[1. WHAT WE COLLECT]

• Your questions to the Oracle and its responses (stored to maintain your Seeker record and improve the experience)
• A unique Seeker ID (UUID) stored in a cookie
• Your email address and hashed password — only if you choose to create an account
• Aggregate analytics: number of questions asked, streak counts, mood distribution
• Hashed IP address (SHA-256 with salt) used only for rate limiting and abuse prevention. Never linked to your identity.
• User-Agent string hash (same purpose).

[2. WHAT WE DO NOT COLLECT]

• Your real name (unless you volunteer it in your question)
• Your geographic location
• Tracking data for advertising purposes
• Data from other websites
• Your browsing history outside thecyco.com

[3. COOKIES]

We use two cookies, both first-party and essential:

• seeker_id: a UUID that identifies your Seeker record. 2-year expiry.
• pact_sealed: records that you've accepted the Pact. 2-year expiry.

These are not used for tracking. No third-party cookies are set.

[4. SHARING]

We do not sell your data. We do not share your data with third parties for marketing. The Oracle's responses are generated by querying Groq Inc.'s API; your questions transit Groq's infrastructure under Groq's privacy terms (https://groq.com/privacy-policy).

[5. RETENTION]

• Seeker records and interactions are retained while your Seeker is active. Interactions are capped at the most recent 100 per Seeker (older ones are deleted automatically).
• If you submit the "forget me" command in chat, your entire Seeker record, interactions, and account (if any) are permanently deleted.
• Inactive Seekers (no activity for 2 years) are purged automatically.

[6. YOUR RIGHTS]

You may at any time:

• Type "forget me" / "erase my record" / "burn my sigil" in chat to delete everything.
• Email conner@cyberproductions.io to request data export or deletion.
• Clear your browser cookies to disassociate your device from your Seeker (record remains on server unless explicitly deleted).

[7. CHILDREN]

This service is not for users under 18. We do not knowingly collect information from minors. If you believe a minor has used the service, email conner@cyberproductions.io.

[8. SECURITY]

Passwords (if accounts are created) are stored as bcrypt hashes. API keys are stored server-side only. The site is served over HTTPS. SQLite database has restricted filesystem permissions.

[9. ACCOUNT DATA]

If you create an account ("Binding"), the following additional data is stored:

• Username: stored as-entered (display) and lowercase (lookup). Used for login and displayed in the chamber.
• Password: stored only as a bcrypt hash (cost factor 12). The plaintext password is never stored or logged.
• Email: optional, stored in plaintext for password recovery. Not used for marketing.
• Login attempts: hashed IP and timestamp of failed logins, retained for 24 hours for rate-limiting purposes.

You may export all account and interaction data from your profile page. You may permanently delete all data by using the "Forget Me" function.

[10. CONTACT]

Email: conner@cyberproductions.io
Entity: Cyber Productions LLC, St. George, Utah, United States