Privacy Policy
Yeepabase is a community-run roster, not a Trass Games product. This page lists every category of data the database holds, why it is there, and how to get rid of it. If something below is not true, it is a bug — report it.
Who runs this
Yeepabase is operated by the community, and is not affiliated with, endorsed by, or run by Trass Games. Yeeps is their game; this is an unofficial scoreboard for it.
What we store about your account
When you create a Yeepabase account, the database holds:
- Email address — to identify your account and let you sign in.
- Display name — shown on your profile.
- Password hash — never the password itself. Hashed, and not reversible.
- Google account ID — only if you chose to sign in with Google. Never your Google password.
- Account created and last login timestamps — for basic account housekeeping.
What we store about your Yeeps player
Nothing here is collected until you link your own Yeeps player, and linking requires the mobile code that Yeeps shows only to the owner of that account. That code is the consent step: without it, a player cannot be added.
- Yeeps username, display name, and Meta username — to identify the player on the roster.
- Mobile code — kept so stats can be re-pulled later. It is a credential, not a stat: it is never shown in full anywhere on the site or in the JSON API, only ever masked as its last 3 characters.
- Account ID and mobile password returned by the Yeeps API — stored server-side so refreshing your stats does not need your code again. Never displayed, never returned by the API.
- Public stats — coins, beans, sessions, pets, items, stashes found, community worlds, cosmetics worn, join date, and public role.
- Outfit — equipped cosmetics, plus skin and eye colour.
- Purchases — which bundles and paid unlocks you own. No amount of money is stored, because the Yeeps API does not report one. Any spend figure would be invented.
- Timestamps — when you were added and when your stats were last pulled.
Your mobile code, account ID, and mobile password are stored as ciphertext, not plain text, using a key kept outside the database. They are decrypted only for a moment on the server to refresh your stats, and never leave it in readable form — they are not shown on your profile, the roster, the leaderboard, or the JSON API. The Developer badge some players carry is cosmetic: it gives no one access to anyone else's stored code or credentials.
What we deliberately do not store
The Yeeps API returns more than the site keeps. These fields are read past on purpose and never written to the database or shown to anyone:
- Moderation state — ban status, mute status, remaining ban hours, ban and warning reasons, pending warnings.
- Internal segmentation and analytics keys.
- Session and access tokens returned alongside your account data.
- Community world join codes. Worlds you own, staff, or hold VIP in are only ever counted, never named — publishing the codes would let anyone into those worlds.
A community stats page has no business holding any of that.
Who can see it
Your roster entry, stats, outfit, and purchases are public — that is the point of a scoreboard, and you opted in by linking. Your email address, password hash, Google ID, mobile code, and API credentials are never public: they are not shown anywhere on the site, not exposed through the JSON API, and — for the mobile code, account ID, and mobile password — kept encrypted at rest, so they are not readable in the database itself.
Removing your data
Unlink your player from your account page and its row is deleted from the roster — stats, outfit, purchases, mobile code, and stored credentials go with it. Nothing is retained after an unlink.
Changes
If the list of stored fields changes, this page changes with it. It is meant to describe the database as it actually is, not as it was intended to be.