World Prism Inc. ("we", "us", or "our") operates this website and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including when you sign in using a third-party OAuth provider (Google, GitHub, Discord, Facebook, or Apple).

By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

When you authenticate via a third-party provider we may receive:

• Your name and email address
• Your profile picture / avatar URL
• A unique identifier from the provider (e.g. Google ID)
• OAuth access tokens (stored securely and never exposed client-side)

We do not receive your passwords from any third-party provider.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Authenticate you and maintain your session
• Provide and improve our services
• Respond to your inquiries and support requests
• Send transactional emails (e.g. order confirmations)
• Comply with legal obligations

We do not sell your personal information to third parties.

3. Third-Party OAuth Providers

We support sign-in via the following OAuth providers. When you authenticate through any of these providers, we receive only the minimum profile data necessary to create and maintain your account (typically your name, email address, and a unique identifier). We do not receive your password from any provider, and we do not request permission to act on your behalf beyond basic identity verification.

Google

Our use of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements. We only request the scopes needed to authenticate your identity (email and basic profile).

GitHub

We request read-only access to your public GitHub profile and email address solely for account creation and authentication. We do not access your repositories, organizations, or any other GitHub data.

Discord

We request access to your Discord username and verified email address for account creation and authentication. We do not access your servers, messages, or any other Discord data.

Facebook

We request access to your public Facebook profile name and email address for account creation and authentication. We do not access your posts, friends list, or any other Facebook data. Our use of Facebook Login complies with Meta's Platform Terms .

Apple

When you use Sign in with Apple, Apple may provide us with your name and an email address (which may be your real address or an Apple-relayed address). We use this solely for account creation and authentication and comply with Apple's Sign in with Apple guidelines .

4. Sharing of Information

We may share your information only in the following limited circumstances:

• Service providers: Supabase (database and authentication infrastructure), Stripe (payment processing). These providers are contractually obligated to keep your data secure and may not use it for any other purpose.
• Legal requirements: If required by law or a valid legal process (e.g. court order or subpoena).
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time by contacting us (see Section 9).

6. Security

We implement industry-standard security measures including TLS encryption in transit, hashed credential storage, and row-level security on our database. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Cookies and Tracking

We use session cookies solely to maintain your authenticated session. We do not use third-party advertising cookies or cross-site tracking technologies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, please reach out via our Contact page.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page with an updated effective date. Your continued use of our services after any changes constitutes your acceptance of the new policy.