Terms of Service

For Everyone

1. For the purposes of this document, "usage" ("using", "used", etcetera) of the network is defined as creating an account at a cabinet, registering that account on the web, or otherwise communicating (either directly or indirectly) with any server which forms part of the Miniwa network. Playing on any cabinet connected to Miniwa should be considered an example of "indirect" communication.
2. By using Miniwa, you acknowledge that we provide it “as is”, without warranty or guarantee of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement. In absolutely no event shall Team Miniwa or any individual member of Miniwa be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the network.
3. Access to Miniwa is a Privilege, not a Right
   1. We provide no guarantee or warranty regarding availability, uptime, stability, or consistency of the Network. The Miniwa Team reserves the right to revoke partial or full access at any time, for any reason.
4. Attacks & Reverse Engineering Strictly Prohibited
   1. All persons using this service are not permitted to attempt / enact, or allow or encourage any party to attempt / enact, any kind of attack on the service, including but not limited to:
      • Denial of Service
      • XML injection
      • packet disassembly
      • packet tampering
      • proxying
      • VPN network snooping
      • memory editing
      on any traffic between a location's Cabinets and the Server (including between a location's Cabinets and its VPN gateway), upon any Cabinets, upon any server related to the network, or upon the VPN gateway.
5. Not an exhaustive list of rules
   1. Further to Term 3.i, we reserve the right to alter the list of rules, enact penalties, or expel parties from the network at our own discretion.

For Locations

Locations should read the full set of Terms in their location documentation bundle.

6. Data and Information Secrecy
   1. Location owners, key / credential holders, and persons otherwise associated with a location, are not permitted to share any information regarding connection details (including VPN Certificates / Keys / Parameters and PCBIDs / Hardware IDs) or detailed technical information (including source code) with any other party than Miniwa, or where explicitly permitted by a member of Miniwa.
7. Attacks & Reverse Engineering Strictly Prohibited
   1. Location owners and persons otherwise associated with a location are not permitted to attempt / enact, or allow or encourage any party to attempt / enact, any kind of attack, as described at Term 4.i.
8. Modifications Prohibited except where explicitly allowed
   1. Location owners, key / credential holders, and persons otherwise associated with a location are not permitted to modify the data running on any cabinet for the purposes of running outside the original specifications of that software, unless explicitly authorized by Miniwa.
9. Acceptance of Terms for Locations
   1. A Location agrees to be bound by these terms by accepting the Service Connection message shown when starting a cabinet on our network for the first time.

For API Client Authors

An "API Client Author" is any person or entity which creates an "API Client" on our service.

10. Scraping is Not Allowed
    1. Scraping any part of any Web UI (Vulkan or Kailua) which is not designated as an API endpoint is not permitted under any circumstances. If you would like clarification on whether what you're doing is allowable, please contact us. We are more than happy to add extra functionality to the API if you need it; again, please get in touch!
    2. 10.i should be read in addition to those restrictions at 4.i.
11. Applications should be Scoped Appropriately
    1. An Application must only request oauth scopes which are required for it to perform its function.
12. Secrecy of Access Keys is the responsibility of the application owner
    1. If you have any suspicion that an Application Secret's secrecy has been compromised, it must be revoked and reissued as soon as reasonably practicable. Further, if you have any concern that a Secret has been used by a third party, this must also be reported to a member of the Team as soon as reasonably practicable. We won't be mad; we just need to know!

---

Privacy Policy

Your data is important (wow, we said it!). Here at Miniwa, we're not interested in scraping your play styles to sell to the highest bidder, or serving you ads, or anything like that; we just store just the data required to make the network run. What follows is a brief summary of what we store, what we do with it, and the rights you have over it.

Play Data

Play Data is data which we accumulate while you play on a Miniwa cabinet, which includes things like your profile name, your card NFC identifier, creation / usage timestamps, scores, progression, etcetera. We also store a list of events including the number of credits dropped at each cabinet, which are theoretically reversible into approximate per-user counts based on timestamp (although we don't do this). Game profile data (including ranking) is viewable by other users. Card information, events, and other such data is only viewable by yourself and network administrators.

Credit Data

Credit Data includes data associated with the Petals system, including balance, topups, token usage (by user), and a list of all transactions. This data is not viewable by any parties other than yourself and network administrators.

User Data

User Data includes the email address and password which you sign up with, as well as a list of the Accounts (containing Play Data) which you have claimed ownership of. Passwords are hashed and salted with industry standard protection methods, and can not be reversed into plaintext by anyone (not even administrators). Everything else is only viewable by yourself and network administrators.

Cookie Policy

This website requires the use of cookies to facilitate authentication of the end user. By using Miniwa, you are acknowledging that we may use these files purely for the purposes of authenticating you as a user of our service, and for ensuring the security of our user's data. We use two cookies, details of which are below:

Cookie	Title	Description
XSRF_TOKEN	Cross-site request forgery protection token	This cookie provides a unique key for every request you make to our service to ensure that you are not a victim of a Cross-site request forgery attack. It is not personally identifiable, and is cleared on every page load.
flower_session	Authentication / Session Token	This cookie is the unique identifier given to you when you use our service. This allows us to keep you logged in, otherwise we'd totally forget about you! This cookie also identifies your specific user session, which we use to store things like your current language. We do not use it for anything like marketing or tracking.

Contact & Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. We only ever use the email address you have provided for important service updates (such as password changes), and we promise not to send you any spam or newsletters unless you explicitly opt in to them.

Email Service Updates

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers to any optional email service updates may un-subscribe at any time. This process is detailed at the footer of each email. If this doesn't work for any reason, please contact us at team@miniwa.ca.

Third Party Data Processing / Storage

All of our data is stored locally, and is never sent to any server or service outside of our direct control. We're really proud to be able to say that.

Viewing your Data

Most of our data is available in our Web Interfaces. We don't expose absolutely everything (including boring internal identifiers), but we do expose most everything of importance. If that's not good enough for you, please get in touch at team@miniwa.ca, and we will be able to give you more detail as to what we store, and provide you with database dumps of your data. We plan on making this a self-service feature soon, so watch this space!

The Right to Be Forgotten

If you would like to remove any or all of your data, including play data, credit data, or credentials, please contact us at team@miniwa.ca. We'll get back to you as soon as possible.

External Links

Although this website only looks to include quality, safe and relevant external links, users should always adopt a policy of caution before clicking any external web links mentioned throughout this website. The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk, and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

External Payment Gateways

This website may, in future, direct you to perform some transactions at the websites of selected third party arcades. Where this is available, users should note that any transactions whilst at that external link are subject to the terms and/or policies of that third party, and that the availability of such is not an endorsement, affiliation, or implicit guarantee / warranty of that third party's services. Users should further note that the owners of this website do not, and will never, receive any compensation, financial or otherwise, from any third parties participating in this feature.

External Voice Assistants

This website may, in future, provide you with the option of interacting with it through a "Voice Assistant" such as Amazon Echo / Alexa, Google Assistant, or Siri. If you enable the Miniwa skill on any of these services, we will send a unique access token to the Assistant's server, which is used purely for the purpose of identifying you to that Assistant. If you interact with the Assistant (for example, to request your latest score), we will send a response, in the form of a string, which provides you with the information you requested (for example, your most recent score). This data will pass through your chosen Assistant's servers, which are out of our control.