Privacy and Security Policies

Privacy and Security Policies

Privacy Policy

Marvelous Mania is a closed platform that only shows information you authorize us to show, is shown. Authorization is done through the purchase and configuration of tokens.  If you do not want your information shared, do not buy tokens, set up stores or item information.  We do not share any other information to 3rd parties.

We take extra-ordinary care to protect your data, in transit, using SSL, mult-factor authentication, internal firewalls, and data backups.

Security via Second Life

Security of your data is managed through your Second Life User ID and Password.  We do not attempt to keep or determine your password.  However, it is best to be diligent and managing your security through Second Life, for example, changing your password every six to eight weeks.

It is impossible to gain access to your data that you have stored on our platform.  Data is automatically purged when 14 days after an events ends.  You can "unlist" you items from our HUD and have them deleted when the event ends.  For events that do not expire, you can request that your data be purged from our platform.

Internet Security Strategy

We use 256-bit SSL certificates on our all 5 websites used in our platform.  Furthermore, all communication is handled through secured channels between servers to/from Second Life.  All of our API calls use an addition 230-bit cycling api key, so that random attacks are thwarted.  Furthermore, we send authorization codes from Second Life to our API through our SSL to verify calls.  Even if a third party were to deduce our calling API and all communication keys, they would also have to defeat Second Life's IP address tables and other calling mechanisms for our API to recognize them.

Database Security Strategy

Our web application, API and databases are only accessible from our cloud service provider from an authorized IP address.  So even if somebody got our administration applications, database, user name and password, they could not access the data from their IP. Furthermore, we use two factor authentication on our cloud administrator account, so even if somebody else learned of our admin account they would need our authentication hardware too to gain access.

Distribution Security Strategy

Each morning at 12:00am (SLT), we deploy a copy of the active events onto 2 secondary websites so that we can manage our data I/O costs.