Effective Date: 2026-05-01
Last Updated: 2026-05-08

1. Overview

This Privacy Policy ("Policy") describes how the Forza Horizon Car Wiki ("we", "us", "the Site") collects, uses, stores, and protects information when you visit our fan-community website. This Policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA / CPRA), the UK Data Protection Act, the People's Republic of China Personal Information Protection Law (PIPL), and Brazil's Lei Geral de Proteção de Dados (LGPD).

2. What Information We Collect

2.1 Automatically Collected (Standard Web Logs)

  • IP address (truncated where local law requires)
  • Browser type, version, and language
  • Operating system
  • Pages visited, time on page, and referring URL
  • Approximate location (country / region level only, via Cloudflare)
  • Device type (desktop, mobile, tablet)

2.2 Local Storage (Browser-Side, Never Sent to Our Servers)

  • fh_garage — your bookmarked car list (My Garage feature)
  • fh_theme — theme preference, if any
  • fh_consent — your cookie consent state

2.3 Third-Party Services We Use

  • Cloudflare — CDN, security, DDoS protection. Cloudflare Privacy Policy
  • Google Fonts — typography. Google Privacy
  • (Optional, with consent) Google Analytics 4 / Cloudflare Web Analytics — aggregate traffic only
  • (Optional, with consent) Google AdSense — see our Cookie Policy

3. Legal Basis for Processing (GDPR Article 6)

Where GDPR applies, we rely on the following legal bases:

  • Legitimate interest — for security logs, abuse prevention, and basic site analytics
  • Consent — for non-essential cookies, marketing analytics, and advertising
  • Legal obligation — for retention required by applicable law

4. How We Use Information

  • Operate, maintain, and secure the Site
  • Detect and prevent abuse, fraud, and DDoS attacks
  • Understand aggregate traffic patterns to improve content
  • Comply with applicable laws and respond to lawful requests

5. Data Retention

Retention periods
Data TypeRetention
Cloudflare access logs30 days (rolling)
Cloudflare security logs90 days
Aggregate analytics (if enabled)14 months
Local storage (browser-side)Until you clear it
DMCA / legal correspondence3 years

6. Data Security

We protect data using:

  • HTTPS encryption for all traffic (TLS 1.3)
  • Cloudflare WAF firewall and DDoS protection
  • No PII storage on origin servers — we don't operate user accounts
  • Principle of least privilege — minimal admin access

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. International Data Transfers

Cloudflare distributes traffic globally; logs may be processed in the United States, EU, Singapore, and other regions. Cloudflare's transfers comply with EU Standard Contractual Clauses and the EU-US Data Privacy Framework. By using the Site, you consent to such transfers.

8. Your Rights

8.1 Under GDPR (EU / UK Visitors)

  • Right of access — request a copy of any data associated with your IP
  • Right to rectification — correct inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your supervisory authority

8.2 Under CCPA / CPRA (California Residents)

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of sale or sharing — we do not sell personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your rights

8.3 Under PIPL (China Residents)

  • Right to access, copy, correct, and delete personal information
  • Right to withdraw consent
  • Right to file complaints with the Cyberspace Administration of China

9. What We Do Not Do

  • ❌ We do not require account registration
  • ❌ We do not collect personally identifiable information (PII)
  • ❌ We do not sell your data to third parties
  • ❌ We do not share data with marketing partners
  • ❌ We do not use behavioral fingerprinting
  • ❌ We do not track you across other websites

10. Children's Privacy (COPPA)

The Site is not directed to children under 13 (under 16 in some EU jurisdictions). We do not knowingly collect data from minors. If a parent or guardian believes a child has provided personal information, please contact us via Contact and we will delete it promptly.

11. Data Breach Notification

In the unlikely event of a data breach affecting personal data, we will notify affected users and the relevant supervisory authority within 72 hours, as required by GDPR Article 33-34 and equivalent local laws.

12. Changes to This Privacy Policy

We may update this Policy from time to time. Material changes will be posted on this page with an updated Effective Date. Continued use of the Site after changes constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.

13. Contact for Privacy Questions

For privacy questions, data access requests, or consent withdrawal:

  • 📧 Email: privacy@[your-domain].com
  • 📮 See our Contact page for full channels
  • ⏱️ We aim to respond within 30 days (GDPR / CCPA standard)