KBM vs Controller

By using this site, you agree to the following:

Account credentials - When you register using the form, we collect your email address and the password you provide; the password is stored as a hashed value and is checked during login.
Google sign-in data - If you choose “Continue with Google,” the app loads Google Identity Services, receives the verified email address and Google account ID from the returned token, and stores that Google ID alongside your account record.
Voting activity - Each vote you cast is saved with your user ID, and the service updates or removes the record if you change your choice. Aggregate counts are calculated to display community results for every title you view.
Password reset data - When you ask for a password reset, the system generates a temporary token, enforces rate limits, emails reset instructions, and later removes the token after use.
Diagnostic information - OAuth-related server errors are appended to a local log file to help troubleshoot authentication issues.

Provide the service - We use your credentials or Google identity to authenticate you, keep your session active, and associate votes with your account so you can manage them later.
Protect the platform - The application embeds CSRF tokens in forms, regenerates session IDs after login, and rate-limits voting calls to guard against fraud and abuse.
Send account emails - Password reset messages are delivered from the no-reply address you see in the reset workflow so you can regain access to your account.

We rely on the standard PHP session cookie to remember that you are logged in, store the CSRF token used by authenticated requests, and enforce short-term voting limits; clearing or blocking this cookie will log you out and may disable parts of the site.

Google reCAPTCHA v2 helps prevent automated abuse on the email login form. Google may collect device or usage data when the widget loads.
Google Identity Services powers the “Continue with Google” button and token verification used for authentication.
Steam CDN assets (header and capsule images) are requested directly from Valve's servers for Steam-listed titles, which lets them receive standard web request information such as your IP address.
Interface and donation embeds load from third-party CDNs (Bootstrap, Bootstrap Icons) and Buy Me A Coffee when you view the relevant pages.

Apart from the integrations listed above, account, vote, and password-reset records are written to our own database via server-side code; we do not publish this information publicly except in aggregated vote totals.

Account and vote records remain in our database so you can continue using the service. Password reset tokens are cleared when a new token is issued or once the reset completes. Contact us if you would like assistance deleting an account or removing votes.

Passwords are hashed before storage, session IDs are regenerated after successful sign-in, CSRF tokens protect forms and APIs, and voting endpoints throttle rapid submissions to reduce abuse.
Error logs are maintained for OAuth failures so we can investigate suspicious behavior or outages.

You can sign in with Google or with the email form, update your password through the reset workflow, and request account or vote removal by contacting the site administrator.

KBM vs Controller is intended for general PC gaming audiences and is not designed for children under 13. If you believe we have collected a child's information, please notify us so we can delete it.

We may update this notice from time to time. Significant changes will be posted on the site, and the “Last updated” date will reflect the revision.