Privacy Policy

⚖️ Legal Information & Data Controller

This Privacy Policy describes how we collect, use, process, and protect your information when you use our Service. By using OpenFront.app, you agree to the collection and use of information in accordance with this Privacy Policy.

GDPR Compliance: As we operate from France and serve users in the European Union, this Privacy Policy fully complies with:

• General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
• French Data Protection Act (Loi Informatique et Libertés - Law 78-17 of January 6, 1978)
• ePrivacy Directive (Directive 2002/58/EC)

📋 Interpretation and Definitions

Definitions

For the purposes of this Privacy Policy:

• Service refers to the OpenFront.app website, web application, and any associated Discord Bot functionality.
• Personal Data means any information relating to an identified or identifiable natural person as defined under GDPR Article 4(1).
• Processing means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
• Usage Data refers to data collected automatically through the use of the Service or from the Service infrastructure.
• Cookies are small text files placed on your device by a website to store information about your preferences.
• Data Controller refers to the individual operator of OpenFront.app (based in France) who determines the purposes and means of processing Personal Data.
• Data Processor refers to third parties who process data on behalf of the Data Controller (e.g., Hetzner, Cloudflare).
• You/User means the individual accessing or using the Service.
• Device means any device that can access the Service such as a computer, mobile phone, or tablet.
• EEA means the European Economic Area.

📊 Information We Collect

3.1 Personal Data

While using our Service, we may collect the following types of personally identifiable information:

• Email address (only if you voluntarily create an account or contact us)
• Discord User ID and username (only if using Discord Bot integration - collected via Discord OAuth)
• Discord Server information (server ID, channel IDs when the Bot is added)
• Game progress and statistics (gameplay data, scores, achievements - may be stored locally in your browser or on our servers if you have an account)
• Account credentials (encrypted passwords if you create an account)
• Communication data (if you contact us via email or Discord)

3.2 Usage Data (Automatically Collected)

We automatically collect Usage Data when you use the Service, including:

• IP address (may be anonymized or processed by Cloudflare for security purposes)
• Browser information (type, version, language settings)
• Device information (operating system, screen resolution, device type)
• Browsing behavior (pages visited, time spent, click patterns)
• Referral source (website you came from)
• Game interactions (session duration, features used, in-game actions)
• Technical logs (error messages, crash reports, performance metrics)
• Timestamps (date and time of your visits and interactions)

3.3 Discord Integration Data

If you choose to use our Discord Bot, we collect:

• Discord User ID (permanent unique identifier)
• Username and discriminator (e.g., Username#1234)
• Avatar URL (profile picture)
• Server/Guild ID (identifier of Discord servers where the bot is present)
• Server member information (roles, permissions, join date)
• Bot command messages (commands you send to the bot)
• Bot interaction logs (timestamps, command history)

Note: We only collect Discord data with your explicit authorization when you add the bot to your server or use Discord OAuth login. You control what permissions the bot has.

3.4 Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

Essential Cookies (Strictly Necessary)

These cookies are required for the Service to function and cannot be disabled:

• Session cookies: Maintain your login session (deleted when you close your browser)
• Authentication tokens: Verify your identity if you're logged in
• Security cookies: Prevent CSRF attacks and protect against malicious activity
• Load balancing cookies: Ensure consistent server routing (by Cloudflare)

Functional Cookies

These cookies remember your preferences (you can disable them in browser settings):

• Language preference: Remember your selected language
• Theme settings: Remember dark/light mode or display preferences
• Volume/sound settings: Remember your audio preferences
• Cookie consent: Remember if you accepted our cookie policy

Analytics Cookies (if applicable)

Help us understand how visitors use our Service:

• Usage analytics: Page views, session duration, bounce rate
• Performance monitoring: Load times, error rates
• We do NOT use Google Analytics or similar third-party tracking services that share data with advertisers

Advertising Cookies (Playwire - if applicable)

If we enable advertising through Playwire LLC:

