Privacy Policy

Last updated: September 7, 2025

Service: Club Penguin Atake

Document location:

Check archival versions: https://policies.onelive.me/legal/past

Thank you for using Club Penguin Atake.

Referred to in this document as 'We', the 'Site', 'Us'.

Introduction to the Privacy Policy

Our Privacy Policy covers the various data and privacy information included in the website and applications.

This Privacy Policy outlines how to remove, manage, and export your data from Club Penguin Atake, as well as the types of data we collect. We realise the huge responsibility that comes with getting sensitive information and are dedicated to keeping it secure.

Before using any Club Penguin Atake websites or applications, please read the policies in this document.

We've provided explanations and examples to make things as clear as possible. If you have any queries concerning this Privacy Statement, please send us an email at privacy@fullmoon.dev.

If you do not agree to our policies (“Terms of Service”, “Privacy Policy“, “Community Guidelines“, "Third Party Guidelines"), please stop using our services immediately.

Intellectual Property and Disclaimer of Affiliation (Ownership Statement)

"Club Penguin Atake" is an independent, fan-operated online game and is not affiliated with, endorsed by, or sponsored by The Walt Disney Company or any of its subsidiaries or affiliates.

The "Club Penguin" name, characters, artwork, and other related intellectual property are the sole and exclusive property of The Walt Disney Company. We do not claim any ownership of this intellectual property. We are using this intellectual property for non- commercial, recreational purposes only.

By using our services, you acknowledge and agree that you are participating in an unofficial, fan-made project. You agree not to hold "Club Penguin Atake" or its staff liable for any issues that may arise from your use of this service, including any claims related to intellectual property infringement. You also agree to not hold The Walt Disney Company or its staff liable for any issues that may arise from your use of this service.

Information you provide us

Club Penguin Atake collects information about you primarily from the data you provide to our services.

Information about you:
By using Club Penguin Atake's services, you provide information to create an account. You can find out more about the procedure here. The data provided by you is your email, Club Penguin Atake username and password. Your password is securely encrypted and is not accessible to anybody, including our staff members. Club Penguin Atake only uses this data for account maintenance and will not share it with anybody else without prior notification.
Advertised, Partnered & External services:
Please visit the Third-Party Guidelines, always available at https://www.cpatake.boo/policies/third-party.
Digitally transmitted requests or inquiries sent to us via forms on our website, including the sign in and registration areas located on our applications:
We save correspondence data to better serve you. We make every effort to anonymize the data we collect from you when you use the Website's forms. Anti-spam measures, particularly on third-party forms or services, may collect your IP address.
When you use the services on our sign in and registration pages, we actively collect the information required from you, which includes a valid email address, penguin username, and password. Your password is securely encrypted and is not accessible to anybody, including our staff members. Both of the functions provided by these services are used to keep the user account active.

Where we process your data (Cross-Border Data Transfers)

Your personal information may be transferred to and processed in multiple jurisdictions:

Primary Data Storage

Germany, European Union: user account data (including username, display name, encrypted password, email, profile information), reports, appeals and chat logs

Legal Basis for Transfers

EU Processing: We rely on our legitimate interests in providing our gaming service, implementing appropriate technical and organizational safety measures to protect your data. Data processed within Germany benefits from GDPR protections and is subject to EU data protection standards

Your Rights Regarding International Transfers

You have the right to:

Object to transfers in certain circumstances

To exercise these rights, contact us at privacy@fullmoon.dev.

Data obtained from third parties

Club Penguin Atake collects first- and third-party data through our website and game analytics, specifically using Google Analytics and Microsoft Clarity. We utilize these tools to track user activities on our website, including behavioral data, heatmaps, and session replays. This data enables us to enhance and offer our products and services.

We gather information on how you use and interact with our website. This includes data collected by first- and third-party cookies, as well as other tracking technologies. The goal of collecting this information is to determine the popularity of our products and services, optimize our website, improve security, and support our advertising activities (if those are currently running).

Google Analytics (also called GA4):

Data Collection: Google Analytics collects first-party cookies, device/browser data, and on-site/app activities to measure and report user interactions on GA4-enabled websites and apps.
IP Address Handling: GA4 does not log or keep IP addresses while collecting data. Instead, it uses IP addresses for geolocation during data collection and then discards them. Google anonymizes IP addresses by default, meaning the whole IP address is not saved or displayed in the reporting interface.
Privacy Information: For more details on how Google collects and uses your data, visit the Google Privacy Statement: how Google uses data from sites and apps that use Google's services. For information on how Google protects your data, visit this website: support.google.com/analytics/answer/6004245.

