Privacy Policy

1. Information We Collect

We collect information necessary to provide and improve the PokeChronicle service:

• Account information: email address, chosen handle, display name, optional bio, theme preference.
• Authentication metadata: session identifiers, login provider (magic link or Discord OAuth), timestamps of sign in and sign out, and age-and-terms confirmation at signup.
• Service usage data: cards added to your collection, lessons completed, quests started or finished, guilds joined, badges earned, accumulated XP.
• Payment information: when subscriptions are live, payment is processed by Stripe; we receive a customer identifier and subscription status but do not store full card numbers.
• Technical data: IP address (used for rate limiting and abuse prevention), user-agent string, basic request logs.

2. How We Use Information

To provide the Service; to authenticate and secure your account; to enforce rate limits and detect abuse; to communicate service-related updates; and to comply with legal obligations. We do not sell personal information.

3. How We Share Information

We rely on the following processors to operate the Service:

• Supabase — database, authentication, file storage. Data is stored in their US East region.
• Netlify — application hosting and content delivery.
• Stripe — payment processing when subscriptions are live.
• Discord — optional OAuth login provider; we receive your Discord user id and email if you choose this method.
• Pokémon TCG API — public card metadata; no user data is shared with this API.

We may disclose information when required by law, to enforce our Terms, or to protect the rights, safety, or property of PokeChronicle or its users.

4. Data Retention

We retain account and usage data while your account is active. Upon account deletion, personal data is hard-deleted from our primary database within thirty (30) days. Aggregated, anonymized data may be retained for analytics purposes.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your account and associated data.
• Export your collection and profile data.
• Object to or restrict certain processing.

You can delete your account at any time from your account settings. For other requests, contact privacy@pokechronicle.com (or sledheadspl@gmail.com pending domain provisioning).

6. Cookies & Tracking

We use first-party cookies for authentication session management and for storing your cookie consent decision. Optional analytics cookies are only loaded after you provide consent. See our Cookie Policy for the full inventory.

7. Children’s Privacy

PokeChronicle is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.

8. International Users

PokeChronicle is operated from the United States and your data is stored on US-based servers. By using the Service from outside the United States, you consent to the transfer of your data to and its processing in the United States.

9. Security

We protect personal information using industry-standard practices, including encryption in transit (HTTPS), row-level security policies on our database, scoped access tokens for our integrations, and least-privilege access to our infrastructure. No method of electronic storage is perfectly secure; we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service. The “Last updated” date at the top reflects the latest revision.

11. Contact

Questions about this policy or our data practices: privacy@pokechronicle.com (or sledheadspl@gmail.com pending domain provisioning).