• Ad delivery cookies: Serve relevant advertisements
• Ad performance cookies: Measure ad effectiveness
• User profiling cookies: Build advertising profiles (anonymized)
• See Section 8 for opt-out options

Cookie Control: You can control cookies through your browser settings. Note that blocking essential cookies may prevent the Service from functioning properly. For more information on managing cookies, visit: www.allaboutcookies.org

🎯 How We Use Your Data

4.1 Legal Basis for Processing (GDPR Article 6)

We process your Personal Data under the following legal bases:

• Consent (Article 6(1)(a)): When you explicitly agree (e.g., creating an account, accepting cookies, authorizing Discord bot). You can withdraw consent at any time.
• Contractual Necessity (Article 6(1)(b)): To provide the Service you requested (e.g., saving game progress, account management).
• Legitimate Interests (Article 6(1)(f)): To improve our Service, prevent fraud, ensure security, and analyze usage patterns. Our legitimate interests are balanced against your rights and do not override your fundamental rights.
• Legal Obligation (Article 6(1)(c)): To comply with applicable laws (e.g., French tax law, data protection law).

4.2 Purposes of Data Processing

We use your information for the following specific purposes:

Service Provision

• Operating the game and web application
• Saving your game progress and statistics
• Managing user accounts and authentication
• Providing Discord bot functionality
• Delivering content and features you request

Communication

• Responding to your inquiries and support requests
• Sending important service updates (e.g., maintenance notifications)
• Sending promotional content only with your explicit consent (you can opt-out anytime)
• Announcing new features or updates via Discord (if you're in our server)

Service Improvement

• Analyzing usage patterns to improve user experience
• Identifying and fixing bugs or technical issues
• Developing new features based on user behavior
• Conducting A/B testing for feature optimization
• Improving game balance and difficulty

Security and Fraud Prevention

• Detecting and preventing fraudulent activity
• Protecting against spam, abuse, and malicious behavior
• Monitoring for DDoS attacks and security threats (via Cloudflare)
• Enforcing our Terms of Service
• Investigating violations or complaints

Legal Compliance

• Complying with French and EU legal obligations
• Responding to lawful requests from authorities
• Protecting our legal rights in disputes
• Maintaining records as required by law

4.3 What We Do NOT Do With Your Data

We are committed to protecting your privacy. We do NOT:

• ❌ Sell your Personal Data to third parties for profit
• ❌ Share your data with advertisers for targeted advertising (except anonymized data through Playwire if applicable)
• ❌ Send unsolicited marketing emails without your explicit consent
• ❌ Use your data for purposes other than those stated in this policy
• ❌ Share your Discord messages or private communications
• ❌ Track you across other websites (we don't use cross-site tracking)
• ❌ Create detailed personal profiles for advertising purposes

🔗 Data Sharing and Third-Party Services

5.1 Third-Party Service Providers (Data Processors)

We share data with the following third parties who process data on our behalf under strict data processing agreements:

Hosting and Infrastructure

• Hetzner Online GmbH (Germany - EEA)
  Purpose: Server hosting, data storage, and infrastructure
  Data Shared: All data stored on our servers (user accounts, game data, logs)
  Legal Basis: Contractual necessity + Legitimate interest
  Location: Germany (EEA) - GDPR compliant
  Safeguards: ISO 27001 certified, GDPR-compliant data center
  Privacy Policy: https://www.hetzner.com/legal/privacy-policy
• Cloudflare, Inc. (USA - International Data Transfer)
  Purpose: Content Delivery Network (CDN), DDoS protection, SSL/TLS encryption, performance optimization, security filtering
  Data Shared: IP addresses, request headers, cookies, browser fingerprints, traffic patterns
  Legal Basis: Legitimate interest (security and performance)
  Location: USA with global data centers
  Safeguards: EU-US Data Privacy Framework participant, Standard Contractual Clauses (SCCs), data centers in EU available
  Data Retention: Cloudflare retains logs for limited periods (see their policy)
  Privacy Policy: https://www.cloudflare.com/privacypolicy/

