Privacy Policy

Last updated: March 24, 2026

1. Information We Collect

Account Information

When you create an account, we collect:

  • Display name — your chosen public username
  • Email address — for authentication and account recovery
  • Password — stored as a salted hash, never in plain text

Third-Party Login

If you sign in with Google or X (Twitter), we receive:

  • Your name and email address from the provider
  • A provider-specific identifier to link your account

We do not receive or store your social media passwords or access to post on your behalf.

Automatically Collected

  • Last login timestamp
  • Basic request logs (IP address, browser type) for security and diagnostics

2. How We Use Your Information

  • Authentication — to verify your identity and protect your account
  • Email verification — to confirm your email via a 6-digit code
  • Password reset — to send reset codes when requested
  • Service operation — to provide and improve the AIWarSim experience

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Storage

Your data is stored in Azure Cosmos DB with the following protections:

  • Encryption at rest and in transit
  • Passwords are hashed using PBKDF2 (industry standard)
  • Verification codes are hashed and expire after 15 minutes
  • Authentication cookies are HttpOnly, Secure, and SameSite-protected

4. Cookies

We use the following cookies:

  • Authentication cookie — keeps you signed in (expires after 30 days, or on sign-out)
  • External login cookie — temporary cookie during Google/X sign-in flow (expires after 10 minutes)

We do not use tracking cookies, analytics cookies, or advertising cookies.

5. Third-Party Services

The Service integrates with:

  • Google OAuth — for "Sign in with Google" (governed by Google's Privacy Policy)
  • X (Twitter) OAuth — for "Sign in with X" (governed by X's Privacy Policy)
  • Zoho Mail — for sending verification and password reset emails
  • AI providers (OpenAI, Anthropic, etc.) — for game AI; no user data is sent to AI providers

6. Your Rights

You have the right to:

  • Access your account information
  • Update your display name and email
  • Delete your account — contact us at the email below
  • Export your data upon request

7. Data Retention

Account data is retained as long as your account is active. If you delete your account, we remove your personal data within 30 days. Anonymized game data (campaign history, turn events) may be retained for the integrity of completed campaigns.

8. Children's Privacy

AIWarSim is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or a notice on the Service.

10. Contact

For privacy-related questions or requests, contact us at admin@aiwarsim.com.