Privacy Policy

1. Information we collect

Account information: when you sign in we receive your email address and, if you use a social login (Google or Discord), the basic profile identity that provider shares (such as your name and account identifier). You may also set a display name.

Content you create: the cosplans, canvases, and blocks you make — including text notes, checklists, links, and references — together with their layout and timestamps.

Pinterest data: if you choose to connect Pinterest, we store the board metadata you select (board name, URL, identifier, and cover thumbnails) and the OAuth tokens needed to access it on your behalf. See section 4.

Technical data: standard information your browser sends (such as IP address and user agent) and session cookies required to keep you signed in.

2. How we use your information

We use your information to provide and maintain the Service: to authenticate you, store and sync the cosplans you create, display the Pinterest references you connect, and keep the app working offline.

We use technical data to operate, secure, and debug the Service. We do not sell your personal information, and we do not use your content to train machine-learning models.

3. Legal bases

Where applicable law (such as the GDPR) requires a legal basis, we rely on the performance of our contract with you (to provide the Service you sign up for), your consent (for optional integrations such as Pinterest, which you can withdraw at any time by disconnecting), and our legitimate interests in operating and securing the Service.

4. Pinterest integration

Connecting Pinterest is optional. When you connect, Pinterest asks you to authorize access and we receive OAuth tokens that let us read the boards you choose to associate with a cosplan.

We request only the access needed to list your boards and display the boards you select. Tokens are stored server-side and are never exposed to your browser. We use the boards you select solely to show those references within your cosplans.

You can disconnect Pinterest at any time from your account settings, which revokes our stored tokens. Our use of information received from Pinterest adheres to the Pinterest Developer Guidelines and Platform Policy.

5. Third-party services

We rely on a small set of processors to run the Service: Supabase (authentication, database, and hosting of your account and content), and the identity providers you choose to sign in with (Google, Discord). If you connect Pinterest, Pinterest is also a third party that processes the related requests.

These providers process data on our behalf under their own terms and privacy policies. We share only what is necessary for each to perform its function.

6. Cookies and local storage

We use essential cookies to keep you signed in. We do not use advertising or third-party tracking cookies.

To support offline use, the app stores a copy of your data in your browser (for example in IndexedDB and a service-worker cache). This data stays on your device and is cleared when you sign out or clear your browser storage.

7. Data retention and deletion

We keep your account and content for as long as your account is active. You can delete your account at any time from your settings; doing so removes your account and associated content and revokes any connected integrations.

Some records may persist briefly in backups or logs before being overwritten in the ordinary course of operations.

8. Data security

We take reasonable technical and organizational measures to protect your data, including encrypted connections, access controls, and storing third-party tokens server-side rather than in the browser. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. International data transfers

Our providers may process and store data in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

10. Children’s privacy

The Service is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.

11. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. You can exercise many of these directly in the app, or contact us using the details below.

12. Changes to this policy

We may update this policy from time to time. When we do, we will revise the “last updated” date above and, for material changes, provide a more prominent notice.

13. Contact us

If you have questions about this policy or your data, contact us at privacy@ra-ge.net.