Mission Control

Citizen Hangar Command Deck

Link Citizen iD, sync pledges, and stream RSI hangar updates straight into your dashboard.

Total pledges

0

Ships logged

0

Last sync

—

Sign in with Citizen iD

Sign in required

Sign in with Citizen iD

We automatically capture your Discord ID for fallback logins.

Session status

Awaiting authentication

Citizen iD handles primary auth while Discord fallbacks keep you online whenever the main service pauses.

Citizen iD Online
Discord fallback Pending capture
Session Not signed in

Use the hero button above to sign in; we'll route through Discord automatically if Citizen iD blips.

Extension bridge

Ready for browser pairing

Pair the Citizen Hangar extension to push RSI hangar exports directly into this dashboard.

Pairing Awaiting handshake
Last sync —

You need to sign in before linking Citizen iD.

Sign in with Citizen iD

If Citizen iD goes down mid-login, we'll switch you to Discord automatically.

Pledge intelligence

Your pledge telemetry

Surface Citizen iD identity, sync wellness, and categorized hangar data without leaving the dashboard.

Sign in to see pledge data.

Sign in with Citizen iD

We'll keep you online by switching to Discord automatically if Citizen iD stalls.

Public persona

Profile & sharing

Stay inside the Command Deck UI while you tune what the public profile exposes.

Sign in to configure your profile and public page.

Sign in with Citizen iD

Extension bridge

Pair the Citizen Hangar extension

Upload pledge HTML straight from the RSI hangar to refresh this dashboard.

Sign in to generate pairing codes for the extension.

Sign in with Citizen iD

If Citizen iD drops, the dashboard automatically switches to Discord login.

Developer controls

OAuth & OpenID quickstart

Citizen Hangar ships a full OAuth 2.0 + OIDC stack with PKCE, offline refresh tokens, and signed ID tokens.

PKCE + S256 Scopes: openid, profile, offline_access JWT kid rotation ready

Issuer uptime 99.95%
Backed by Zerops + Mongo health probes.
Access token TTL 60 minutes
Override via OAUTH_ACCESS_TOKEN_TTL.
Refresh tokens Rotating
Each token exchange mints a new refresh token; revoke via /oauth/revoke.

Open discovery document

Sign in to manage apps

OAuth documentation is public, but creating clients requires a Citizen Hangar account.

Sign in with Citizen iD

Discovery

Endpoints exposed

.well-known config
GET https://citizenhangar.space/oauth/.well-known/openid-configuration
JWKS set
GET https://citizenhangar.space/oauth/.well-known/jwks.json
Authorize + consent
GET https://citizenhangar.space/oauth/authorize
Token exchange
POST https://citizenhangar.space/oauth/token
Userinfo
GET https://citizenhangar.space/oauth/userinfo
Revocation
POST https://citizenhangar.space/oauth/revoke

Consent caching We store grants per client + scope bundle; re-authorize to widen scope.
JWT signing Access + ID tokens are signed with rotating RSA keys surfaced via JWKS.

Authorize

Kick off PKCE flow

Swap in your own client + redirect; code_challenge_method must be S256.

              curl "https://citizenhangar.space/oauth/authorize?response_type=code&client_id=demo-client&redirect_uri=http%3A%2F%2Flocalhost%3A4311%2Fcallback&scope=openid%20profile%20offline_access&code_challenge=PKCE_CODE&code_challenge_method=S256&state=demo-state"
            

Client ID: demo-client · Redirect URI: http://localhost:4311/callback

Supported scopes: openid profile offline_access. Pairing tokens land in the token response when offline_access is requested.

Exchange & introspect

Token + userinfo samples

              curl -X POST "https://citizenhangar.space/oauth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=AUTH_CODE" \
  -d "redirect_uri=http://localhost:4311/callback" \
  -d "client_id=demo-client" \
  -d "code_verifier=YOUR_PKCE_VERIFIER"
            

              curl "https://citizenhangar.space/oauth/userinfo" \
  -H "Authorization: Bearer ACCESS_TOKEN"
            

Refresh tokens arrive when requesting offline_access. Revoke either token via POST /oauth/revoke.

Sign in to access admin tooling.

Sign in with Citizen iD

Privacy & Data

Citizen Hangar Privacy Policy

Effective December 4, 2025. Citizen Hangar is an independent platform for syncing pledge, hangar, and account data and is not affiliated with any game studio or third-party provider.

Open standalone page

Account data

Authentication details

We collect Discord identifiers, usernames, email (if supplied via OAuth), and external linking tokens so you can sign in and keep session continuity. Login timestamps, IPs, and session metadata support account security.

Pledges & hangars

Sync inputs

The extension uploads pledge HTML or export data you trigger so we can parse ships owned, pledge metadata, and sync status. Raw uploads are processed in memory for parsing and discarded immediately after a successful sync.

Usage signals

Technical diagnostics

Cookies keep you signed in, while server logs capture request metadata and errors to prevent abuse. Optional analytics are only collected if you explicitly opt in.

