This Data Policy explains how Brick Watcher processes, stores, and handles data collected from users of the service.

1. Data Collection and Storage

We collect and store the following types of data:

• User Account Data: Usernames and password hashes for authentication purposes.
• Activity Data: Records of user interactions with the brick, including renames, color changes, and lord claims.
• Payment Transaction Data: Records of payment sessions and completed transactions (but not credit card information, which is handled by Stripe).
• Usage Analytics: Data about how users interact with the service, including page views, time spent on site, and watch time.

2. Data Processing

We process user data for the following purposes:

• To authenticate users and manage their accounts
• To process payments for brick interactions
• To maintain the state of the brick and its history
• To generate leaderboards and activity logs
• To analyze usage patterns and improve the service
• To prevent fraudulent or abusive behavior

3. Data Minimization

We adhere to the principle of data minimization, collecting only the information necessary to provide our services. We do not collect sensitive personal information such as race, religion, health information, or government identification numbers.

4. Data Retention

We retain different types of data for different periods:

• User Account Data: Retained for as long as the account is active. After account deletion, personal identifiers are removed or anonymized.
• Activity Data: Retained indefinitely as part of the brick's historical record, but anonymized if the associated user account is deleted.
• Payment Transaction Data: Retained for the period required by applicable financial regulations, typically 7 years.
• Usage Analytics: Aggregated after 90 days, with personally identifiable information removed.

5. Data Security Measures

We employ the following security measures to protect user data:

• Password hashing using secure industry-standard algorithms
• Database security and encryption
• Regular security audits and updates
• Limiting access to personal data to authorized personnel only
• Secure transmission of data using HTTPS

6. Third-Party Data Processing

We use the following third-party services to process data:

• Stripe: For payment processing. Please see Stripe's privacy policy for details on how they handle payment information.

7. User Data Rights

We respect and comply with data protection regulations. Users have the following rights regarding their data:

• The right to access their personal data
• The right to rectify inaccurate data
• The right to request deletion of their data (subject to legal requirements)
• The right to restrict or object to processing
• The right to data portability

To exercise these rights, please contact us.

8. Data Protection Officer

For questions about our data practices or to exercise your data rights, you may contact our Data Protection Officer.

9. Changes to This Data Policy

We may update this Data Policy from time to time. The updated version will be indicated by an updated "Last Updated" date, and we will notify users of any significant changes.