Privacy Policy

Your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to that information. We are committed to collecting and storing only the minimal amount of data necessary to provide our services and ensure a secure and functional experience for you.

1. Information We Collect and Store  🔗

We collect and store a minimal amount of information for account management and billing purposes. This includes:

• Your Account ID: A unique numeric ID created for your account when you sign up. This is a primary identifier within our system.

• Authentication Information: Your GitHub or Google ID, which is used for logging in and verifying your identity.

• Two-Factor Authentication (2FA) Secret: The secret key required for 2FA is stored in an encrypted format. It is displayed to you only once during the enrollment process.

• Your Email Address: The email address provided by GitHub during your most recent login is stored in an encrypted format. We only store this in case of account recovery. Additionally, the email address you provide to our payment provider for receipts is not stored by us, and may be subject to a different privacy policy.

• Transaction History: We store a history of your Refill Transactions and Points Transfer History. This data is stored securely and is available for you to download at any time.

2. How We Use Your Information  🔗

We use the information we collect for the following purposes:

• Authentication and Access: To enable you to securely log in to your account using your GitHub or Google ID.

• Billing and Service Provision: To process refills, transfers, and manage your account’s point balance.

• Account Recovery and Security: In the event that you lose access to your GitHub account, we use the information you provide (such as transaction history details and your email address) to securely verify your identity. This allows us to safely connect a different GitHub account, ensuring only you can access your funds and data.

• Two-factor authentication reset If you have lost your 2FA device, send us a message as soon as possible. If you have a considerably large amount of Grounding Points, we assume anyone asking for a 2FA reset is trying to impersonate you, so we might not be able to reset it for an extended period of time, or at all. Please keep your backup codes safe in case your 2FA device is lost or damaged, so that you may reset it yourself.

• Internal Operations: To maintain and improve our service, and to provide you with access to your downloadable transaction history.

3. Data Security  🔗

We take the security of your information seriously. We employ encryption to protect sensitive data such as your 2FA secret, email address. Our commitment to storing only minimal information also inherently reduces the risk of a data breach.

4. Your Rights and Choices  🔗

You have full access and control over key aspects of your data:

• Downloadable History: You can download your Refill and Points Transfer History at any time for your records.

• Account Deletion: You may delete your own account if you have zero points. This removes your OAuth provider user ID from our database, effectively removing all your personally identifiable information from our system completely. Signing in after deleting your account would create a completely new account.

5. Subject to Change  🔗

This privacy policy is subject to change. We reserve all rights, including the right to modify this privacy policy as needed for any purpose.

6. Contact Us  🔗

If you have any questions or concerns about this privacy policy, please contact us.