GDPR Compliance and Improved Privacy Settings

On May 25, 2018, privacy regulations enacted by the European Union called the General Data Protection Regulation (GDPR) will take effect. Today’s Kitely update contains numerous changes in order to comply with the GDPR. We’ve updated our Privacy Policy and Terms of Service, and added tools to the Settings page that let you view and control your personal information better.

All Emails are Now Opt-In

The GDPR requires active consent in order to send any non-critical emails, so we had to disable all of the optional emails that we used to send to you. This includes highly useful emails such as ones notifying you when another user sends you a message. If you have a Kitely Market store then you will also no longer receive an email when that store makes a sale. You need to opt-in if you want to receive these emails again.

One-Time Privacy Information Dialog

The next time you login to Kitely you will be asked to accept our new Privacy Policy and Terms of Service, and optionally opt-in to our emails:

We don’t send many emails, so we recommend selecting Enable/disable all emails to enable all of these emails. (Note that the last three checkboxes in this screenshot will only appear if you have a Kitely Market store.)

If you try to visit one of Kitely’s worlds before accepting the new Terms of Service then the login attempt will fail with this message:

Hypergrid Users Need to Accept our Terms of Service

People who visit Kitely using the Hypergrid also need to accept our updated Terms of Service. When a Hypergrid user tries to teleport into Kitely, they will get this message:

When they open this link in their browser they will see this web page:

After they accept our Terms of Service they’ll be able to visit the Kitely grid without having to repeat this approval process.

Mandatory Age Verification for All Users

The GDPR limits our ability to sign up users who are under 16 years old. We’re now required to obtain the consent of the parent or guardian of such users before we allow them to use our service.

Until now, Kitely didn’t require you to specify your age (only to assert that you’re over 13 years old). We only asked for your age if you tried to change your account’s Maturity Rating to Adult. In order to comply with the GDPR, we now require all of our users to specify their age range.

If you provided us with your date of birth in the past then we have converted it into an age range, and deleted your exact date of birth.

If you haven’t provided us with your date of birth in the past then you’ll be asked to select your age range the first time you login to Kitely:

If you select an age under 16 then you’ll also be asked to provide us with the contact information of your parent or guardian:

We’ll send an email to the parent or guardian, asking them to approve your account. Once they do so you’ll be able to create a Kitely account (or continue using your existing account).

You can view and change your age range in the account Settings page. However, if you’re under 16 years old then we’ll ask your parent or guardian to approve the new age range that you choose.

Modify your User Names

You can now view and change two names in the Settings page:

Account name – this is the name that appears in the Kitely website (e.g., in the Account History page and in the forums). It’s the name that you chose when you signed up to Kitely.

OpenSim avatar – how you appear in OpenSim. This name is usually the same as the Account name, but sometimes it’s slightly different.

In the past you were only able to choose your Account Name, and only when you created your account. We then generated your OpenSim Avatar name automatically based on your Account Name. Usually these names are the same, but sometimes we have to make the OpenSim name different from your Account name. This can happen for several reasons: e.g. because your name is already in use in our OpenSim grid (which doesn’t allow two avatars to have the same name), or because your Account Name contains characters that are unsupported in OpenSim. This can cause some users to have OpenSim names like “John Smith_2”. If you wish, you can now change your OpenSim Avatar name.

We strongly recommend that you make your Account Name and OpenSim Avatar Name identical, or at least as similar as possible. Otherwise things will get very confusing, as you’ll be known by different names in our OpenSim grid and on our website (which includes the forums).

One last warning: if you change your OpenSim Avatar name then you might not see the results of the change until you clear your viewer cache. Similarly, other users who meet you in OpenSim will also see you using the old name, unless they also clear their viewer’s cache. So you should think carefully before you change your OpenSim name.

Modify your Email Address

You can now view and change your email address:

For security, you’ll need to enter your password in order to change your email address. We’ll send a verification email to the new email address, and a notification email to your old address.

Disconnect your Kitely Account from your Facebook or Twitter Accounts

If you created your Kitely account using Facebook or Twitter (instead of using an email and password), then you can now view and delete your link to these services. If you remove your link to Facebook or Twitter then you’ll be able to login to Kitely using your email and password instead.

Download Usage Reports

You can download your account’s usage reports:

Some of these reports have existed before today’s update, but the purchases report is new. (Note that the sales report option will only appear if you have a Kitely Market store.)

Delete your Account

You can now delete your Kitely account without having to ask us. To start this process, select Delete account in the Settings page:

You will need to confirm that you want to delete your account by first entering your password, and then by clicking on a confirmation email that we’ll send to your email address. Once you do this your account will be deleted immediately. All of your Kitely worlds will be deleted, and if you have a Kitely Market store then it will also be deleted.

Your Right to be Forgotten

We keep some information about your account even after you delete it. We need this information for security, so that bad people don’t come into Kitely; wreak havoc; and then quickly erase all the traces that can help us identify them. This retained information will be removed from our system 30 days after you delete your account. After that, some information may still exist in our backups, but even that information will be deleted within 90 days.

Information relating to your PayPal and Kitely Credits transactions will be stored indefinitely, even if you delete your account, in order to comply with anti-money laundering regulations and accounting regulations.

Deleting a Hypergrid User

Hypergrid users also have the option to delete their information from Kitely. Since Hypergrid users don’t have a Kitely account, they can’t go to their Settings page to delete themselves (as Kitely users do). Instead, we’ve added a sign in the Kitely Welcome Center that enables Hypergrid users to delete their information. This sign is located in the information kiosk area (hop:// Welcome Center/63/127/25).

When you click on this sign a web page will open in your browser, where you can tell us to delete all of the information that we’ve collected about your avatar. (If you’re a Kitely user and you click on this sign then we’ll open your account’s Settings page instead.)

Better control over email settings

We updated our system today with several privacy-related improvements. We’re working to make Kitely compliant with the upcoming General Data Protection Regulation (GDPR). This is a wide-ranging privacy law enacted by the European Union. Many of the changes we’re making are behind the scenes, but some are user-visible, and one of these changes is included in today’s update.

Email Settings

We now provide you with more control over which emails we send you. The Settings page now contains an “Email Settings” section where you can opt in or out of all types of emails.

If you have a Kitely Market store then the Settings page will also show you Store-related email settings. These settings were moved here from the Store page.

We will implement other GDPR-related changes in future releases.

Removed Support for Facebook Friends, Twitter Followers, and Twitter Lists

For users who created their Kitely account using Facebook or Twitter, we used to provide the ability to restrict access to their worlds to users who are their Facebook Friends; Twitter Followers; or in one of their Twitter Lists. This feature has now been removed. It was very rarely used, and it has become difficult to enable due to Facebook’s and Twitter’s recent privacy-related changes.

You can still restrict access to your Kitely world by selecting OpenSim groups whose members will be allowed to enter the world. To do so, go to the Access tab in the world’s Manage World dialog.

Other Changes

We’ve made it easier for Kitely Market merchants to redeliver a product to many customers.  When merchants update a product, they sometimes want to redeliver it to all of the customers who had previously purchased the product. But these deliveries can fail if the destination grid is down. We show an error message when that happens, but until now that message didn’t specify which customer failed to receive the item. This is a problem when delivering to many users at once. We’ve now improved this error message to show which item and customer failed to receive the redelivery.