Microsoft Clarity:

Data Collection: Microsoft Clarity collects user interaction data, such as mouse movements, clicks, and scrolls, to create heatmaps and session replays, helping us understand user behavior and improve user experience.
IP Address Handling: Clarity anonymizes IP addresses before storing data, ensuring that IP addresses are not saved or displayed in the reporting interface.
Privacy Information: For more details on how Microsoft collects and uses your data, visit the Microsoft Privacy Statement: how Microsoft uses data from sites and apps that use Microsoft's services.

Per your request, we will tell you via email: privacy@fullmoon.dev of the source and type of information we have obtained about you within a reasonable time after receiving the personal data, but no later than one month.

Children's Online Privacy

Club Penguin Atake is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under the age of 13, you are not permitted to create an account or use our services.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at privacy@fullmoon.dev.

For users in the European Union, we do not knowingly collect personal information from children under the age of 16 without verifiable parental consent. If we learn that we have collected personal information from a child under 16 without verifiable parental consent, we will take steps to delete that information as quickly as possible.

We only collect and process your personal data when we have a legal basis to do so. The lawful bases we rely on include:

Performance of Service: We process personal data necessary to provide the Club Penguin Atake service you're accessing. This includes creating and maintaining your account, playing the game, watching multimedia material on Club Penguin Atake TV or other Club Penguin Atake-provided services or applications. This includes processing your email, nickname, penguin data (account data), username, birthdate (if passed age gate) and encrypted password.
Legitimate Interests: We process data for our legitimate interests, such as improving our services, ensuring security, preventing fraud, and analysing website usage via tools like Google Analytics and Microsoft Clarity. However, we ensure that these interests are not overridden by your rights and interests. We also take steps to anonymise or pseudonymise data processed under legitimate interests, such as analytics data, where possible.
Service Moderation and Safety: We use automated systems that process your messages to filter out bad actors.
Consent: For certain activities, such as the use of specific types of cookies or sending direct marketing communications (if applicable), we may rely on your explicit consent.
Legal Obligation: We may process your data if necessary to comply with a legal obligation, such as responding to lawful requests from authorities.

Data Protection Officer

You can contact our DPO (“Data Protection Officer”) via email at dpo@fullmoon.dev.

Data Retention Schedule

Account information: Retained while account is active, deleted immediately when requested
Chat logs: Deleted after 90 days
Support correspondence: Retained for 2 years after case closure

Retention of your data

We only retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy. This includes providing our services, resolving disputes, enforcing our agreements, and complying with our legal obligations. For instance, account information is retained while your account is active. Data collected for analytics is typically anonymised or aggregated and may be kept for longer periods for statistical analysis. Once we no longer need your personal information for these purposes, we will securely delete or anonymise it.

Security of your data

We implement security measures to protect the security of any personal information we process. These measures include data encryption, access controls, secure server environments, and regular security assessments. However, please remember that no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. While we strive to use acceptable means to protect your personal information, we cannot guarantee its absolute security.

Cookies

We utilise first and third party cookies to collect behavioural metrics, heatmaps, and session replay data. Below is a table of key cookies used by Club Penguin Atake. Please note that GA4 stands for Google Analytics 4, MSC stands for Microsoft Clarity and CF stands for Cloudflare.

Cookie	Purpose	Expiration
_ga	GA4: Distinguishes unique users.	2 years
_ga_<container-id>	GA4: Persists session state.	2 years
CLID	MSC: Identifies the first-time Clarity saw this user on any site using Clarity.	1 year
MUID	MSC: Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising**, site analytics, and other operational purposes.	2 years
_clck	MSC: Persists the Clarity User ID and preferences, unique to that site is attributed to the same user ID.	1 year
_clsk	MSC: Connects multiple page views by a user into a single Clarity session recording.	Session*
ANONCHK	MSC: Indicates whether MUID is transferred to ANID, a cookie used for advertising**. Clarity doesn't use ANID and so this is always set to 0.	1 year
MR	MSC: Indicates whether to refresh MUID.	N/A (managed by Clarity's internal logic)
SM	MSC: Used in synchronizing the MUID across Microsoft domains.	N/A (managed dynamically)
zaraz-consent	CF: Stores your consent to Google Analytics and Microsoft Clarity.	1 year

*expires when browser is closed
**Club Penguin Atake does not have Microsoft/Bing Ads, those cookies are not applicable.

