Modtale is operated by Modtale LLC, a North Carolina, US company.
We do not sell your personal information or use third-party advertising cookies.
We collect the information needed to run accounts, profiles, organizations, uploads, downloads, security scanning, moderation, analytics, notifications, and the API.
Some things are public by design, including public profiles, project pages, comments, licenses, visible connected accounts, download counts, and project metadata.
You can update your profile, unlink connections, revoke API keys, change notification settings, and delete your account from the product where those features are available.
1. Who We Are
This Privacy Policy explains how Modtale LLC collects, uses, discloses, stores, and protects information when you use Modtale. Modtale is a US-based community platform for Hytale-related mods, plugins, modpacks, project pages, creator profiles, organizations, comments, downloads, analytics, and API tooling.
This policy is meant to be readable. It is also meant to be accurate to how the platform works today.
2. Information We Collect
We try to collect only what we need to provide and protect Modtale. The categories below describe the information we may collect.
Account and Security Data
This includes usernames, email addresses, email verification status, password hashes, MFA status and secrets, verification and reset tokens, sessions, API key names, API key prefixes and hashes, API permissions, and API key last-used timestamps.
We do not store your raw password. We hash passwords and API keys so we can verify them without keeping the original secret.
Usage and Diagnostics
This includes IP addresses, request details, user agents, rate-limit data, Origin and Referer headers, approximate timing, view and download events, server logs, browser error reports, and diagnostic telemetry.
We use this data for security, abuse prevention, debugging, rate limiting, aggregated analytics, and reliability.
Profile and organization data: avatar, banner, bio, account type, badges, follows, followers, organization roles, organization members, pending invites, and public connected-account visibility.
OAuth and repository data: provider name, provider ID, provider username, profile URL, avatar URL, email when provided, and GitHub/GitLab access tokens when needed to list or connect repositories. We do not receive your password from OAuth providers.
Project and upload data: project titles, descriptions, about pages, categories, tags, classifications, licenses, repository links, gallery items, YouTube links, version numbers, game versions, changelogs, dependency data, uploaded files, original filenames, file hashes, download URLs, scan results, review status, and rejection reasons.
Community and moderation data: comments, comment votes, reports, report reasons and descriptions, admin decisions, audit logs, banned email records, notifications, transfer requests, contributor invites, and organization invites.
Local browser data: theme preference, external-link warning preference, install-instruction preference, last browse URL, session cookies, and CSRF security cookies.
3. How We Use Information
We use information to operate Modtale and keep it safe. That includes:
creating accounts, signing users in, verifying email addresses, supporting MFA, and resetting passwords;
supporting GitHub and GitLab repository workflows when you connect those accounts;
protecting Modtale from malware, spam, scraping, credential abuse, fake statistics, harmful automation, and other misuse;
responding to reports, rights complaints, support requests, security incidents, legal requests, and policy enforcement needs; and
debugging errors, measuring performance, keeping the service available, and improving the product.
4. What Is Public
Modtale is built around public project sharing. Public profiles, usernames, avatars, bios, badges, visible connected accounts, organization memberships, project metadata, project licenses, images, videos, comments, download counts, favorite counts, version details, dependencies, and published files may be visible to other users, search engines, API users, and third-party services.
Do not put secrets, private keys, passwords, unreleased files, personal information, or anything confidential into public project fields, comments, filenames, changelogs, repository links, or uploaded files.
5. Cookies and Local Storage
We use session cookies such as SESSION or JSESSIONID to keep you signed in. We use XSRF-TOKEN to help protect against cross-site request forgery. These cookies are for authentication and security, not advertising.
We also use browser storage for product preferences such as dark mode, external-link warning preferences, install-instruction preferences, and your last browse location. We do not use third-party advertising cookies or tracking pixels.
6. Third Parties and Service Providers
We share information with service providers only as needed to run, secure, debug, and improve Modtale, or when you choose to use an integration.
Storage, CDN, and database infrastructure: We use MongoDB-compatible database infrastructure and Cloudflare R2/S3-compatible object storage for account data, project records, files, images, and related service data.
