Privacy Policy

Last updated: 2026-05-06

Canonicle ("we", "the site") is a free daily Bible-passage word puzzle. This policy explains what information we collect when you use the site and how we handle it. We do not sell, rent, or trade user information.

Anonymous use

You can play Canonicle without an account. When you do, your in-progress puzzle and stats are stored only in your browser's local storage. Nothing about your play is sent to our servers. Clearing your browser data deletes this information.

What we collect when you sign in

If you choose to create an account, we collect:

• Email address — used to identify your account and send sign-in codes.
• Google account ID and basic profile (only if you sign in with Google) — your Google account ID and email, as supplied by Google's OAuth flow. We do not request or store your Google contacts, calendar, drive files, photos, or any other Google data beyond your identity.
• Optional display name — only if you set one on the Account page.
• Daily puzzle results — for each daily puzzle you play while signed in: the date, the puzzle id, your guesses, your score, hints used, and timing metadata. This is what powers the History page and cross-device sync.

How we use it

• To authenticate you and keep you signed in.
• To save your puzzle progress so you can resume on another device.
• To compute and display your stats and history.
• To send you sign-in verification codes by email.
• To understand how the site is being used — which pages get visited, how often, and from roughly where — so the game can be improved.

We do not use your information for advertising or profiling, and we do not sell or share it with third parties for their own marketing.

Sharing

We do not sell, rent, or share your personal information with third parties for their own purposes. The site relies on a small number of service providers that process data on our behalf:

• Netlify — hosts the site and serves pages.
• Supabase — provides authentication and database storage.
• Google — handles "Sign in with Google" if you choose that option.
• Resend — delivers transactional sign-in emails.
• Google Analytics — collects aggregate, anonymized usage data (page views, approximate location, device type, referrer) so we can see how the site is being used. It does not receive your email address or any account identifier.

These providers are bound by their own privacy policies and only receive the minimum data required to perform their function (e.g. an email address to send a verification code).

Cookies and local storage

A session cookie set by Supabase keeps you signed in. Google Analytics sets its own cookies (typically _ga and similar) to measure aggregate site usage; these do not contain your name, email, or account ID. We do not use advertising cookies. Anonymous play uses local storage in your browser to remember your progress across page loads — this never leaves your device.

You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on, by enabling your browser's "Do Not Track" or tracking- protection setting, or by using an ad blocker.

Data retention

Your account data is retained until you ask us to delete it. You can request deletion of your account and all associated puzzle history by emailing CanonicleDev@gmail.com from the address on the account.

Children

Canonicle is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us information, please contact us and we will delete it.

Security

Authentication and storage run on Supabase over TLS. Per-user data is protected by Supabase Row Level Security so that you can only read and write your own rows. No system is perfectly secure, but we make a reasonable effort to keep your data safe.

Changes to this policy

We may update this policy as the site evolves. Material changes will be reflected in the "Last updated" date above.

Contact

Questions or requests: CanonicleDev@gmail.com.

← back home