Skip to main content

Privacy Policy

How The QF Project handles your data and respects your privacy.

Information We Collect

When you create an account, we collect your email address, username, and display name. We store your password as a secure hash — we never store or have access to your plain-text password. If you sign in via Discord or Google OAuth, we receive your email and profile name from those services. Usage data such as page views may be collected through analytics services when you consent to cookies.

Data Encryption & Security

We take your security seriously. All sensitive data including IP addresses and device information stored in our security logs are encrypted at rest using AES-256-GCM encryption. Your passwords are hashed using bcrypt. All connections to our site use HTTPS with HSTS enforcement. CSRF protection is applied to all API mutations. Rate limiting protects against brute force attacks and abuse.

Two-Factor Authentication (MFA)

We offer optional two-factor authentication using TOTP (Time-based One-Time Passwords) compatible with apps like Google Authenticator and Authy. When you enable MFA, we store an encrypted secret key and encrypted backup codes on your account. MFA adds an extra layer of protection — even if your password is compromised, your account remains secure. You can enable or disable MFA at any time from your dashboard.

Cookies & Tracking

We use a single first-party cookie to remember your cookie consent preference and session cookies for authentication (managed by NextAuth). When you accept cookies, we may load third-party analytics scripts (Google Analytics, Umami) to understand how the site is used. These services may set their own cookies. No tracking scripts are loaded unless you explicitly accept cookies.

CAPTCHA & Bot Protection

We use Cloudflare Turnstile on our login and registration pages to prevent automated attacks. Turnstile is a privacy-friendly CAPTCHA alternative that does not track users across sites. It analyzes browser signals to determine if you are human without displaying visual puzzles in most cases. No personal data is shared with Cloudflare beyond what is necessary for the challenge.

Account Lockout & IP Monitoring

To protect accounts from brute force attacks, we temporarily lock accounts after multiple failed login attempts (5 attempts = 15 minute lock, 10 = 1 hour, 20 = requires admin unlock). IP addresses that exhibit suspicious activity (excessive rate limit violations, mass failed logins) may be automatically or manually blocked. We do not share IP data with third parties.

Advertising

We use Google AdSense to serve advertisements on this site. AdSense may use cookies and similar technologies to display relevant ads. Ad scripts are only loaded when you accept cookies. You can decline cookies at any time to opt out of personalized advertising.

Third-Party Links

This site contains links to external services including Steam, PayPal, Discord, and community platforms. We are not responsible for the privacy practices of these external sites. We use UTM parameters on outbound links to measure referral traffic — these do not contain personal information.

Data Retention

Security logs (login events, rate limit events, admin actions) are retained for 90 days and then automatically purged. Account data is retained as long as your account is active. Soft-deleted content (items, comments) may be recovered by administrators within 30 days. You can request full deletion of your account and all associated data by contacting us.

Content Moderation

User-generated content (guides, forum posts, comments, builds) is subject to community guidelines and moderation. Content may be reported by users and reviewed by moderators. Deleted content may be visible to administrators for moderation purposes. We retain deleted content for a limited period to allow recovery from accidental deletions and to investigate reports.

Your Rights

You can manage your cookie preferences at any time using the controls at the bottom of this page. You can request deletion of your account and associated data by contacting us. You can enable or disable two-factor authentication from your dashboard. We do not sell your personal information to third parties.

Contact

If you have questions about this privacy policy or your data, please contact us at support@qfproject.com. You can also reach us through our Community Hub or file a bug report through the in-app bug reporter.

Your Cookie Preferences

Current status:Not set

Last updated: February 2026

Cookie Preferences

We use cookies for analytics and advertising to improve your experience. You can accept or decline non-essential cookies. Read our Privacy Policy for more details.