Introduction
RoadRash.org is a non-commercial, community-operated software preservation archive dedicated to the historical documentation, technical study, and legacy platform emulation research of the Road Rash video game franchise, originally published by Electronic Arts. Our archive spans the complete franchise lifecycle from the 1991 Sega Genesis debut through the 2001 Windows PC re-release and the 2009 Java J2ME mobile distribution — a catalog covering nine distinct platform generations and multiple hardware architectures.
Protecting your privacy is a foundational commitment of this project. This Privacy Policy provides a complete, transparent, and technically precise explanation of every category of data that this website may collect, process, store, or transmit — whether directly through our own infrastructure or indirectly through the third-party technology partners we integrate to sustain this archive’s operation.
This document is written to comply with the General Data Protection Regulation (GDPR, effective May 25, 2018), the California Consumer Privacy Act (CCPA, effective January 1, 2020), and the Children’s Online Privacy Protection Act (COPPA). By accessing, browsing, or using any feature of roadrash.org — including our browser-based WebAssembly research environments — you acknowledge that you have read, understood, and agreed to the data practices described in this policy.
1. Information We Collect
We collect two categories of information: data recorded automatically by our server infrastructure, and data generated locally within your browser by our in-browser WebAssembly research tools.
1.1 Automatically Collected Server-Side Log Data
When you access roadrash.org, our web server automatically records the following standard log file entries for every HTTP/HTTPS request processed:
- IP Address: Your public Internet Protocol address (IPv4 or IPv6), used for geographic analytics, server security monitoring, and automated bot traffic filtering.
- Browser User-Agent String: A technical identifier transmitted by your browser that describes your operating system, browser version, rendering engine, and device type (e.g.,
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36). - Referring URL: The full URL of the web page from which you navigated to our site, if applicable.
- Timestamp: The precise date and time (UTC) of your server request.
- HTTP Status Code: The response code generated by your page request (e.g., 200 OK, 404 Not Found, 301 Redirect).
- Pages Requested: The specific URL paths you navigate to within roadrash.org, such as
/windows-10-11-compatibility-fix/or/genesis-romhacks-nitro-circus-mod/.
This log data is retained for a maximum of 30 calendar days for security auditing and server performance optimization, after which it is automatically purged. It is never sold, shared with third-party marketing vendors, or used for behavioral profiling.
1.2 Browser-Side Local Storage Data (IndexedDB API)
RoadRash.org operates browser-based research tools powered by WebAssembly (WASM) technology — specifically, JS-DOS compiled WebAssembly frames that enable legacy software interaction directly within your browser environment without requiring any file download or local installation. To maintain continuity of your research session — including virtual machine states and configuration preferences — these tools write data locally to your browser’s IndexedDB database.
This is a critical technical distinction for your privacy:
- No Server Transmission: All IndexedDB data is written exclusively to your local device’s browser storage partition. RoadRash.org servers have zero visibility into, and zero access to, any data stored in your browser’s IndexedDB or WebStorage databases.
- What is Stored: Virtual machine session states, emulation configuration preferences, and research progress data generated during your interaction with the WebAssembly environments.
- Persistence: IndexedDB entries persist across browser sessions on the same physical device until you manually clear your browser’s site data or uninstall the browser entirely.
- Origin Sandboxing: All data is sandboxed by your browser under the
https://roadrash.orgorigin, making it inaccessible to any other website or application on your device.
To delete IndexedDB data stored by roadrash.org:
- Chrome / Brave: Settings → Privacy and Security → Clear browsing data → Advanced tab → Check “Cached images and files” and “Site data” → Clear data.
- Firefox: Preferences → Privacy & Security → Cookies and Site Data → Manage Data → Search
roadrash.org→ Remove Selected. - Safari: Settings → Privacy → Manage Website Data → Search
roadrash.org→ Remove.
2. Cookies and Tracking Technologies
2.1 First-Party Cookies
RoadRash.org may set a minimal number of first-party cookies strictly for essential site functionality, including:
- Session Cookies: Temporary browser-session cookies that expire automatically when you close your browser. These are used to maintain consistent page navigation states.
- Preference Cookies: Optional cookies that store lightweight interface preferences (such as navigation state) across visits.
We do not deploy first-party behavioral tracking, cross-site fingerprinting scripts, canvas fingerprinting, or persistent advertising identifiers of any kind.
2.2 Third-Party Advertising Cookies (Google AdSense & DoubleClick DART)
To support the ongoing operational costs of maintaining this preservation archive — including server hosting, bandwidth for WebAssembly payload delivery, and archival storage — roadrash.org may display advertisements served by Google AdSense, a third-party advertising network operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
Google AdSense deploys DoubleClick DART cookies under the domain doubleclick.net to serve contextually relevant and interest-based advertisements. The DART cookie allows Google to serve ads to users based on their prior browsing behavior across other websites participating in the Google Display Network. The DART cookie is governed exclusively by Google’s Privacy & Terms Policy, available at https://policies.google.com/privacy, and is outside the scope of roadrash.org’s direct control.
