← Back to Midforge

PRIVACY POLICY

Last updated: March 5, 2025

1. DATA WE COLLECT

When you sign in with X (Twitter) OAuth, we collect:

  • X username — your public @handle
  • X display name — your public display name
  • X profile image URL — your public avatar
  • X follower count — your public follower count, used to determine your in-game tier
  • X user ID — a unique identifier from X, used to link your account

When you connect Stripe via Stripe Connect Express (coming soon), we collect:

  • Stripe account ID — used to verify your MRR
  • Monthly Recurring Revenue (MRR) — your verified revenue figure, used to determine your in-game tier and gear

We do not collect your email address, password, payment card details, or any private X data (DMs, likes, bookmarks). We never post to X on your behalf without explicit permission.

2. HOW WE USE YOUR DATA

  • Authenticate you into the game via X OAuth 2.0
  • Calculate your character tier based on verified MRR and follower count
  • Display your username and tier on public leaderboards
  • Track in-game progress (XP, gold, inventory, quest completion)
  • Enable marketplace transactions between players
  • Improve the game experience and fix bugs

3. DATA STORAGE

Your data is stored in a PostgreSQL database hosted on Neon (US-East region). All connections are encrypted via TLS. Database credentials are stored as environment variables and never exposed client-side.

4. THIRD-PARTY SERVICES

  • X (Twitter) — OAuth authentication and public profile data
  • Stripe Connect — MRR verification (coming soon). Stripe handles all financial data directly; we only receive your verified MRR figure.
  • Vercel — application hosting
  • Neon — database hosting

5. DATA SHARING

We do not sell, rent, or share your personal data with third parties for marketing purposes. Your X username and tier are visible to other players on leaderboards and in the game world. MRR ranges (e.g. "$10K+") may be displayed on your public profile card; exact figures are never shown.

6. DATA DELETION

You may request deletion of all your data by contacting us at privacy@midforge.gg. Upon request, we will delete your player record, inventory, quest history, and all associated data within 30 days. Leaderboard entries and arena fight logs may be anonymized rather than deleted to preserve game history.

7. COOKIES

We use a single session cookie for authentication (managed by Auth.js / NextAuth). We do not use tracking cookies, advertising cookies, or analytics cookies.

8. CHILDREN

Midforge is not intended for children under 13 years of age. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with data, please contact us for removal.

9. CONTACT

For privacy-related questions or data deletion requests: privacy@midforge.gg

← Back to Midforge