Privacy Policy

> Information We Collect

We collect information you provide when signing in via GitHub OAuth: your GitHub username, display name, email address, and avatar URL. We also collect contribution data including points earned across badge families, badge claim history, and nomination/vote records for special badges.

> How We Use Your Information

Your information is used to: (a) authenticate your identity and manage your account; (b) track and display your contribution progress and badges; (c) facilitate badge nominations and voting among maintainers; (d) issue verifiable credentials through certifier.io; (e) communicate service updates and changes.

> Data Sharing

We do not sell your personal data. We may share limited information with certifier.io solely for the purpose of issuing digital credentials. We may disclose information if required by law or to protect the rights, property, or safety of DemonDie, its users, or the public.

> Data Storage & Security

Data is stored securely using Supabase with PostgreSQL encryption at rest. Authentication is managed through NextAuth.js with GitHub OAuth. We implement industry-standard security measures including rate limiting, input validation, and HTTP security headers. However, no method of electronic storage is 100% secure.

> Third-Party Services

The Service integrates with GitHub (OAuth authentication), Supabase (database and storage), and certifier.io (credential issuance). Each service has its own privacy policy governing data handling. We encourage you to review their policies.

> Your Rights

You may request access to, correction of, or deletion of your personal data by contacting us through the project repository. Your GitHub profile data is managed through your GitHub account settings. Badge claim history may be retained for system integrity purposes.

> Cookies & Local Storage

We use essential cookies for session management and authentication via NextAuth.js. No tracking cookies, analytics cookies, or third-party advertising cookies are used. Local storage may be used for theme preferences and session state.

> Data Retention

Account data is retained for as long as your account remains active. Upon account deletion request, personal data will be removed within 30 days. Aggregated and anonymized contribution statistics may be retained indefinitely.

> Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted to this page with an updated "Last updated" date. Material changes will be communicated via service announcements.

> Contact

For questions about this Privacy Policy or data handling practices, please open an issue on the project repository or reach out through the DemonDie community channels.