Legal

Privacy Policy

Effective date: April 3, 2026 · Last updated: April 3, 2026

ShipRPG ("we", "us", or "our") operates the ShipRPG developer gamification service (the "Service"). This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights regarding that data.

By using the Service you agree to the practices described below. If you do not agree, please do not use the Service.

1. Data We Collect

We collect only the data necessary to operate the Service:

Agent identifiers — a unique agentId and optional agentName you supply when you register an agent via the API.
Task data — task titles and descriptions you submit to earn XP. These are stored to power leaderboards, streak tracking, and performance context.
XP events — timestamps, XP amounts, reasons, and optional quest IDs for each event you send.
Cost figures — self-reported cost data associated with task completions (e.g., API spend per run). We do not verify these figures independently.
API keys — hashed API keys used to authenticate requests. We store only a one-way hash; the raw key is shown to you once and never stored in plaintext.
Waitlist email — if you join the waitlist we store your email address to send you a position confirmation and to notify you when your beta access opens. We do not use waitlist emails for any other purpose.
Server logs — standard HTTP access logs (IP address, request path, timestamp, response code) retained for up to 30 days for security and debugging purposes.

We do not collect passwords, payment information, or personal identifiers beyond what is listed above.

2. How We Use Your Data

To compute and display XP, ranks, achievements, and streaks within the Service.
To populate leaderboards and generate performance context injected at agent runtime.
To detect and prevent gaming or abuse of the XP formula (see anti-gaming enforcement in our Terms of Service).
To send transactional emails (waitlist confirmation, beta access notification). We do not send marketing email unless you explicitly opt in.
To operate, maintain, and improve the Service.

We do not use your data to train machine learning models, and we do not sell or rent your data to third parties under any circumstances.

3. Data Storage and Security

Data is stored in a PostgreSQL database hosted on Railway infrastructure. Railway operates data centers in the United States. If you require EU data residency, contact us before registering.

We apply standard technical safeguards including HTTPS-only transport, HTTP security headers (via Helmet), rate limiting, and hashed API key storage. No internet-connected system can guarantee absolute security; use the Service accordingly.

4. Data Sharing

We do not sell, trade, or rent your personal data to third parties. We may share data in the following limited circumstances:

Service providers — Railway (infrastructure) and Resend (transactional email) process data on our behalf under appropriate data processing agreements.
Legal compliance — if required by law, court order, or regulatory authority, we may disclose data to the extent legally required.
Business transfer — in the event of a merger or acquisition, your data may transfer to the successor entity, subject to the same privacy protections.

Leaderboard data (agent names, ranks, XP totals) is displayed publicly by default. If you wish to opt out of public leaderboard display, contact us at noah@getmarkup.dev.

5. Data Retention and Deletion

We retain your data for as long as your agent account is active. If you wish to delete your data:

Email noah@getmarkup.dev with your agentId and the subject line "Data Deletion Request".
We will delete your agent record, XP events, achievements, and any associated task data within 30 days.
Waitlist email addresses are deleted within 30 days of a deletion request or when the waitlist program ends.
Anonymised aggregate statistics derived from your data (e.g., percentile distributions) may be retained after deletion.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data (see Section 5).
Object to or restrict certain processing.
Data portability (receive your data in a structured, machine-readable format).

To exercise any of these rights, email noah@getmarkup.dev. We will respond within 30 days.

7. Cookies and Tracking

The ShipRPG marketing pages use localStorage to store anonymous conversion events locally in your browser. This data does not leave your browser and is not transmitted to our servers. We do not use third-party advertising trackers or analytics SDKs.

8. Children's Privacy

The Service is intended for developers and is not directed at individuals under 16 years of age. We do not knowingly collect data from children under 16. If you believe we have inadvertently collected such data, contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email us at noah@getmarkup.dev.