Sign in

Privacy

DRAFT — this describes how the site actually works today, but is not lawyer-reviewed policy text.

What we store

  • Your posts, checks, judgments, bingo boards, and reactions. Always — that's the product. Signed-in content is linked to your account; anonymous content is linked to a random per-browser id cookie so votes and reactions can dedupe per person.
  • Your account if you sign up: a stable id, the OAuth provider name (Google/Discord/Apple), the provider's opaque user id, your chosen handle, your display name and avatar URL as given to us by the provider.
  • Session cookies. One signed JWT for your login session, one anon id, one theme preference.
  • Request logs. IP address, user-agent, URL, status code, duration. Kept for operational use (debugging, rate-limit abuse), rotated regularly.

What we don't store

  • Passwords. We don't run our own password system — all auth is via OAuth.
  • Your OAuth provider's access token. Auth.js holds it for the duration of the sign-in flow; we don't persist it.
  • Analytics, fingerprints, behaviour trackers, or ad identifiers.
  • Your email address, unless Auth.js passes it to us during sign-in; we don't currently store it.

What we share

The text you submit to /check, /aita, and text reactions is sent to a third-party AI provider so the model can respond to it. Their terms apply to those requests. We don't share anything else with anyone.

Your choices

  • You can delete individual posts / checks (coming soon; for now, email us).
  • You can delete your account (coming soon; for now, email us).
  • Anonymous content tied to a browser cookie isn't tied to you; clearing cookies detaches it from your device.

Contact

See the contact page.

Last updated: draft, pre-launch.