Your Security Rights

Under these guidelines, Club Penguin Atake gives members the ability to change their account information or end their relationship with the website. Furthermore, under applicable data privacy regulations, you have specific rights in certain regions (such as the European Economic Area).
This could include the right to

request access to and a copy of your personal information,
request modification or erasure,
limit the processing of your personal information,
data portability, where applicable.

In some cases, you may also be able to object to the processing of your personal information. Please send a written notice to privacy@fullmoon.dev to make such a request. Any request will be reviewed and processed in accordance with the applicable data protection legislation.

If we are processing your personal information with your consent, you have the right to withdraw it at any time. Please keep in mind that this has no influence on the legality of the processing before it is withdrawn.

Data Breach Notification Procedures

We take data security seriously and have implemented technical and organizational measures to protect your personal information. However, no system is completely secure.

Club Penguin Atake Data Breach Protocol Information

Internal Stage
1. We will assess the breach within 24 hours of discovery
2. Immediate steps will be taken to contain and remediate the breach
3. We will document the breach details, affected users, and response actions
Regulatory Notification Steps
1. For breaches affecting EU users: We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33
User Notification
1. We will notify affected users directly if a breach:
  1. Is likely to result in high risk to your rights and freedoms
  2. Involves sensitive personal information
  3. Could lead to identity theft, fraud, or other harm
Notification Timeline
1. High-risk breaches: Users notified within 72 hours of discovery
2. Lower-risk breaches: Users notified within 7 days of discovery
Public notification
1. Posted on our website, in-game announcements, app notifications and social media channels if the breach affects a significant number of users
Information Included in User Notifications
1. Nature of the data breach and types of data affected
2. Likely consequences of the breach
3. Measures we have taken or will take to address the breach
4. Recommendations for steps you can take to protect yourself
5. Contact information for further questions

Next Steps for You

If you receive a data breach notification from us:

Follow any specific recommendations we provide
Change your passwords on all accounts you have reused the password for Club Penguin Atake on or used a similar one if account security may have been compromised
Monitor your accounts for unusual activity
Contact us at security@fullmoon.dev if you have concerns or questions

Prevention Measures

We maintain data security through:

Regular security audits and assessments
Encryption of date
Access controls
Monitoring systems to detect potential security incidents

Contact for Security Concerns or Vulnerabilities

If you discover or suspect a security vulnerability in our systems, please report it immediately to admin@fullmoon.dev. For more contacts, please check the security.txt file available at https://cpatake.boo/.well-known/security.txt or https://dink.cf/.well-known/security.txt.
We appreciate responsible disclosure and will work with you to address any legitimate security concerns.

Your California Privacy Rights

This Club Penguin Atake Privacy Policy conditional section is only applicable to California residents.

California Civil Code Section 1798.83, also known as the "Shine The Light" law, allows our California users to request and obtain information about the categories of personal information (if any) that we disclosed to third parties for direct marketing purposes, as well as the names and addresses of all third parties with whom we shared personal information in the previous calendar year, once a year and free of charge.

If you are a California resident and want to make such a request, please send us an email at privacy@fullmoon.dev with the subject line "My California Privacy Rights".

If you are under the age of 18, live in California, and have a registered account with Club Penguin Atake, you have the right to have any incorrect information publicly posted on the Application or Website erased. To seek the removal of such data, please write an email to privacy@fullmoon.dev with the subject "My California Privacy Rights" and include the email address associated with your account, as well as a statement that you reside in California. We will ensure that the data is not publicly shown on our website/app, but please be aware that it may not be completely removed from our systems.

Revisions

Club Penguin Atake keeps the right to update this privacy policy at any moment. These conditional policies may be modified in response to abuse or security concerns, regulatory or legal obligations, or changes to our policies.

Club Penguin Atake is created by Fullmoon in partnership with Sunrise Games. We are not related to Disney Interactive/The Walt Disney Company in anyway. We don't hold copyright for any Club Penguin™ and/or Club Penguin Island™ files on our website. This project is for educational and archival reasons. More information in the Ownership and Copyright Statement available at https://www.cpatake.boo/policies/terms#ownershipstatement.

Service home: https://www.cpatake.boo/