Privacy Policy
Effective: January 2025
What We Collect
Email address, username, hashed password (never plaintext), and usage data such as orders, credits, and achievements.
What We Don't Collect
Payment information, credit card numbers, billing addresses, or any financial data — because no real payments occur.
How We Use It
To provide your account, calculate XP and levels, track order history, and send in-app notifications.
Data Storage
Stored in a PostgreSQL database. Passwords are hashed with bcrypt. Sessions use secure JWT tokens.
Third Parties
We use Google OAuth for optional sign-in. We do not sell your data to advertisers or third parties.
Cookies
Session cookies to keep you logged in. No tracking or advertising cookies.