Kiln Privacy Policy
Effective Date: April 19, 2026
1. Introduction
Kiln ("we," "our," or "us") operates a quality-of-life browser extension and web API for Polytoria. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.
2. Information We Collect
2.1 Account Linkage Information
When you link your Polytoria account to Kiln, we collect:
* Polytoria User ID: Your unique Polytoria account identifier
* Linkage Timestamp: When you connected your account
* Verification Phrase: A temporary code used during the bio-verification process, stored until verification is complete or the session expires
2.2 Authentication Data
To maintain your session, we store:
* Refresh Tokens: Unique tokens that allow persistent API access without repeated logins
* Token Metadata: Expiration dates, creation time, last usage time, and revocation status
* User ID Association: Link between refresh tokens and your Polytoria account
2.3 Extension Usage Data
Based on your voluntary use of features:
* Likes: Count of likes you've given or received through our extension
* Like Relationships: Records of which users you've liked (originator and target user IDs)
* Favorited Places: Polytoria place IDs you've marked as favorites and when you favorited them
* Not For Trade (NFT) Items: Polytoria item IDs you've marked as not for trade, and optionally specific serial numbers of those items
* Blocked Traders: Polytoria user IDs you've blocked from sending you trades
3. How We Collect Information
3.1 Account Verification
You initiate data collection by:
1. Installing the Kiln browser extension
2. Requesting to link your Polytoria account
3. Generating a unique verification phrase in our system
4. Placing that phrase in your Polytoria bio
5. Confirming the linkage through our API
Once verified, the phrase is removed from active storage and your account is permanently linked until you revoke access.
3.2 Passive Data Collection
Certain data is collected automatically when you use specific features:
* Refresh tokens are updated when you use the extension
* lastUsedAt timestamps update when tokens are accessed
4. How We Use Your Information
4.1 Service Functionality
We use your data solely to:
* Authenticate and maintain your session via refresh tokens
* Enable extension features like cross-session persistence
* Track feature usage (likes, favorites, NFT item markings) to provide functionality you request
* Support game events by recording statistics and team affiliations
4.2 Display of Historical & Public Datasets
Kiln displays historical data provided by or exported from Polytoria. This data is static and was not collected by the Kiln extension:
* Great Divide Statistics: Historical event data (kills, deaths, team affiliation) from past Polytoria events.
This information is used for display purposes only. If you are a Polytoria user appearing in this dataset, this data was sourced from public records/official exports and is not "tracked" by your current use of the Kiln extension.
4.3 Data Limits
We do not use your data for:
* Advertising or marketing purposes
* Selling to third parties
* Any purpose not explicitly stated in this policy
5. Data Storage and Security
5.1 Storage
* All data is stored in SQLite databases with proper indexing
* Refresh tokens are stored with expiration dates and can be revoked
* Timestamps are stored in ISO 8601 format or as millisecond timestamps
5.2 Security Measures
* Tokens have expiration dates and are invalidated upon revocation
* Verification phrases in the pending table automatically expire
* We implement standard security practices for database access
5.3 Data Retention
* Refresh Tokens: Retained until expiration, revocation, or account deletion
* Pending Verifications: Automatically purged within 5 minutes of session creation via a scheduled cleanup job
* User Accounts: Retained until you request deletion
* NFT Item Markings: Retained until you remove the marking or request account deletion
* Blocked Traders: Retained until you unblock the user or request account deletion
* Game Statistics: Retained indefinitely for historical event records unless you request deletion
6. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information. We only share data in the following circumstances:
6.1 Publicly Visible Data
Certain data may be visible to other users through the extension's features:
* Likes between users (originator and target relationships)
* Great Divide event statistics and rankings (see section 4.2)
* Favorited places (not currently displayed publicly)
* Not For Trade (NFT) item markings: the items and specific serials you've flagged as not for trade are accessible via a public endpoint
* Blocked Traders: the list of users you've blocked from trading with you is private and only accessible to you via an authenticated endpoint
6.2 Legal Requirements
We may disclose information if required by law or in response to valid legal requests.
7. Your Rights and Choices
7.1 Access and Control
You can:
* Unlink your account: Remove the linkage between Kiln and your Polytoria account
* Revoke tokens: Invalidate all active refresh tokens
* Request data deletion: Contact us at contact@indexx.dev to delete your user record and all associated data
* Stop using the extension at any time
7.2 Data Portability
Upon request, we can provide you with a copy of your data in a machine-readable format.
8. Third-Party Services
8.1 Polytoria
Our service integrates with Polytoria. Your use of Polytoria is subject to their own Privacy Policy and Terms of Service. We only access publicly available information from your Polytoria profile during the verification process.
8.2 Browser Extension Stores
Installation and updates are handled through browser extension stores (Chrome Web Store for Chromium-based browsers, Firefox Add-ons for Firefox), which have their own privacy practices.
8.3 Edge Services
The extension accesses several services running on Cloudflare’s edge network. None of these endpoints collect personal data. Endpoints include:
* Remote configuration that allows the extension to know the latest state of feature availability, API URLs, along with the latest version and any update notes the user should be aware of.
* KV (key value) stores for serving historical datasets (see section 4.2)
* Proxy which forwards your requests to Polytoria’s origin server. Requests will only be forwarded to their public API, and no credentials are ever stored or shared.
9. Children's Privacy
Our service is not directed at children under 13, or 16, by jurisdiction. If you are underage, do not use Kiln. If we discover we have collected information from a child under 13, we will delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We will notify users of significant changes through the extension or via Polytoria's messaging system.
11. Contact Information
For questions, data requests, or concerns about this Privacy Policy, please contact us by email: contact@indexx.dev