Specifically, Google AdSense may collect or access the following signals when serving ads on roadrash.org:
- Cookies from previous visits to other websites within the Google Display Network.
- Your approximate geographic location derived from IP geolocation.
- Browser and device identifiers transmitted in HTTP request headers.
- Contextual signals from the content of the specific roadrash.org page you are viewing at the time of ad delivery.
Opting Out of Google DART Advertising:
You may opt out of Google’s personalized advertising in the following ways:
- Visit the Google Ad Settings page at https://www.google.com/settings/ads to manage your ad personalization preferences.
- Install the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.
- Visit the Network Advertising Initiative (NAI) Opt-Out Platform at https://www.networkadvertising.org/choices/.
- Visit the Digital Advertising Alliance (DAA) Opt-Out Portal at https://www.aboutads.info/choices/.
For users accessing roadrash.org from the European Economic Area (EEA) or United Kingdom, Google operates a Consent Management Platform (CMP) that presents you with explicit consent options upon your first visit to pages where Google AdSense is active.
3. GDPR Compliance (European Economic Area & United Kingdom Users)
If you are accessing roadrash.org from within the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR) — as retained in UK law via the UK GDPR — governs our processing of your personal data.
3.1 Legal Basis for Processing
| Processing Activity | Legal Basis (GDPR Article) |
|---|---|
| Server log collection for security and diagnostics | Legitimate Interests (Art. 6(1)(f)) |
| Serving third-party Google AdSense advertisements | Consent (Art. 6(1)(a)) |
| Responding to user inquiries submitted via contact form | Contractual Necessity (Art. 6(1)(b)) |
| Compliance with legal obligations (DMCA takedown notices, etc.) | Legal Obligation (Art. 6(1)(c)) |
3.2 Your Rights Under GDPR
As a data subject under the GDPR, you are entitled to the following rights, exercisable by contacting us at [YOUR-EMAIL@roadrash.org]:
- Right of Access (Art. 15): Request a full copy of any personal data we hold that relates to you.
- Right to Rectification (Art. 16): Request correction of any inaccurate or incomplete personal data.
- Right to Erasure (Art. 17): Request deletion of your personal data where no overriding legal basis for continued processing exists.
- Right to Restriction of Processing (Art. 18): Request that we restrict, rather than delete, your data while a dispute is resolved.
- Right to Data Portability (Art. 20): Request a copy of your data in a structured, commonly used, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests, including direct marketing profiling.
- Right to Withdraw Consent (Art. 7(3)): Where processing is consent-based (e.g., AdSense personalization), you may withdraw consent at any time without affecting the lawfulness of prior processing.
You also have the right to lodge a complaint with your local Data Protection Supervisory Authority (DPA). A full directory of EEA supervisory authorities is maintained by the European Data Protection Board at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
3.3 International Data Transfers
Our server infrastructure and Google AdSense are operated by entities incorporated and primarily based in the United States. If you are located outside the United States, your data may be transferred to, stored in, and processed in the United States or other countries whose data protection frameworks may differ from those in your home jurisdiction. For data transfers from the EEA or UK, we rely on the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection for your personal data.
4. CCPA Compliance (California Residents)
If you are a resident of the State of California, the California Consumer Privacy Act (CCPA) — as amended by the California Privacy Rights Act (CPRA, effective January 1, 2023) — grants you specific and enforceable rights regarding your personal information.
4.1 Categories of Personal Information Collected
Under the CCPA’s defined statutory categories, RoadRash.org may collect the following in the preceding 12 months:
| CCPA Statutory Category | Specific Data Collected | Collected by roadrash.org? |
|---|---|---|
| Identifiers | IP address, browser User-Agent string | Yes — via server logs |
| Internet / network activity | Pages visited, session duration, referring URL | Yes — via server logs |
| Geolocation data | Approximate city/region location via IP | Via Google AdSense only |
| Commercial information | Transaction history, purchasing records | No |
| Biometric information | Fingerprints, facial geometry, voice prints | No |
| Sensitive personal information | Social Security numbers, financial data, health data | No |
4.2 Your CCPA/CPRA Rights
California residents have the right to:
- Know: Request disclosure of the categories of personal information collected, the sources, the business or commercial purpose, and the third parties with whom it is shared.
- Delete: Request deletion of your personal information, subject to certain statutory exceptions (e.g., security logging obligations).
- Correct: Request correction of inaccurate personal information we hold about you (CPRA addition).
- Opt-Out of Sale or Sharing: RoadRash.org does not sell or share personal information with third-party data brokers for monetary or other valuable consideration. No opt-out mechanism is required as a result.
