← UpUp dashboard

Privacy Policy

Last updated: June 10, 2026

UpUp dashboard (“the app”) is a private coordination tool for the UpUp alliance in the game Kingdom Guard. It is used only by invited alliance members and is not offered to the public. This policy explains what data the app handles and how.

Google user data we access

With the inbox owner’s explicit consent, the app connects to a single dedicated alliance Gmail inbox using the gmail.readonly scope. It is used for one narrow purpose: to read the one-time login-code emails the game sends to that inbox and display the current code to authorized alliance members.

  • We read only those login-code messages; we do not read, index, or store other email.
  • Codes are short-lived and are automatically deleted from our database within 24 hours.
  • We never sell this data, use it for advertising, or transfer it to third parties.
  • We do not use it for any purpose other than relaying login codes to authorized members.

Limited Use

UpUp dashboard’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Other data

  • Sign-in: when a member signs in (Discord or Google OAuth) we store their name, email, and avatar to manage access and roles.
  • Game data:public alliance roster and Battle League data is synced from the game’s public API for planning.
  • Storage:data is held in a private database accessible only to the alliance’s administrators.

Security

  • Access control: the app is invitation-only with role-based permissions, so each member only sees what their role allows.
  • Two-factor authentication: accounts can enable TOTP-based 2FA with recovery codes, and administrators can revoke any active session immediately.
  • Credentials: third-party secrets and OAuth tokens are kept in encrypted environment configuration — never in the application database — and Google access uses a read-only scope (least privilege).
  • In transit & at rest: all traffic is served over HTTPS, and data is held in a private, managed database with encryption at rest.
  • Auditing: sensitive administrative actions are recorded in an audit log so access can be reviewed.

Retention & deletion

Login codes are purged within 24 hours. Member accounts and data are removed on request or when a member leaves the alliance. To request access removal or data deletion, contact us below.

Contact

Questions or data-deletion requests: reach the alliance owner on Discord, or email pilotsdisharing@gmail.com.