Skip to main content

Privacy Policy

Last updated: February 28, 2026

1. Information We Collect

We collect the following types of information:

  • Account data: Email address, display name, and password hash when you register
  • SSO data: Provider user ID, email, display name, and avatar when using Google, Discord, or Twitch login
  • Usage data: Pages visited, features used, game scores, course progress, and Hub Coins earned
  • Device data: Browser type, operating system, and IP address for security and analytics
  • Biometric identifiers: WebAuthn credential IDs (not biometric data itself) when you set up passkey login

2. How We Use Your Information

  • Provide and improve the Platform's features and services
  • Authenticate your identity and maintain session security
  • Track Hub Coins, XP, badges, and leaderboard positions
  • Send service notifications (account, security, feature updates)
  • Send marketing emails only if you opted in via the waitlist or newsletter
  • Analyze usage patterns to improve the Platform

3. Data Storage & Security

Your data is stored in a Turso (libSQL) database hosted on AWS EU-West-1. Passwords are hashed using bcrypt with 12 rounds. Sessions are signed with HMAC-SHA256 and include user-agent fingerprinting. We use HTTPS for all connections and apply security headers (CSP, X-Frame-Options, etc.) on all responses.

4. Cookies

We use the following cookies:

  • paco_hub: HttpOnly session cookie containing your encrypted session token
  • paco_hub_active: Non-HttpOnly flag (value "1") so the UI can detect login state
  • sso_state: Temporary HttpOnly cookie for SSO CSRF protection (expires in 10 minutes)

We do not use third-party tracking cookies or advertising pixels.

5. Third-Party Services

We integrate with the following third-party services:

  • Google, Discord, Twitch: OAuth SSO login (we receive your public profile and email)
  • Vercel: Hosting and deployment
  • Turso: Database hosting

Each service has its own privacy policy. We recommend reviewing them.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data in your profile
  • Request deletion of your account and associated data
  • Withdraw consent for marketing communications at any time
  • Export your data in a portable format

7. Data Retention

Account data is retained while your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymized usage analytics may be retained indefinitely. Waitlist/newsletter emails are retained until you unsubscribe.

8. Children's Privacy

J4SGON HUB is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the Platform. Continued use after changes constitutes acceptance.

10. Contact

For privacy-related questions or data requests, contact us at privacy@j4sgon.com.