Privacy Policy

• •
  Account Information

  When you sign in via GitHub OAuth, we collect your email address, username, and profile picture from your GitHub account.
• •
  Authentication Data

  We store session tokens and authentication credentials to keep you signed in securely.
• •
  Game & Challenge Data

  We track your game scores, challenge completions, achievements earned, and learning progress to provide personalized features and leaderboards.
• •
  Usage Analytics

  We use Google Analytics to collect anonymous usage data including pages visited, time spent on site, browser type, and general location (country/city level).

• •
  Essential Cookies

  Session cookies required for authentication and core functionality. These cookies are necessary for the site to work properly.
• •
  Analytics Cookies

  Google Analytics cookies (if you accept) help us understand how users interact with our platform to improve user experience.
• •
  Preference Cookies

  Cookies that remember your language selection, theme preferences, and cookie consent choices.

• •
  Authentication & Account Management

  To create and manage your account, authenticate your identity, and provide secure access to our platform.
• •
  Gamification Features

  To track your progress, display leaderboards, award achievements, and personalize your learning experience.
• •
  Service Improvement

  To analyze usage patterns, identify bugs, improve our content, and develop new features based on user behavior.
• •
  Communication

  To send important updates about your account, respond to your inquiries, and notify you of changes to our services (if you opt-in).

• •
  GitHub OAuth

  We use GitHub for secure authentication. GitHub may collect data according to their privacy policy when you sign in. We receive only the basic profile information you authorize.
• •
  Google Analytics (GA4)

  Google Analytics ID: G-FM35KECLVH. We use this to track anonymous usage statistics. Google may use this data according to their privacy policy. You can opt-out through our cookie consent banner.
• •
  Cloudflare

  Our infrastructure is hosted on Cloudflare Pages and uses Cloudflare Workers. Cloudflare may collect connection data for security and performance purposes according to their privacy policy.

• •
  Account & Profile Data

  Stored indefinitely while your account is active. You can request deletion at any time by contacting us.
• •
  Analytics Data

  Google Analytics data is retained for 26 months according to Google's data retention policies. We have configured GA4 to use the shortest retention period available.
• •
  After Account Deletion

  When you delete your account, we remove all personally identifiable information within 30 days. Anonymized statistics may be retained for historical purposes.

• •
  Right to Access

  You can request a copy of all personal data we hold about you.
• •
  Right to Rectification

  You can request corrections to any inaccurate or incomplete personal data.
• •
  Right to Erasure

  You can request deletion of your personal data ('right to be forgotten'), subject to legal obligations.
• •
  Right to Data Portability

  You can request your data in a structured, commonly used, machine-readable format.
• •
  Right to Object

  You can object to certain types of data processing, including direct marketing and analytics.

We implement industry-standard security measures to protect your data including encryption in transit (HTTPS/TLS), secure authentication via OAuth 2.0, encrypted database storage, regular security audits, and access controls limiting employee data access. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on our website or sending an email to registered users. Your continued use of MCP Challenge after changes constitutes acceptance of the updated policy.