Terms of Service
Flower is unofficial, fan-created, independent, and non-profit, and as such, is not affiliated, maintained, authorized, guaranteed, subsidised, or endorsed by any third party. All product and company names are trademarks ™ or registered trademarks ® of their respective holders.
For the purposes of this document, "usage" ("using", "used", etcetera) of the network is defined as creating an account at a cabinet, registering that account on the web, or otherwise communicating (either directly or indirectly) with any server which forms part of the Flower network.
Playing on any cabinet connected to Flower should be considered an example of "indirect" communication.
By using Flower, you acknowledge that we provide it “as is”, without warranty or guarantee of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement.
In absolutely no event shall Team Flower or any individual member of Team Flower be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the network.
Access to Flower is a Privilege, not a Right
We provide no guarantee or warranty regarding availability, uptime, stability, or consistency of the Network.
The Flower Team reserves the right to revoke partial or full access at any time, for any reason.
Attacks & Reverse Engineering Strictly Prohibited
All persons using this service are not permitted to attempt / enact, or allow or encourage any party to attempt / enact, any kind of attack on the service, including but not limited to:
on any traffic between a location's Cabinets and the Server (including between a location's Cabinets and its VPN gateway), upon any Cabinets, upon any server related to the network, or upon the VPN gateway.
- Denial of Service
- XML injection
- packet disassembly
- packet tampering
- VPN network snooping
- memory editing
Not an exhaustive list of rules
Further to Term 3.i, we reserve the right to alter the list of rules, enact penalties, or expel parties from the network at our own discretion.
Locations should read the full set of Terms in their location documentation bundle.
Data and Information Secrecy
Location owners, key / credential holders, and persons otherwise associated with a location, are not permitted to share any information regarding connection details (including VPN Certificates / Keys / Parameters and PCBIDs / Hardware IDs) or detailed technical information (including source code) with any other party than Team Flower, or where explicitly permitted by a member of Team Flower.
Attacks & Reverse Engineering Strictly Prohibited
Location owners and persons otherwise associated with a location are not permitted to attempt / enact, or allow or encourage any party to attempt / enact, any kind of attack, as described at Term 4.i.
Modifications Prohibited except where explicitly allowed
Location owners, key / credential holders, and persons otherwise associated with a location are not permitted to modify the data running on any cabinet for the purposes of running outside the original specifications of that software, unless explicitly authorized by Team Flower.
Acceptance of Terms for Locations
A Location agrees to be bound by these terms by accepting the Service Connection message shown when starting a cabinet on our network for the first time.
For API Client Authors
An "API Client Author" is any person or entity which creates an "API Client" on our service.
Scraping is Not Allowed
Scraping any part of any Web UI (Vulkan or Kailua) which is not designated as an API endpoint is not permitted under any circumstances.
If you would like clarification on whether what you're doing is allowable, please contact us.
We are more than happy to add extra functionality to the API if you need it; again, please get in touch!
10.i should be read in addition to those restrictions at 4.i.
Applications should be Scoped Appropriately
An Application must only request oauth scopes which are required for it to perform its function.
Secrecy of Access Keys is the responsibility of the application owner
If you have any suspicion that an Application Secret's secrecy has been compromised, it must be revoked and reissued as soon as reasonably practicable.
Further, if you have any concern that a Secret has been used by a third party, this must also be reported to a member of the Team as soon as reasonably practicable.
We won't be mad; we just need to know!
Your data is important
(wow, we said it!). Here at Flower, we're not interested in scraping your play styles to sell to the highest bidder, or serving you ads, or anything like that; we just store just the data required to make the network run.
What follows is a brief summary of what we store, what we do with it, and the rights you have over it.
Play Data is data which we accumulate while you play on a Flower cabinet, which includes things like your profile name, your card NFC identifier, creation / usage timestamps, scores, progression, etcetera.
We also store a list of events including the number of credits dropped at each cabinet, which are theoretically reversible into approximate per-user counts based on timestamp (although we don't do this).
Game profile data (including ranking) is viewable by other users. Card information, events, and other such data is only viewable by yourself and network administrators.
Credit Data includes data associated with the Petals
system, including balance, topups, token usage (by user), and a list of all transactions. This data is not viewable by any parties other than yourself and network administrators.
User Data includes the email address and password which you sign up with, as well as a list of the Accounts (containing Play Data) which you have claimed ownership of.
Passwords are hashed and salted with industry standard protection methods, and can not be reversed into plaintext by anyone (not even administrators). Everything else is only viewable by yourself and network administrators.
We use two cookies, details of which are below:
||Cross-site request forgery protection token
This cookie provides a unique key for every request you make to our service to ensure that you are not a victim of a Cross-site request forgery attack. It is not personally identifiable, and is cleared on every page load.
||Authentication / Session Token
This cookie is the unique identifier given to you when you use our service. This allows us to keep you logged in, otherwise we'd totally forget about you! This cookie also identifies your specific user session, which we use to store things like your current language. We do not use it for anything like marketing or tracking.
Contact & Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998.
We only ever use the email address you have provided for important service updates (such as password changes), and we promise not to send you any spam or newsletters unless you explicitly opt in to them.
Email Service Updates
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers to any optional email service updates may un-subscribe at any time. This process is detailed at the footer of each email. If this doesn't work for any reason, please contact us at email@example.com.
Third Party Data Processing / Storage
All of our data is stored locally, and is never sent to any server or service outside of our direct control.
We're really proud to be able to say that.
Viewing your Data
Most of our data is available in our Web Interfaces
. We don't expose absolutely everything (including boring internal identifiers), but we do expose most everything of importance.
If that's not good enough for you, please get in touch at firstname.lastname@example.org, and we will be able to give you more detail as to what we store, and provide you with database dumps of your data. We plan on making this a self-service feature soon, so watch this space!
The Right to Be Forgotten
If you would like to remove any or all of your data, including play data, credit data, or credentials, please contact us at email@example.com. We'll get back to you as soon as possible.
Although this website only looks to include quality, safe and relevant external links, users should always adopt a policy of caution before clicking any external web links mentioned throughout this website.
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk, and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
External Payment Gateways
This website may, in future, direct you to perform some transactions at the websites of selected third party arcades. Where this is available, users should note that any transactions whilst at that external link are subject to the terms and/or policies of that third party, and that the availability of such is not an endorsement, affiliation, or implicit guarantee / warranty of that third party's services.
Users should further note that the owners of this website do not, and will never, receive any compensation, financial or otherwise, from any third parties participating in this feature.
External Voice Assistants
This website may, in future, provide you with the option of interacting with it through a "Voice Assistant" such as Amazon Echo / Alexa, Google Assistant, or Siri. If you enable the Flower skill on any of these services, we will send a unique access token to the Assistant's server, which is used purely for the purpose of identifying you to that Assistant.
If you interact with the Assistant (for example, to request your latest score), we will send a response, in the form of a string, which provides you with the information you requested (for example, your most recent score). This data will pass through your chosen Assistant's servers, which are out of our control.