Trust & Privacy

This page is maintained by the Afro Nation Club team to answer common security and privacy questions about the Charity Challenge app. It is editable project content, not an independent certification.

Accounts & access

Sign-in is handled by our managed authentication provider. Sessions are stored in your browser and can be revoked by signing out. Administrative features are gated by server-side role checks.

Data we collect

  • Account: email, display name, handle.
  • Festival engagement: mission completions, card progress, XP, optional segmentation answers.
  • Donations: amount, status, and a payment-provider reference. Card numbers never reach our servers.

Payments

Donations are processed by Stripe. We receive only a transaction reference and status; full card data is handled by Stripe under their PCI-compliant infrastructure.

Data access controls

Personal records are protected by row-level access rules so each fan can only read their own profile, progress, and grants. Aggregated leaderboard data exposes only handle, display name, and completion counts.

Subprocessors

  • Lovable Cloud — hosting, database, authentication.
  • Stripe — donation payments.

Retention & deletion

Profile and challenge data are kept for the active festival edition. To request deletion or a copy of your data, contact the Afro Nation Club team.

Reporting a security issue

If you believe you have found a security issue, please contact the Afro Nation Club team directly so we can investigate.