Communication Platforms

• Discord Inc. (USA - International Data Transfer)
  Purpose: Discord bot functionality, user authentication via OAuth, community features
  Data Shared: Discord User ID, username, avatar, server information, bot command messages
  Legal Basis: Consent (when you authorize the bot) + Contractual necessity
  Location: USA with global infrastructure
  Safeguards: Standard Contractual Clauses (SCCs), Discord's own GDPR compliance measures
  Your Control: You can revoke bot permissions or remove the bot at any time from your Discord server settings
  Privacy Policy: https://discord.com/privacy
  Note: When you use our Discord Bot, you are also subject to Discord's own Terms of Service and Privacy Policy. We have no control over Discord's data practices.

Email Service (if applicable)

• ProtonMail / Proton AG (Switzerland)
  Purpose: Email communications ([email protected])
  Data Shared: Email content when you contact us
  Location: Switzerland (adequate level of protection recognized by EU)
  Safeguards: End-to-end encryption, Swiss privacy laws
  Privacy Policy: https://proton.me/legal/privacy

Advertising (if applicable)

• Playwire LLC (USA - International Data Transfer)
  Purpose: Advertising services and monetization
  Data Shared: Anonymized usage data, cookies, IP addresses (may be anonymized), device information, browsing behavior
  Legal Basis: Consent (via cookie banner) + Legitimate interest
  Location: USA
  Safeguards: Standard Contractual Clauses (SCCs), data anonymization where possible
  Your Choices: You can opt out of personalized ads (see Section 8)
  Privacy Policy: https://www.playwire.com/privacy-policy

5.2 International Data Transfers

Important Information: Some of our service providers are located outside the European Economic Area (EEA), particularly in the United States. Under GDPR Chapter V, transfers to countries not recognized by the EU Commission as providing adequate protection require additional safeguards.

Our Safeguards for International Transfers:

• Standard Contractual Clauses (SCCs): We use EU Commission-approved Standard Contractual Clauses (Decision 2021/914) with Cloudflare and Discord to ensure GDPR-level protection.
• EU-US Data Privacy Framework: Some providers (like Cloudflare) participate in the EU-US Data Privacy Framework, providing additional safeguards.
• Data Minimization: We minimize the amount of personal data transferred outside the EEA.
• Encryption: All data transfers are encrypted in transit (TLS/HTTPS).
• Adequacy Decisions: For Switzerland (ProtonMail), the EU recognizes adequate protection.

Your Rights: You have the right to obtain information about the safeguards we use for international data transfers. You can also object to such transfers in certain circumstances. Contact us for more details.

5.3 Other Disclosures

We may disclose your Personal Data in the following limited circumstances:

• Legal Requirements: To comply with legal obligations, court orders, subpoenas, or valid requests from French or EU public authorities (e.g., police, tax authorities, CNIL).
• Protection of Rights: To protect and defend our rights, property, or safety, or that of our users or the public. This includes enforcing our Terms of Service and investigating potential violations.
• Business Transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy. In such cases, we will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy. You will have the opportunity to delete your account before such transfer.
• With Your Consent: For any other purpose with your explicit, informed consent. We will clearly explain what data will be shared and for what purpose before obtaining your consent.
• Aggregated/Anonymized Data: We may share aggregated or anonymized data that cannot identify you personally (e.g., "50% of users prefer dark mode") with partners or for research purposes.

5.4 We Do NOT Share Data With

• ❌ Data brokers or marketing companies
• ❌ Social media platforms (except Discord, when you explicitly use our bot)
• ❌ Insurance companies
• ❌ Credit reporting agencies
• ❌ Political organizations
• ❌ Any entity for purposes unrelated to providing our Service

🗄️ Data Retention

We retain your Personal Data only as long as necessary for the purposes set out in this Privacy Policy. Our retention periods are:

6.1 Account and User Data

• Active accounts: As long as your account remains active
• Deleted accounts: Up to 30 days in backups, then permanently deleted
• Game progress/statistics: Retained while your account is active; deleted when you delete your account
• Login credentials: Deleted immediately upon account deletion (encrypted passwords are overwritten)

