USE CODE KLAWKLA
Sign In Sign Up

Privacy Policy — ClashBaseLink.com

Effective Date: May 18, 2026
Last Updated: May 18, 2026
Version: 2.0

1. Introduction

This Privacy Policy explains how ClashBaseLink.com ("ClashBaseLink," "we," "us," or "our") collects, uses, shares, and protects information when you visit our website, create an account, subscribe to our newsletter, or otherwise interact with our services (collectively, the "Service").

ClashBaseLink is an independent, unofficial fan site that publishes Clash of Clans base links and related content. We are not affiliated with, endorsed, sponsored, or specifically approved by Supercell Oy. Clash of Clans and Supercell are trademarks of Supercell Oy.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Scope

This policy applies to information we collect:

  • On clashbaselink.com and any subdomains;
  • Through email, newsletters, and other electronic communications between you and us;
  • When you interact with our content, links, or buttons on third-party platforms that we operate.

This policy does not apply to:

  • Third-party websites, apps, or services we link to (including Supercell, YouTube, Google, social platforms, or advertising networks);
  • Information collected by Supercell when you use a creator code in-game (Supercell handles this directly under its own privacy policy).

3. Definitions

  • Personal Information / Personal Data: any information that identifies, relates to, or could reasonably be linked to an identified or identifiable natural person.
  • Processing: any operation performed on personal data (collection, storage, use, sharing, deletion, etc.).
  • Sensitive Personal Information: a special category under laws such as GDPR/CPRA (e.g., precise geolocation, racial/ethnic origin, health, biometric data). We do not knowingly collect sensitive personal information.
  • Service Provider / Processor: a third party that processes personal data on our behalf.

4. Information We Collect

4.1 Information You Provide Directly

Category Examples When Collected
Account information Display name, email address When you register for a premium/member account
Profile information Optional username When you fill in profile fields
Communications Subject, body, and metadata of emails you send us; support tickets When you contact support@clashbaselink.com
Newsletter subscription Email address, preferences When you subscribe
Survey / feedback Responses you submit When you participate voluntarily
Comments / user content Text you post (if comment features are enabled) When you submit content

4.2 Information Collected Automatically

When you visit the Service, we (and our service providers) automatically collect:

  • Device & browser data: IP address, browser type and version, operating system, device type, screen resolution, language preference.
  • Usage data: pages viewed, time spent on pages, referring/exit URLs, clickstream, search terms used on the site, button-click events (e.g., which base link, copy-link, or creator-code button you tapped).
  • Approximate location: city/region/country derived from IP address (we do not collect precise GPS location).
  • Log data: server logs including timestamp, requested URL, HTTP status, user-agent.
  • Performance data: page load times, errors, crash reports.

4.3 Information from Third Parties

  • Analytics providers (e.g., Google Analytics 4) — aggregated and pseudonymous usage data.
  • Email service providers — delivery, open, and click statistics for newsletters.
  • Authentication providers (if you sign in via Google/Apple/etc.) — your name, email, and a unique identifier as permitted by you and the provider.
  • Supercell Creator Code program — Supercell does not share your account or payment information with us. We may receive aggregate payout reports identifying total uses of our creator code, not individual users.

4.4 Cookies and Similar Technologies

See Section 8 for details on cookies, pixels, local storage, and SDKs.

5. How We Use Your Information

We use personal data for the following purposes:

  1. Provide and operate the Service — host pages, deliver base links, authenticate accounts, remember preferences.
  2. Account management — create, secure, and support your account; password resets.
  3. Communications — respond to inquiries; send transactional emails (e.g., password reset, account changes).
  4. Marketing & newsletters — send updates, new bases, and promotions (only with your opt-in where required by law; you can unsubscribe anytime).
  5. Analytics & improvement — understand which content is popular; measure button-click conversion; debug and improve usability.
  6. Personalization — remember language and display preferences.
  7. Security & fraud prevention — detect abuse, scraping, credential stuffing, spam, and other malicious activity; enforce our Terms.
  8. Legal compliance — comply with applicable laws, court orders, and regulatory requests.
  9. Business operations — accounting, audits, and to cover operational expenses associated with running the Service.
  10. Aggregated / de-identified research — produce statistics that do not identify any individual.

We will not use your personal data for purposes materially different from those listed above without notifying you and, where required, obtaining your consent.

If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases under the GDPR / UK GDPR are:

Purpose Legal Basis
Providing the Service and account features Performance of a contract (Art. 6(1)(b))
Newsletter and marketing emails Consent (Art. 6(1)(a)) — withdrawable at any time
Analytics & non-essential cookies Consent (Art. 6(1)(a))
Security, fraud prevention, service improvement Legitimate interests (Art. 6(1)(f))
Responding to legal requests Legal obligation (Art. 6(1)(c))

You may object to processing based on legitimate interests at any time (see Section 12).

