🔥 ASH BORNE COMMAND CENTER

Last Updated: March 7, 2026

The AshBorne Command Center is dedicated to providing tactical intelligence for faction members. This policy outlines how we handle your data to maintain a balance between competitive advantage and user security.

1. Data Collection & Encryption

• Torn API Keys: All keys provided during login are encrypted using AES-256-CBC. Raw keys are never stored on disk and are only decrypted in server memory for active requests. We recommend using a Limited Access key.
• Authentication Data: We store your Torn ID, Name, and Faction Position to verify your eligibility to access internal intelligence.
• Engagement Logs: We record the timestamp of your last visit and the specific tools accessed (e.g., War Intel, Banker Ledger) to help leadership monitor system utility.

2. Hybrid API Architecture

To provide high-frequency updates while staying within Torn's rate limits, we utilize a decentralized API model:

• Client-Side Processing: For verified Revivers, the "War Intel" page uses your API key locally within your browser to poll Torn every 15 seconds. This data flows directly from Torn to your device and is not processed or stored by our server.
• Revive Perk Verification: We check your education and job perks to determine if you can contribute to the "Wall of Shame." This verification happens automatically during login.

3. Persistent Login (Remember Me)

• Secure Tokens: Selecting "Keep me signed in" generates a cryptographically hashed token (SHA-256). This token is unique to your device and session.
• Automated Login: We record a "Last Seen" timestamp whenever a persistent token is used to refresh your session. These tokens expire and are purged from our database after 30 days.

4. Automated Security Purging

Our backend systems perform a nightly security sweep. If the Torn API reports that a stored key is Incorrect, Disabled, or Paused, that key is immediately purged from our database. You will be required to re-authenticate with a valid key to restore access.

5. Data Control & Revocation

You may terminate your active session and invalidate all persistent tokens at any time by clicking the Logout button. For a complete purge of your stored API key and historical activity data, please contact a faction Blaze Keeper.