Conquest

Privacy Policy

Last updated: March 31, 2026

What data we collect

When you sign in with Google, we receive and store:

• Your Google account email address
• Your display name
• Your profile picture URL

We also store the data you create within the app, including tasks, daily tasks, pomodoro logs, bookmarks, and reading progress.

How we use your data

Your data is used solely to provide the Conquest application features to you. Specifically:

• Your Google account information is used for authentication and displaying your profile.
• Your app data (tasks, bookmarks, etc.) is stored to persist your personal workspace across sessions.

How we store your data

Your data is stored in a PostgreSQL database hosted on Railway. Access to the database is restricted to the application server only.

Data protection

We implement the following measures to protect your data:

• Encryption in transit — All communication between your browser and our servers is encrypted using HTTPS (TLS). Authentication tokens and session data are never transmitted over unencrypted connections.
• Secure authentication — We use Google OAuth 2.0 for authentication, meaning we never handle or store your Google password. Sessions are managed with signed, HTTPS-only cookies that cannot be accessed by client-side scripts.
• Access controls — Database access is restricted to the application server. Each user can only access their own data; all API endpoints enforce authentication and ownership checks before returning or modifying data.
• Minimal data collection — We only collect the data necessary to provide the application's features. No sensitive personal data beyond your Google profile information is collected.
• Secret management — Application secrets (OAuth credentials, session keys, database credentials) are stored as environment variables on the hosting platform and are never exposed to the client.

Third-party services

• Google OAuth 2.0 — used for authentication. Google's privacy policy applies to data handled by Google.
• Railway — used for application hosting and database hosting.
• Open Library API — used for book search. No personal data is sent to Open Library.

Data sharing

We do not sell, trade, or share your personal data with any third parties. Your data is only accessible to you through your authenticated session.

Data retention and deletion

Your data is retained as long as your account exists. To request deletion of your account and all associated data, please contact the application owner.

Cookies

This application uses a session cookie to maintain your authenticated state. No tracking or advertising cookies are used.

Contact

For any questions about this privacy policy or your data, please reach out via the application's GitHub repository.