7. How We Share Information

We do not sell your personal information for money. We share data only in the limited circumstances below:

7.1 Service Providers (Processors)

We share data with vendors who process information on our behalf under written agreements that restrict use of the data to providing services to us. Categories include:

  • Hosting & CDN (e.g., the provider operating our US-based servers and edge cache);
  • Analytics (e.g., Google Analytics 4);
  • Email delivery (e.g., transactional and newsletter ESP);
  • Authentication / SSO (if enabled);
  • Customer support tooling;
  • Anti-abuse / bot mitigation;
  • Backup, logging, and error monitoring.

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with a law, regulation, subpoena, court order, or government request;
  • Enforce our Terms of Service or other agreements;
  • Protect the rights, property, or safety of ClashBaseLink, our users, or others;
  • Investigate fraud, security, or technical issues.

7.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred to the successor entity. We will notify you of any such change and of any choices you may have.

We may share information for other purposes disclosed to you with your consent.

7.5 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you (e.g., "10,000 users clicked this base link this month").

8. Cookies and Tracking Technologies

8.1 Types of Cookies & Storage We Use

Category Purpose Examples Required?
Strictly necessary Login session, security, load balancing, CSRF protection Session cookie, auth token Cannot be disabled
Functional Remember preferences (language, dark mode) cbl_prefs Optional
Analytics Measure traffic, popular bases, button clicks _ga, _gid (Google Analytics 4) Optional — consent required in EEA/UK
Advertising We currently do not run third-party ad networks. If this changes, we will update this policy and request consent.

8.2 Managing Cookies

You can control cookies through:

  • Your browser settings — block or delete cookies. Note that blocking strictly necessary cookies may break the Service.
  • Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout.
  • Global Privacy Control (GPC): we honor GPC signals from supported browsers as an opt-out of "sale" / "sharing" under US state laws.
  • Do Not Track (DNT): there is no consistent industry standard for DNT; we currently do not respond to DNT browser signals but we do honor GPC.

The Service contains links to third-party sites (e.g., YouTube videos, the in-game Clash of Clans deep links, social media, Supercell pages). When you click such a link, the third party may collect information about you under its own privacy policy. We are not responsible for third-party practices. Please review the privacy policy of any third-party service you visit.

9.1 Supercell Creator Code

When you use our creator code in-game or in the Supercell Store, you are interacting directly with Supercell. We do not receive your Supercell account ID, IGN, in-game purchases, payment information, or any other personal data from Supercell. We may receive aggregate payout statistics. See Supercell's privacy policy at https://supercell.com/en/privacy-policy/.

10. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy:

Data Retention
Account data Until you delete your account, plus up to 30 days in backups
Newsletter subscription Until you unsubscribe
Support emails Up to 24 months after the issue is resolved
Server / access logs Up to 90 days
Analytics data (GA4) 14 months (default), then aggregated
Backups Rolling 30-day window
Data we are legally required to retain (e.g., tax, anti-fraud) As required by applicable law

After the retention period, we delete or irreversibly anonymize the data.

11. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect your data, including:

  • HTTPS / TLS encryption in transit;
  • Encryption at rest for sensitive fields where applicable;
  • Hashed and salted passwords (we never store passwords in plaintext);
  • Access controls limiting employee/contractor access on a need-to-know basis;
  • Logging and monitoring of administrative access;
  • Periodic review of vendors and security practices.

No system is 100% secure. You are responsible for keeping your password confidential and notifying us promptly of any unauthorized use of your account at support@clashbaselink.com.

Breach Notification

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and competent authorities within the timeframes required by applicable law (e.g., 72 hours under GDPR).

12. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. We honor verifiable requests from all users regardless of residence, to the extent practical.

12.1 Universal Rights (offered to all users)

  • Access — request a copy of the personal information we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your account and associated data.
  • Unsubscribe — opt out of marketing emails via the link in every newsletter.

12.2 European Economic Area, United Kingdom & Switzerland (GDPR / UK GDPR)

In addition to the above:

  • Right to restrict processing of your data;
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format;
  • Right to object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent at any time without affecting prior processing;
  • Right not to be subject to automated decision-making that produces legal effects (we do not perform such decision-making);
  • Right to lodge a complaint with your local supervisory authority. EU users can find theirs at https://edpb.europa.eu/about-edpb/about-edpb/members_en; UK users at the ICO (https://ico.org.uk).