6.2 Communication Records

• Support emails: Up to 2 years after last contact (for support continuity)
• Discord bot messages: Command logs retained for up to 30 days (for debugging), then deleted
• Contact form submissions: Up to 1 year after resolution

6.3 Technical and Usage Data

• Server logs: 90 days (for security and debugging purposes)
• Error logs: 180 days (for bug fixing and performance monitoring)
• Analytics data: Aggregated data retained indefinitely; individual session data up to 24 months
• IP addresses: 90 days (may be anonymized after 7 days)
• Cloudflare logs: Retained according to Cloudflare's policy (typically 24-72 hours)

6.4 Legal and Financial Records

• Tax records: 10 years (as required by French law - Code Général des Impôts)
• Legal correspondence: Duration of legal matter plus 5 years
• GDPR request records: 3 years (to demonstrate compliance)

6.5 Cookies

• Session cookies: Deleted when you close your browser
• Persistent cookies: 1-12 months depending on type (you can delete them anytime via browser settings)
• Advertising cookies (Playwire): According to their retention policy (typically up to 12 months)

6.6 Deletion Process

After the retention period expires:

• We securely delete your Personal Data from our active systems
• We overwrite data on storage devices to prevent recovery
• We anonymize data where deletion is not possible (e.g., for legitimate statistical analysis)
• Backup copies are deleted within 30 days after the retention period

Exception: We may retain data longer if required by law, to resolve disputes, enforce our agreements, or if you give consent for extended retention.

✅ Your Rights Under GDPR

As a data subject in the EU (GDPR Chapter III), you have the following rights. We are committed to facilitating the exercise of these rights:

7.1 Right of Access (Article 15)

You have the right to:

• Obtain confirmation whether we process your Personal Data
• Request a copy of all Personal Data we hold about you
• Receive information about the purposes, categories, recipients, and retention periods

How to exercise: Email us at [email protected] with subject "GDPR Access Request". We will provide the data in a commonly used electronic format (PDF or JSON).

Response time: Within 1 month (extendable by 2 months if complex).

Cost: First request is free. Additional requests may incur a reasonable fee if manifestly unfounded or excessive.

7.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete Personal Data.

How to exercise: Log into your account settings to update most information, or contact us for data you cannot modify yourself.

Response time: Corrections made within 1 month.

7.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your Personal Data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required to comply with a legal obligation

How to exercise: Delete your account via account settings, or email us at [email protected] with subject "GDPR Erasure Request".

Response time: Account and data deleted within 30 days.

Limitations: We may retain certain data if required by law (e.g., tax records) or to establish, exercise, or defend legal claims.

7.4 Right to Restriction of Processing (Article 18)

You can request that we limit processing of your data when:

• You contest the accuracy of the data (while we verify it)
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing (while we verify whether our legitimate grounds override yours)

How to exercise: Contact us with a clear explanation of why you're requesting restriction.

7.5 Right to Data Portability (Article 20)

You can request your data in a structured, commonly used, machine-readable format (JSON or CSV) and have it transmitted to another controller.

Applies to: Data you provided to us (not data we generated about you) that we process based on consent or contract.

How to exercise: Email us specifying what data you want and in what format.

7.6 Right to Object (Article 21)

You can object to processing based on:

• Legitimate interests: We will stop processing unless we demonstrate compelling legitimate grounds that override your rights
• Direct marketing: We will immediately stop processing for marketing purposes (no exceptions)
• Profiling: You can object to automated decision-making and profiling (we don't currently do this)

How to exercise: Contact us or use the "unsubscribe" link in marketing emails.

7.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

How to exercise: Update cookie preferences, revoke Discord bot permissions, or contact us to withdraw specific consents.

7.8 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority if you believe we have violated GDPR:

• France (Lead Supervisory Authority):
  Commission Nationale de l'Informatique et des Libertés (CNIL)
  Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
  Phone: +33 1 53 73 22 22
  Website: https://www.cnil.fr/en/home
  Online complaint: https://www.cnil.fr/en/plaintes
• Your Country: You may also contact the data protection authority in your EU country of residence or workplace.

