Skip to content
Epochthe game

· Epoch The Game ·

Privacy

What we collect, why, who sees it, and how to be forgotten.

Last updated: 2026-04-22

This is a best-faith draft. It accurately describes what Epoch collects today (very little) and what it will collect when the game ships. We welcome a lawyer's review before public beta. If something here is unclear, write to us at scribe@epochthegame.com.

The short version

  • Today, Epoch is a waitlist. The only personal data we collect is the email address you give us, and a short free-text answer if you choose to leave one.
  • We do not run third-party analytics, advertising pixels, or social trackers on this site.
  • You can ask for a copy of what we have on file, or ask us to erase it, at any time.
  • When the game ships, this policy will be updated and re-sent. Nothing on that list will come as a surprise.

Who we are

Epoch The Game is a small independent project. For the purposes of GDPR, we are the data controller for any personal data you provide to us through this site. You can reach the controller at scribe@epochthegame.com.

What we collect, today

When you join the waitlist, we record:

  • Your email address. The one thing we actually need to get back to you.
  • Your answer to “what pulls you in?” Optional. If you leave one, we read it (a human, not a model) to learn what this audience is looking for.
  • Whether you ticked “I'd be the one getting friends to play with me.” A single boolean. Helps us understand who organizes the groups.
  • Which form you submitted from. Hero or final CTA. For our own conversion analysis. Not shared.

Our hosting provider (Vercel) records standard server logs when you visit — your IP address, browser user-agent, and which pages you loaded. We do not read these in the normal course of running the site; they exist so we can debug when something breaks. Vercel rotates them on their standard schedule.

Cookies and local storage

Epoch stores one preference in your browser's localStorage: whether you chose the light or dark theme. That is not personal data and is not transmitted to us. We use no other cookies on this site today. When analytics or authentication arrive, this section will be updated and you will be told.

Why we collect it

Your email is stored on the legal basis of your consent, given when you entered it into our form. We use it for one purpose: to tell you, perhaps once a month, how the game is coming along and — eventually — that it is ready to play. You can withdraw that consent at any time by asking us to erase your entry (see “Your rights,” below) or by clicking the unsubscribe link in any email we send.

Who sees it

Your data is processed by a small number of sub-processors we rely on to run the site:

  • Vercel. Hosting and server logs. Based in the United States; processes data under Standard Contractual Clauses for EU transfers.
  • Supabase (planned). A database provider. Not live on this site today. When we begin storing waitlist entries in a real database, this policy will be updated to reflect that, and Supabase will be named as a sub-processor. Based in Singapore / US; GDPR-compliant, SOC-2 certified.

If you are a business or educator interested in our Data Processing Addendum, one is available on request.

Your rights

If you are in the EU, UK, Switzerland, or anywhere else that grants these rights by statute, you have:

  • The right to access — a copy of everything we have on file about you, in a portable format.
  • The right to erasure — we will remove your data from our systems, with a 30-day grace window during which you can change your mind.
  • The right to rectification — if anything we have on file about you is wrong, we will fix it.
  • The right to object to processing. In practice, this means you can tell us to stop emailing you without erasing the underlying entry.
  • The right to complain to your local data-protection authority. We would prefer you tell us first so we can fix it, but you are not obligated to.

How to exercise these rights

Self-service is live. Send a POST to /api/me/request-link with { "email": "you@…", "action": "export" | "delete" }. We email you a single-use link valid for fifteen minutes; consuming the link calls /api/me/export or /api/me/delete. Export returns a signed JSON download URL valid for twenty-four hours. Delete soft-deletes immediately and permanently purges after thirty days.

Prefer not to use the API? Email scribe@epochthegame.com from the address you used to sign up. We reply within thirty days as GDPR requires; in practice it is usually much faster.

How long we keep it

Waitlist entries are kept while a launch is pending. If you are still on the list ninety days after we launch and you have not converted to an account, we will delete your entry automatically. You may, of course, ask us to delete it sooner. Server logs are rotated by our hosting provider on their default schedule (typically within thirty days).

International transfers

Our hosting and (eventually) database providers are based in the United States. If you are in the EU or UK, your data is transferred to and processed in the United States under Standard Contractual Clauses and our sub-processors' supplementary measures. We do not sell your data; we do not share it with anyone we have not named in this policy.

Children

Epoch is written for adults. We do not knowingly collect data from anyone under sixteen. If you believe your child has signed up, email us and we will remove their entry.

Changes to this policy

When we update this policy meaningfully — for example, when we add analytics, or when the game ships and the data model grows — we will notify you by email and update the “last updated” date at the top of this page. You can walk away at any time.

Contact

Write to scribe@epochthegame.com. A human will read it.

You may also want to read our Terms of Service and our Data Processing Addendum.