12.3 California Residents (CCPA / CPRA)

You have the right to:

  • Know the categories and specific pieces of personal information collected, the sources, purposes, and third parties with whom we share data;
  • Delete personal information we collected from you (subject to exceptions);
  • Correct inaccurate personal information;
  • Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell personal information and do not share it for cross-context behavioral advertising. We honor GPC signals.
  • Limit use of sensitive personal information (we do not collect sensitive PI as defined by CPRA);
  • Non-discrimination — we will not discriminate against you for exercising your rights.

Categories Collected in the Past 12 Months (CCPA disclosure)

Category (Cal. Civ. Code §1798.140) Collected? Source Purpose Disclosed for business purpose?
Identifiers (name, email, IP, account ID) Yes You; automatic Service, support, analytics Yes — to processors
Customer records Yes You Account Yes — to processors
Commercial information No
Internet / network activity Yes Automatic Analytics, security Yes — to processors
Geolocation (approximate) Yes Automatic Analytics Yes — to processors
Sensory data No
Professional / employment No
Education information No
Inferences Limited Automatic Personalization No
Sensitive Personal Information No

12.4 Other US States (VA, CO, CT, UT, TX, OR, MT, IA, DE, NJ, NH, MN, MD, RI, IN, TN, KY, FL and others)

Residents of these states generally have rights similar to those above (access, correction, deletion, portability, opt-out of targeted advertising / sale / profiling). To exercise rights, use the contact details in Section 17.

12.5 Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act)

Residents have analogous rights under their respective laws and can contact us to exercise them.

12.6 How to Exercise Your Rights

  • Email: support@clashbaselink.com with subject line "Privacy Request".
  • Account settings: edit your profile or delete your account from your account page (when available).
  • Authorized agents: California residents may use an authorized agent; we will require proof of authorization.
  • Verification: to protect you, we will verify your identity (typically by confirming control of the email on your account) before fulfilling a request.
  • Response time: we will respond within one month (GDPR / UK GDPR, per Art. 12(3)) or 45 days (CCPA and most US state privacy laws), extendable as permitted by law if we notify you.
  • Appeals (where required by state law): if we deny your request, you may appeal by replying to our response email.
  • Free of charge: requests are free unless manifestly unfounded or excessive.

13. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your information will be transferred to, stored, and processed in the US and other countries where our service providers operate.

When we transfer personal data from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, supplemented by additional measures where appropriate. A copy of the relevant transfer mechanism is available on request.

14. Children's Privacy

The Service is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable age, such as parts of the EEA). We do not knowingly collect personal information from children under these ages. If we learn that we have collected such information without verifiable parental consent, we will promptly delete it.

If you are a parent or guardian and believe your child has provided personal information to us, please contact support@clashbaselink.com and we will take appropriate action.

This complies with the Children's Online Privacy Protection Act (COPPA) and equivalent international rules.

15. "Do Not Sell or Share My Personal Information"

We do not sell personal information in exchange for money, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA and similar US state laws.

If our practices change, we will update this policy and provide a clear "Do Not Sell or Share My Personal Information" link on our homepage.

We honor the Global Privacy Control (GPC) signal as an opt-out preference signal where required.

16. Automated Decision-Making and Profiling

We do not use your personal information for automated decision-making, including profiling, that produces legal or similarly significant effects about you.

We may use lightweight analytics (e.g., counting page views) for personalization purposes that do not produce such effects.

17. Contact Us

For privacy-related questions, requests, or complaints:

  • Email (general): support@clashbaselink.com
  • Subject line for privacy requests: Privacy Request — [your request type]
  • Postal mail: available on request

EU / UK Representative

If you are in the EEA or UK and wish to contact a representative under Article 27 GDPR, please email support@clashbaselink.com and we will provide the relevant contact details.

Data Protection Officer (DPO)

We are not legally required to appoint a DPO, but privacy inquiries are handled by our designated privacy contact at the email above.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the "Last Updated" date at the top;
  • Post the revised policy on this page;
  • For material changes, provide a more prominent notice (e.g., site banner or email) at least 30 days before the change takes effect, where required by law.

Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the changes (subject to applicable law).

Version History

Version Date Summary
1.0 2025-09-23 Initial publication
2.0 2026-05-18 Expanded GDPR, CCPA/CPRA, multi-state US rights; added cookie table, retention schedule, security, transfers, breach notification, version history

19. Supercell Fan-Content Disclaimer

This material is unofficial and is not endorsed by Supercell. For more information see Supercell's Fan Content Policy: https://supercell.com/en/fan-content-policy/.

Clash of Clans and all related logos and characters are trademarks or registered trademarks of Supercell Oy.

Official Supercell Creator

I'm part of Supercell's Creators Program

This material is unofficial and is not endorsed by Supercell. See Fan Content Policy

BASE LINKS

INFO