.com; if your message is genuine, not a spam and possibly related to this privacy statement, be sure that I will take it into consideration, even if I'm probably not going to answer.

Always Yours,
Mordas.