Security Information

Understanding how we keep your account and downloads safe

Login Security (OAuth 2.0)

How Patreon OAuth Works

1

You click "Login with Patreon"

2

You're redirected to Patreon.com

3

You login on Patreon's secure page

4

Patreon sends us a temporary token

5

We use the token to check your subscription

Key Point: Your password is entered ONLY on Patreon.com. We never see it.

What to Check Before Logging In

  • The login page URL should be patreon.com
  • Look for the lock icon in your browser
  • The permission request should only ask for "identity" access

File Safety

What Are KK Cards?

Koikatsu character cards are PNG images with embedded character data. They are:

  • NOT executable - Cannot run code or install software
  • NOT scripts - Just image + data, no programming
  • Standard format - Same as any PNG photo

Why KK Cards Cannot Contain Malware

File Type Can Run Code? Risk Level
.exe, .bat, .ps1 Yes High Risk
.docx with macros Yes (if enabled) Medium Risk
.png (KK Card) No Safe

PNG files cannot execute code. The game reads the data, but it's just character parameters - not instructions.

You Can Verify Yourself

  1. 1 Download a card
  2. 2 Right-click → Properties → see it's a PNG image
  3. 3 Open with any image viewer - it shows the character portrait
  4. 4 Scan with your antivirus if you want extra peace of mind

Session Security

  • Session Duration: Your login lasts 24 hours maximum
  • Encryption: Session data is encrypted and signed
  • HTTPS: All connections are encrypted (check for )
  • Manual Logout: Click "Logout" anytime to end your session immediately

Common Security Questions

Can this site steal my Patreon account?

No. We use OAuth - we never see your password. We can only read your basic profile and subscription status. We cannot post, message, or change anything on your account.

Can the downloaded files harm my computer?

No. PNG files cannot execute code. They're the same format as photos on your phone. The embedded character data is just numbers (height, hair color, etc.).

Is the "tracking" you mention spyware?

No. The tracking is a small identifier embedded in the card data. It doesn't:

  • Phone home or send any data
  • Monitor your gameplay
  • Collect any information

It only matters if someone uploads the card to a piracy site - then we can identify where it came from.

What if I'm still worried?

That's okay! You can:

  • Get cards via Discord instead (ask on Patreon)
  • Scan downloaded files with antivirus
  • Check the file properties yourself
  • Ask questions - we're happy to explain more