- Limit Use of Sensitive Personal Information: We do not process sensitive personal information as defined under CPRA.
- Non-Discrimination: We will not discriminate against you — including by denying services, charging different prices, or providing a degraded level of service — for exercising any of your CCPA/CPRA rights.
To submit a verifiable CCPA consumer request, email [YOUR-EMAIL@roadrash.org] with the subject line “CCPA Rights Request” and include sufficient information to verify your identity. We will respond within 45 calendar days as required by statute.
5. Children’s Privacy (COPPA)
RoadRash.org is intended for users who are 13 years of age or older. We do not knowingly collect, solicit, or retain personal information from children under the age of 13, in compliance with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506.
If we become aware that we have inadvertently collected personal data from a child under the age of 13, we will take immediate steps to delete that information from our server logs and notify any third-party processors (such as Google AdSense) to delete associated data records. If you are a parent or legal guardian and believe your child has submitted personal information to roadrash.org, please contact us immediately at [YOUR-EMAIL@roadrash.org].
For users located in the European Economic Area: under GDPR Article 8, users under the age of 16 (or the lower age of digital consent applicable in their EU member state, which may be as low as 13) may require verifiable parental or guardian consent for certain data processing activities.
6. Third-Party Services and External Links
6.1 External Links to Third-Party Resources
As a software preservation archive, roadrash.org may contain outbound links to external resources, including open-source project repositories (such as dgVoodoo2, DDrawCompat, and cnc-ddraw documentation hosted on GitHub or developer personal pages), retrocomputing community references, and historical software databases. These external websites operate under their own independent privacy policies, which we do not author, control, or take responsibility for. We encourage you to review the privacy policy of each third-party website you access via an outbound link from roadrash.org.
6.2 Third-Party Service Provider Summary
| Service Provider | Purpose on roadrash.org | Governing Privacy Policy |
|---|---|---|
| Google AdSense / DoubleClick | Display advertising | policies.google.com/privacy |
| Google Analytics (if deployed) | Aggregated, anonymized traffic analysis | policies.google.com/privacy |
| Cloudflare (if deployed) | Content Delivery Network, DDoS protection, DNS management | cloudflare.com/privacypolicy |
7. Data Security
We implement reasonable, industry-standard technical and organizational security measures to protect data processed by our infrastructure against unauthorized access, alteration, disclosure, or destruction. These measures include:
- TLS/SSL Encryption: All data transmitted between your browser and roadrash.org servers is encrypted using Transport Layer Security (TLS 1.2 minimum, TLS 1.3 preferred), ensuring that your browsing session is protected against network-level interception.
- Server Access Controls: Administrative access to server infrastructure is restricted to authorized personnel using key-based authentication protocols. Password-based SSH access is disabled.
- Automated Log Purging: Server log data is subject to automated deletion after 30 days via scheduled server-side cron tasks, minimizing the volume of retained identifiable data.
- No Third-Party Data Sales Architecture: Our site is architecturally designed with zero data brokerage pipelines. We maintain no integrations with audience data marketplaces, ad exchanges that purchase behavioral profiles, or data management platforms (DMPs).
Please be aware that no method of electronic transmission or storage is 100% secure against all threat vectors. While we implement commercially reasonable protective measures, we cannot guarantee absolute security of data transmitted over the public Internet.
8. Data Retention Summary
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Server access logs (IP, User-Agent, timestamp) | 30 days maximum | Automated server-side purge |
| Google AdSense / DART cookie data | Per Google’s retention schedule | policies.google.com/technologies/retention |
| Browser IndexedDB session data | Until user clears browser site data | Manual browser data clearing (see Section 1.2) |
| Contact form submissions | Duration of active correspondence + 12 months | Manual deletion on request |
9. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our technical infrastructure, third-party service integrations, applicable legal requirements, or regulatory guidance. When material changes are made, we will revise the “Last Updated” date displayed prominently at the top of this page.
Material changes that substantially affect how we handle your personal data will be communicated through a visible site notice. Your continued use of roadrash.org following the posting of any revised Privacy Policy constitutes your acceptance of the updated terms. We recommend bookmarking this page and reviewing it periodically.
10. Contact Us
For all privacy-related inquiries, data subject rights requests, or questions regarding this Privacy Policy, please contact our designated privacy compliance point of contact:
Email: [YOUR-EMAIL@roadrash.org]
Website: https://roadrash.org/privacy-policy/
Subject Line for GDPR Requests: “GDPR Data Request – [Your Request Type]”
Subject Line for CCPA Requests: “CCPA Rights Request – [Your Request Type]”
Response Time: We aim to acknowledge all privacy inquiries within 72 hours and resolve substantive requests within 30 calendar days (or 45 days for CCPA, as permitted by statute).
