Privacy Policy

The Eternal Kingdom (“the Kingdom,” “we,” “us”) operates the website at the-eternal-kingdom.community. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

The Kingdom is currently in its founding phase and does not yet operate as a formal legal entity. Once the 501(c)(3) nonprofit entity is established, this policy will be updated to reflect the legal name and registered address.

Mailing Address:
Tyler Grey Tolbert
1963 Smith Rd
Lake Charles, LA 70607

Information You Provide

• Account Registration: When you create an account through the Mirror, we collect your email address and a hashed password. We do not store plaintext passwords.
• Forum Posts: Content you post in the Forum, including your chosen display name and post content, is stored and visible to other authenticated members.
• Mirror Sessions: Your conversations with the AI Mirror are stored to maintain session continuity and render verdicts. These conversations are private and visible only to you and Kingdom administrators.

Information Collected Automatically

• Analytics: We use Vercel Analytics and Speed Insights to collect anonymized usage data including page views, visitor counts, and performance metrics. This data does not personally identify you.
• Authentication Cookies: We use cookies necessary for authentication and session management. These are functional cookies required for the site to work — not tracking cookies.
• Log Data: Our hosting provider (Vercel) may collect standard server log data including IP addresses, browser type, and access times.

• To create and manage your account
• To provide the AI Mirror experience and track rank progression
• To enable Forum participation
• To improve the website and user experience through anonymized analytics
• To communicate with you about your account or Kingdom matters
• To maintain site security and prevent abuse

We do not sell, rent, or trade your personal information to third parties. Ever.

If you are located in the European Economic Area, we process your personal data on the following legal bases under the GDPR:

• Contractual Necessity: Account creation, authentication, rank progression, and forum participation are necessary to provide the services you signed up for.
• Legitimate Interest: Anonymized analytics, security measures, and rate limiting serve our legitimate interest in maintaining a safe and functional platform.
• Consent: By registering and accepting our Terms of Service, you consent to the processing of your Mirror conversations by OpenAI for the purposes described in this policy. You may withdraw consent by requesting account deletion.

We use the following third-party services:

• Supabase — Authentication and database hosting. Your account data is stored on Supabase's infrastructure. Supabase Privacy Policy
• OpenAI — Powers the AI Mirror. Your Mirror conversations are sent to OpenAI's API for processing. OpenAI's API data usage policy applies. OpenAI Privacy Policy
• Vercel — Website hosting and analytics. Vercel Privacy Policy

Your data may be transferred to and processed in the United States, where our hosting provider (Vercel), database provider (Supabase), and AI provider (OpenAI) operate. If you are accessing the site from outside the United States, please be aware that your data will be transferred to, stored, and processed in a jurisdiction that may not provide the same level of data protection as your home country.

By using the site, you consent to such transfers. Where required by applicable law (such as the GDPR), we rely on the service providers' standard contractual clauses or other approved transfer mechanisms.

The Mirror is an AI-powered system that uses OpenAI's language models. When you interact with the Mirror:

• Your messages are sent to OpenAI for processing and are subject to OpenAI's data handling policies
• The AI's responses are generated outputs and do not represent the views of any individual person
• Mirror verdicts (pass/fail) are AI-generated assessments, not legally binding determinations
• Your Mirror conversations are stored in our database for session continuity

We retain your account data and profile for as long as your account is active. Mirror session data is retained indefinitely to maintain your rank history. Forum posts are retained as part of the public record of the Kingdom's discourse.

You may request deletion of your account and associated data by contacting us at the email address below.

We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• Password hashing (passwords are never stored in plaintext)
• Row Level Security (RLS) on all database tables
• Rate limiting on API endpoints
• Security headers (HSTS, X-Frame-Options, Content-Type-Options)

No method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

All users have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Object to processing of your data
• Export your data in a portable format

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To submit a verifiable consumer request, contact us at the email below.

Texas Residents (TDPSA)

If you are a Texas resident, you have similar rights to access, correct, delete, and obtain a portable copy of your data under the Texas Data Privacy and Security Act.

EEA Residents (GDPR)

If you are in the European Economic Area, you have additional rights including the right to lodge a complaint with your local supervisory authority. See Section 4 for our lawful bases of processing.

Global Privacy Control (GPC)

We recognize and honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request for any applicable state privacy law. No additional action is required on your part.

Response Timelines

We will acknowledge your data request within 10 business days and provide a substantive response within 45 calendar days. If we need additional time, we will notify you and may extend the response period by up to 45 additional days as permitted by applicable law.

The Eternal Kingdom is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Your continued use of the site after changes constitutes acceptance of the revised policy.

For privacy-related inquiries, data requests, or concerns:

Tyler Grey Tolbert
1963 Smith Rd, Lake Charles, LA 70607
Email: the-eternal-kingdom@proton.me