Privacy Policy

This Privacy Policy explains what data Self Defence (the “Service”), operated by Self Defence, collects, why, and what your rights are. We are the data controller for the data described below.

What we collect

• Account data (hosts only). When you sign up via Clerk we receive a unique user id, your email, and any profile fields you choose to provide. We use this to identify you across sessions and to attribute purchases.
• Player data. When you join a room we store the display name you enter, an auto-assigned avatar colour, and a random session token used to authorise your own actions in the room. Anonymous joiners do not need an account.
• Game data. Room codes, round questions, votes, defender selections, and forfeits. This data is tied to a room and is retained only as long as needed to operate the Service.
• AI prompts and outputs.When AI-mode is enabled, we send prior round questions/forfeits and tone preferences to OpenRouter to generate new content. By default we also include players' display names so the content can be personal; the host can turn this off per game, in which case no player names are sent to the AI. We never send your email or account id. We don't store the prompts we send to OpenRouter beyond the room session; any retention on OpenRouter's side follows their policy.
• Payment data.Purchases are processed by Polar, our Merchant of Record. We receive a subscription id, customer id, status, and renewal/expiry timestamps — never your card details. Polar's privacy policy applies to the payment itself.
• Consent records. Timestamp and version of your acceptance of these Terms / House Rules.
• Operational logs. Standard server logs (IP, user agent, request paths, errors) used to operate and secure the Service. Retained for up to 30 days.

What we don't collect

• We do not sell your data.
• We do not run advertising trackers.
• We do not record audio or video — you handle the call on your own (WhatsApp, Discord, FaceTime, etc.).
• We do not retain any persistent ranking, score, or reputation across rooms.

Why we use it

• To operate the multiplayer game (legitimate interest / contract).
• To authenticate you and protect your account (contract).
• To process and grant paid features (contract).
• To prevent abuse and enforce the House Rules (legitimate interest).
• To generate AI questions and forfeits (legitimate interest, with a host-controlled toggle to remove player names).
• To comply with legal obligations (e.g. tax records via our payment processor).

Who we share it with

• Clerk — authentication.
• Convex — application database + backend hosting.
• Polar — payments / Merchant of Record.
• OpenRouter — AI inference for question and forfeit generation.
• Vercel (or our chosen hosting provider) — web hosting and CDN.

Each of these processors operates under their own privacy terms. We've chosen them because they offer industry-standard data protection. We'll update this list and let you know before we add a new processor that materially changes where your data goes.

Retention

Rooms, rounds, and votes are deleted when a room ends or after a short retention window — we do not keep a persistent history of who was voted for what. Account and purchase records are kept for as long as your account exists or as required by law (whichever is longer).

Your rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict processing of your data, and to withdraw consent or object to processing. To exercise any of these, email help@selfdefence.app from the address associated with your account.

You also have the right to lodge a complaint with the data protection authority in your usual place of residence or work. You can do so without first contacting us, though we'd welcome the chance to fix it first.

International transfers

Our processors may store and process your data outside your country of residence (typically the US and the EU). We rely on standard contractual clauses and the providers' certifications where applicable. Payments are handled by Polar, which processes transaction data under its own privacy policy.

Automated decisions

We don't use automated decision-making or profiling that produces legal or similarly significant effects on you. AI-generated questions and forfeits are creative game content, not a decision about you.

Children

The Service is not directed at children under 13. If you believe a child under 13 has provided us data, contact help@selfdefence.app and we will delete it.

Cookies & local storage

We use only essential cookies and local storage — set by our auth provider (Clerk) to keep you signed in, and by the app to remember your room and game state. We don't use advertising or tracking cookies.

Changes

We may update this Policy. Material changes trigger a re-consent prompt the next time you use a gated feature.

Contact

Privacy questions or data requests: help@selfdefence.app.