Back to gates
legal · privacy policy

Privacy Policy

Last updated: May 10, 2026

This Privacy Policy explains what data Syndicate Ledger collects, why we collect it, and how it's used. We designed the app to minimise personal data and to keep your real-world identity off the table.

1. What we collect

Account data

  • Email — required for sign-in, password reset, and important notices.
  • Username — a pseudonym YOU pick. This is the only name shown publicly inside the app.
  • Password hash — passwords are hashed with bcrypt; we never store or see the plain password.
  • (If you sign in with Google) — Google provides us with your email and a profile photo URL. Your real first/last name is received but stored as internal-only and never displayed; uploaded profile pictures require admin approval before they appear in the app.

Campaign content

  • Campaigns, corporations, roles, branches, employees, airships, ledger entries, relationships, and similar fictional records you create. This content is visible to you and to members you invite.

Subscription data (if you link Patreon)

  • Your Patreon user ID, current patron status (active / declined / former), and your entitled tier in our campaign. We do NOT store Patreon billing details, card numbers, or addresses.
  • An OAuth refresh token so we can re-verify your status periodically without forcing you to re-link.

Technical data

  • Standard server logs (IP address, request path, user agent). Used for security, abuse prevention, and debugging. Retained for up to 90 days.
  • Brute-force protection: when you fail to log in repeatedly, we temporarily store your IP + email hash to enforce a 15-minute cooldown.

2. What we do NOT collect

  • We don't sell your data. Ever.
  • We don't run third-party advertising or analytics trackers.
  • We don't display your real name from Google to anyone — only your self-chosen username.
  • We don't store Patreon payment card numbers (Patreon handles all billing).

3. How your data is used

  • To provide and operate the App (sign-in, save campaigns, send transactional emails).
  • To verify your subscription tier with Patreon.
  • To detect and prevent abuse.
  • To respond to your support requests.

4. Who sees your data

  • Your campaign members see your username, your profile picture (if approved), and any campaign content you've shared with them. They do NOT see your email or real name.
  • Service providers — Resend (transactional email), Patreon (subscription verification), MongoDB Atlas / our hosting provider (data storage). Each receives only the data necessary for their specific function.
  • Law enforcement — only when legally required (subpoena, court order, etc.).

5. Cookies

We use a small number of cookies, all essential:

  • session_token — Google sign-in session.
  • access_token / refresh_token — username/password sign-in (JWT). HttpOnly + Secure.
  • patreon_oauth_state — CSRF protection during Patreon linking. Expires in 10 minutes.

We do not use advertising or analytics cookies.

6. Your rights

  • Access — request a copy of your data.
  • Correction — change your username (subject to a 30-day cooldown) or email at any time.
  • Deletion — request full account deletion. Your campaigns and corporations are removed; campaign members lose access to shared content you created.
  • Unlink Patreon — remove the Patreon connection at any time. Your access reverts to Free.

To exercise any of these, email support@syndicateledger.com.

7. Children's privacy

Syndicate Ledger is not intended for children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has provided us data, contact us and we'll delete it.

8. Security

  • Passwords are hashed with bcrypt; we never store the plain text.
  • Sessions use HttpOnly + Secure cookies.
  • Brute-force protection on login.
  • Real names from Google are never displayed publicly.
  • Profile pictures require admin approval before appearing in the app.

No service is 100% secure. If you suspect a breach of your account, change your password and email support@syndicateledger.com immediately.

9. Changes

We may update this policy. The "Last updated" date above will change. Material changes are announced in-app.

10. Contact

Questions or requests: support@syndicateledger.com.

Syndicate Ledger
TermsPrivacyHome

Made with Emergent