Privacy Policy — God's Church

1. Who we are

God's Church (the "Service") is operated by the team behind gods.church. For privacy questions, contact us at [email protected].

This policy explains what personal information we collect when you use gods.church, how we use it, and the choices you have about it.

2. What we collect

Account information

When you create an account, we ask for:

Email address — to identify your account, send password resets, and (optionally) re-engagement notifications.
Username — your public display name on the leaderboard and in battles.
Password — stored as a salted, peppered bcrypt hash. We never see your plaintext password.

Gameplay data

As you play, we record:

Battle results (wins, losses, draws, ELO changes).
Per-question answers, response times, and whether you got them right.
Streak counts, achievements, and rank tier progression.
Question reports you submit.

Technical data

Like any web service, our server logs:

IP address (used for rate-limiting and abuse prevention).
Browser user-agent string.
Timestamps of requests.
Pages and API endpoints accessed.

We do not use third-party analytics that fingerprint you across sites (no Google Analytics, no Facebook Pixel, no ad networks). Cloudflare provides basic traffic metrics at the edge — see third-party services.

Anonymous guest play

If you play without an account, we issue a temporary session cookie that tracks your three guest battles. This anonymous session is not linked to any personally identifying information. If you later sign up, your guest stats migrate into your new account.

3. Why we collect it

We collect this data for these purposes only:

To run the game. Match you with opponents, track your rank, store your battle history.
To keep you signed in. Session cookies prevent you from having to log in on every page load.
To prevent abuse. Rate limits, banned-account enforcement, audit logs for suspicious behavior.
To communicate with you. Email verification, password resets, optional re-engagement when you've been away. You can opt out of non-essential email anytime.
To improve the game. Aggregate, anonymized stats (e.g. "which questions are too hard") inform our content roadmap. We never use individual gameplay for anything else.

We do not use your data for advertising, profile-building, psychographic targeting, or sale to data brokers. None of those things are part of the business model.

4. Cookies & local storage

We use a small number of cookies, all functional, none for tracking:

gc_session — keeps you signed in. Expires after 30 days.
gc_anon — tracks guest sessions before signup. Expires after 7 days.
CSRF token — stored in your session, prevents cross-site request forgery on state-changing actions.

All cookies are HttpOnly, Secure, and SameSite=Lax by default.

Browser localStorage may be used by future PWA features for offline caching. We do not store sensitive data there.

We share data with third parties only in these limited cases:

Service providers — companies that help us operate (hosting, email delivery, payment processing). They are contractually bound to handle your data only on our behalf and only for the listed purpose. See section 6.
Legal compliance — if required by valid legal process (subpoena, court order). We will challenge requests we believe are overbroad or unlawful.
Aggregated, anonymized data — we may publish aggregate statistics ("X battles played this week") that cannot be tied to any individual.

We have never sold personal data, and we never will. If God's Church is ever acquired, the acquiring entity will be required to honor this policy or notify you and offer account deletion.

6. Third-party services

We use the following services to run the Service:

GoDaddy — web hosting (your data is stored on shared infrastructure with their security controls).
Cloudflare — DNS, CDN, and basic DDoS protection. Cloudflare sees IP addresses and request headers as traffic passes through.
Microsoft 365 — outbound transactional email (verification, password reset, notifications) via the [email protected] mailbox.
Stripe (if you subscribe) — payment processing. We never see your full card number; Stripe handles that. We retain only the Stripe customer ID and subscription status.

7. Data retention

Account data — retained while your account is active. Inactive accounts (no login in 24 months) may be deleted after we notify the registered email.
Gameplay history — retained for the life of your account.
Audit logs — retained for 90 days for security and abuse investigation.
Server logs — rotated and deleted after 30 days.
Anonymous sessions — deleted 7 days after last activity if not converted to a signed-up account.

8. Your rights

You have the right to:

Access the personal data we hold about you. Email us and we'll send it within 30 days.
Correct any inaccurate information. Most of it (display name, email, avatar) is editable in your profile.
Delete your account and all associated data. Email [email protected] from your account's registered address. Deletion is permanent.
Export your data in a portable format (JSON). Same email process.
Opt out of non-essential emails. There's an unsubscribe link in every non-transactional message.

EU/UK residents: you have additional rights under GDPR/UK GDPR including the right to object to processing and to lodge complaints with your supervisory authority.

California residents: the CCPA gives you the right to know what we collect, to delete it, and to non-discrimination for exercising these rights. We do not sell personal information.

9. Children's privacy

God's Church is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, please contact us and we will delete it promptly.

Parents and guardians: if you'd like to enable a younger child to use the Service under your supervision, please email us so we can discuss a parental-consent process.

10. Security

We protect your data with industry-standard practices:

HTTPS encryption on every page and API endpoint (TLS 1.2+).
Passwords stored as bcrypt hashes with a server-side pepper and cost factor 12.
Parameterized database queries (no SQL injection vulnerability surface).
CSRF tokens on all state-changing requests.
Strict Content-Security-Policy headers.
Rate-limiting on authentication endpoints to prevent brute-force attacks.
Audit logging of admin actions and security-sensitive events.

That said, no system is perfectly secure. If you discover a vulnerability, please email [email protected] with details. We appreciate responsible disclosure and will respond within 72 hours.

11. Changes to this policy

We may update this policy as the Service evolves. If we make material changes, we'll notify registered users by email and post a notice on the site at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the latest revision.

12. Contact

For privacy questions, data requests, or to exercise any of your rights under this policy:

Email: [email protected]
Subject line: "Privacy request — [your username]"

We aim to respond within 5 business days. Formal data access or deletion requests are fulfilled within 30 days (or as required by applicable law, whichever is shorter).