7.9 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects.

Current status: We do NOT currently use automated decision-making or profiling that produces legal or significant effects on you. If this changes, we will update this policy and notify you.

7.10 How to Exercise Your Rights

Contact methods:

• Email: [email protected] (preferred method)
• Discord: discord.gg/f2gPmFVs (for informal inquiries)
• Subject line: Include "GDPR Request" for faster processing

What to include in your request:

• Your full name and email address associated with your account
• Clear description of which right you wish to exercise
• Any additional information to help us locate your data
• Proof of identity (if we cannot verify you otherwise)

Our response:

• We will respond within 1 month of receiving your request
• We may extend this by 2 additional months for complex requests (we will inform you within the first month)
• If we cannot fulfill your request, we will explain why
• All requests are processed free of charge (unless manifestly unfounded or excessive)

Identity verification: To protect your privacy, we may ask you to verify your identity before processing requests. This may include confirming account details or providing additional identification.

📢 Advertising (Playwire)

If we enable advertising services on this website, they are managed by Playwire LLC. Advertising helps us keep the game free to play.

8.1 What Data Playwire Collects

Playwire may collect and use the following data for advertising purposes:

• IP address (may be anonymized)
• Device information (type, operating system, screen size)
• Browser information (type, version, language)
• Browsing behavior (pages viewed, time spent, clicks)
• Cookies and similar tracking technologies
• Approximate location (country/city level, not precise GPS)
• Ad interaction data (impressions, clicks, conversions)

8.2 How Playwire Uses Your Data

• Serving relevant advertisements based on your interests
• Measuring ad performance and effectiveness
• Building anonymized user profiles for advertising purposes
• Preventing ad fraud and ensuring ad quality
• Complying with advertising standards and regulations

8.3 Your Advertising Choices (Opt-Out)

You have control over personalized advertising:

• Cookie Settings: Adjust your cookie preferences using our cookie banner (appears on first visit). You can disable advertising cookies while keeping essential cookies.
• Playwire Opt-Out: Visit Playwire's privacy policy and opt-out page:
  https://www.playwire.com/privacy-policy
• Browser Settings: Enable "Do Not Track" (DNT) in your browser settings. Most modern browsers support this feature.
• European Opt-Out: Use the European Interactive Digital Advertising Alliance (EDAA) opt-out tool:
  www.youronlinechoices.eu
• Industry Opt-Outs:
  • NAI (Network Advertising Initiative): optout.networkadvertising.org
  • DAA (Digital Advertising Alliance): optout.aboutads.info
• Ad Blockers: Browser extensions like uBlock Origin or AdBlock Plus can block advertising entirely (though this may affect our ability to keep the service free).

Note: Opting out of personalized advertising does not mean you won't see ads. You will still see advertisements, but they will be less relevant to your interests (generic ads).

8.4 Playwire's Privacy Policy

Playwire is an independent data controller for the data they collect. Their data practices are governed by their own privacy policy. We recommend reviewing it:

https://www.playwire.com/privacy-policy

🔐 Data Security

We take the security of your Personal Data seriously and implement industry-standard technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction.

9.1 Technical Security Measures

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2+ (HTTPS).
• Encryption at Rest: Sensitive data (passwords, personal information) is encrypted when stored on our servers using AES-256 encryption.
• Password Security: User passwords are hashed using bcrypt with salt (never stored in plain text).
• DDoS Protection: Cloudflare protects against Distributed Denial of Service attacks.
• Firewall & Network Security: Server firewalls restrict unauthorized access. Only necessary ports are open.
• Regular Security Updates: We apply security patches and updates promptly to all systems and dependencies.
• Secure Hosting: Hetzner provides ISO 27001 certified data centers with physical security measures.