Authentication providers: GitHub, GitLab, Discord, Google, Twitter/X, and Bluesky may be used to verify your identity or link accounts when you choose those options.
Repository providers: GitHub and GitLab may receive requests when you connect accounts or ask Modtale to list repositories.
Sentry: We use Sentry for frontend error tracking, performance tracing, and limited session replay so we can diagnose crashes and broken flows. We do not use Sentry for advertising.
Email and webhooks: We use configured email infrastructure to send verification and password-reset messages, and configured webhooks, including Discord/admin webhooks, for operational notifications and moderation workflows.
Security scanning: Uploaded files may be sent to Modtale's Warden scanner so we can assess malware and security risk.
Embeds and external content: YouTube no-cookie embeds, repository links, Discord links, creator websites, and similar third-party links are controlled by their own providers.
HytaleModding wiki integration: If a project uses wiki features, Modtale may request related wiki content from the configured HytaleModding wiki API.
We may also disclose information if we believe it is necessary to comply with law, respond to lawful requests, protect users, enforce our Terms, investigate abuse, protect rights or safety, or complete a merger, acquisition, financing, reorganization, or similar business transaction involving Modtale LLC.
7. We Do Not Sell Personal Information
We do not sell your personal information. We also do not share personal information for cross-context behavioral advertising. Because we do not sell or share personal information for that kind of advertising, there is no advertising sale or share to opt out of on Modtale.
8. Retention and Deletion
We keep information for as long as needed to provide Modtale, protect the service, comply with law, resolve disputes, enforce our Terms, and maintain useful project and dependency records.
Account deletion: When you delete your account, Modtale soft-deletes it first. API keys are deleted, and GitHub/GitLab repository tokens are cleared. After about 30 days, the account record and that account's notifications are scheduled for permanent deletion.
Public content: Account deletion does not automatically delete every project, file, comment, report, audit record, or moderation record connected to the account. Delete projects and other removable content separately before deleting your account if you want those removed too.
Project deletion: Deleted projects may be soft-deleted, permanently deleted, or scrubbed into a minimal dependency-resolution placeholder if removing every trace would break dependency data for other projects or modpacks.
Safety records: We may retain reports, admin logs, scan results, security logs, banned-email records, and preserved evidence for longer when needed for safety, security, legal compliance, or abuse prevention.
Backups and caches: Backups, CDN caches, logs, and generated previews may persist for a limited time after deletion before they expire or are overwritten.
9. Your Choices and Rights
You can make many changes directly in Modtale:
Access and correction: View your account and profile information, and update profile fields from settings.
Connections: Hide visible connected accounts, unlink providers when at least one sign-in method remains, and disconnect GitHub/GitLab repository access.
API keys: Create, review, and revoke API keys from developer settings.
Notifications: Change notification preferences and delete notifications.
Deletion: Delete your account from the Danger Zone in settings, and delete projects separately where project controls allow it.
You may also contact us to request access, correction, deletion, or a copy of information associated with your account. We may need to verify your identity before acting on a request. If privacy laws where you live give you additional rights, we will honor those rights to the extent they apply to Modtale LLC.
10. Children
Modtale is a general-audience service and is not intended for children under 13. If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take appropriate steps to delete or disable the account and remove personal information as required by law.
11. Security
We use reasonable technical and organizational measures to protect Modtale, including password hashing, API key hashing, session security, CSRF protection, rate limiting, access controls, upload limits, security scanning, audit logs, and transport security where available. No online service can be perfectly secure, so please use strong passwords, protect your OAuth accounts, keep API keys secret, and report suspected security issues promptly.
12. International Processing
Modtale LLC is based in North Carolina, United States. Your information may be processed in the United States and in other locations where our service providers operate. By using Modtale, you understand that your information may be transferred to and processed in those locations.
13. Changes to This Policy
We may update this Privacy Policy as Modtale changes. We will update the "Last updated" date and try to give reasonable notice for material changes. Your continued use of Modtale after an update means the updated policy applies going forward.