9.2 Organizational Security Measures

• Access Control: Access to Personal Data is limited to the operator on a need-to-know basis. No unnecessary access is granted.
• Data Minimization: We collect only the minimum data necessary for the Service to function.
• Employee Training: (If applicable in the future) Any employees or contractors with data access will be trained on GDPR and data protection principles.
• Confidentiality Agreements: Third-party processors (Hetzner, Cloudflare) are bound by confidentiality and data processing agreements.
• Incident Response Plan: We have procedures to detect, respond to, and notify users of data breaches within 72 hours (as required by GDPR Article 33).
• Regular Audits: We periodically review our security practices and conduct vulnerability assessments.

9.3 Data Breach Notification

In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the CNIL (French supervisory authority) within 72 hours of becoming aware of the breach (GDPR Article 33)
• Notify affected users without undue delay if the breach is likely to result in a high risk to their rights (GDPR Article 34)
• Provide information about the nature of the breach, likely consequences, and measures taken to mitigate harm
• Post a public notice on our website if user notification is not feasible

9.4 Limitations

Important Disclaimer: No method of transmission over the Internet or electronic storage is 100% secure. While we implement commercially reasonable security measures to protect your Personal Data, we cannot guarantee absolute security.

You are responsible for:

• Keeping your password confidential and not sharing it with others
• Logging out of your account after use, especially on shared devices
• Using strong, unique passwords (consider using a password manager)
• Reporting any unauthorized access or security concerns immediately

👶 Children's Privacy

Our Service is not directed to children and we do not knowingly collect Personal Data from children.

10.1 Age Restriction

Our Service is not intended for individuals under the age of 16 years old (or the minimum age of digital consent in your country, if higher). This complies with GDPR Article 8.

10.2 Parental Consent

If we need to rely on consent as a legal basis for processing and your country requires consent from a parent, we may require parental consent before collecting and using that information.

10.3 If You Are a Parent or Guardian

If you believe your child under 16 has provided us with Personal Data without your consent:

• Contact us immediately at [email protected]
• We will verify the situation and take steps to delete the information from our servers as soon as possible
• We will confirm deletion to you within 30 days

10.4 Discord Age Restrictions

Discord's Terms of Service require users to be at least 13 years old (or older depending on jurisdiction). By using our Discord bot, you confirm you meet Discord's age requirements. We are not responsible for enforcing Discord's age restrictions.

🔗 Links to Other Websites

Our Service may contain links to third-party websites, services, or resources that are not operated or controlled by us.

11.1 Third-Party Links

These may include:

• Social media platforms (Discord, Reddit, Twitter/X)
• Partner websites or services
• Open-source project repositories (GitHub)
• Support or documentation sites
• Advertising or sponsor links

11.2 No Responsibility

We have no control over and assume no responsibility for:

• The content, privacy policies, or practices of third-party sites
• How third parties collect, use, or protect your data
• The accuracy or legality of third-party content

11.3 Your Responsibility

We strongly advise you to:

• Review the Privacy Policy of every site you visit
• Be cautious about what information you share with third parties
• Verify the legitimacy of links before clicking (to avoid phishing)

🔄 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features.

12.1 How We Notify You

For significant changes that materially affect your rights, we will notify you via:

• Prominent website notice: A banner will appear on our homepage for at least 30 days
• Email notification: If you have provided an email address and have an account
• Discord announcement: Posted in our official Discord server
• Effective date: Changes take effect 30 days after notification (giving you time to review)

For minor changes (e.g., clarifications, typo fixes), we will:

• Update the "Last Updated" date at the top of this policy
• Post the updated policy on this page
• Changes take effect immediately upon posting

12.2 Your Options After Changes

After we notify you of significant changes:

• Accept: Continue using the Service (implies acceptance of the new policy)
• Object: Contact us to exercise your GDPR rights (e.g., withdraw consent, request deletion)
• Delete Account: You can delete your account before the changes take effect if you disagree

12.3 Review Periodically

You are advised to review this Privacy Policy periodically for any changes. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12.4 Version History

Previous versions of this Privacy Policy may be available upon request (email us for the version history).

🎮 Open Source and Independence Notice