Operational monitoring

Sentry error reporting

We forward crash reports, stack traces, limited request metadata, and profiling samples to Sentry to keep the service stable. These payloads may include IP addresses, user IDs, and form inputs tied to the error, and are retained per Sentry's policies for debugging only.

How we use your data

Authenticate you via OAuth and link external accounts to Citizen Hangar.
Store and display pledge, hangar, and ship data inside your dashboard.
Provide sync tooling, including status history and pairing management.
Keep the platform secure, detect abuse, and offer support/debugging.
Aggregate anonymized usage insights only if you consent.

We never sell or rent your personal information, and we do not use it for advertising.

Legal basis & consent

Contractual necessity: deliver the login, storage, and sync services you request.
Legitimate interest: protect the platform, prevent abuse, and improve reliability.
Consent: required before any optional analytics or non-essential tracking is enabled.

Data sharing & third parties

We only share data when you explicitly export it, when compelled by law, or with infrastructure vendors (hosting, email, database) who are bound by confidentiality and limited-processing agreements. We do not share data for advertising or targeting.

Sentry diagnostics

Citizen Hangar uses Sentry for error reporting, performance traces, and profiling. When failures occur, we send stack traces, sampled request metadata (timestamps, route, IP, user/session identifiers), and relevant form payloads to Sentry’s EU region. This data is used solely to diagnose issues, follows Sentry’s retention schedule, and can be purged on request by contacting support.

You may request that we scrub or delete historic Sentry events tied to your account by emailing support@citizenhangar.space.

Data retention & deletion

Your account, linked tokens, and synced data stay stored until you delete them. You can revoke the extension, unlink accounts, or request full deletion at any time; we purge associated pledges, ships, and raw HTML within 72 hours. Minimal anonymized logs may persist briefly for audit and security but cannot identify you.

Your rights

Access, correct, or delete personal data we hold.
Withdraw consent for optional processing at any time.
Object to or restrict certain processing (e.g., analytics).
File a complaint with a supervisory authority if you believe data is misused.

Contact us using the details below to exercise any of these rights.

Security measures

We use HTTPS everywhere, encrypted storage for sensitive tokens, scoped access controls, hashed credentials, regular backups, and audit logging. No system is infallible, so only share the data necessary to use Citizen Hangar.

Cookies & tracking

We rely on first-party cookies to maintain sessions and do not profile users. If we introduce analytics or additional tracking, we will seek explicit consent and update this policy.

Children & minors

Citizen Hangar is not intended for anyone under 16. If we learn a minor has registered, we will delete the account and related data on request.

Changes to this policy

We may update this policy from time to time. The latest version will always be posted with a clear “Last Updated” date, and significant changes will be communicated via banner or email when applicable.

Contact

Data Controller: Citizen Hangar

Email: support@citizenhangar.space

Address: N/A (remote team)

Reach out for data access, deletion, corrections, or any privacy concerns.

Plain-language summary

You log in with Discord/OAuth. We store linked account identifiers and tokens.
You choose when to upload pledge/hangar exports; we parse them so you can view ships.
Your data stays private unless you export or share it.
We never sell your information and respect deletion/consent requests.
Contact us anytime for help with your data.

Privacy Policy for Citizen Hangar

Effective date: December 4, 2025

1. Introduction

Welcome to Citizen Hangar ("we", "our", "us").
Citizen Hangar is an independent web platform for aggregation and synchronization of pledge, hangar, and associated account data, used by players of gaming communities and related services. We are not affiliated with any game studio or third-party game provider.

This Privacy Policy describes how we collect, use, disclose, store, and protect your personal data, and your rights regarding that data. We are committed to transparency, data protection, and giving you control over your information.

2. Information We Collect

Depending on how you use Citizen Hangar, we may collect the following categories of information:

a) Account & Authentication Data

- Discord identifier, username, email (if provided via OAuth) — used if you sign in via Discord.
- External account linking tokens/IDs (e.g. from identity/verification providers when you link external accounts).
- Metadata: login timestamps, IP address, session information.

b) Pledge / Hangar / Game-related Data

- Raw HTML or data exports you provide (e.g. pledge pages, hangar exports).
- Parsed pledge/ship/hangar data (ships owned, status, timestamps, pledge metadata) derived from your exports.
- Synchronization timestamps and status logs (when data was last synced, success/failure status).

c) Usage & Technical Data

- Cookies and session data for logged-in sessions.
- Server logs: IP address, request metadata, error logs (for debugging and abuse prevention).
- Error and performance telemetry processed via Sentry (stack traces, sampled request metadata, profiling spans, and associated user/session identifiers).
- Any optional analytics data (only if you opt-in; see below).

3. How We Use Your Data

We use your data for the following purposes:

- To authenticate you and allow you to log in via OAuth.
- To link your external accounts (e.g. game account, social account) to your Citizen Hangar account.
- To store and display your pledge/hangar/ship data — for personal dashboards or organization/fleet-level tools.
- To offer synchronization functionality (automatic or manual sync of pledges/exports).
- To provide account management: view data, remove data, manage linked accounts, revoke access tokens.
- To maintain the security, integrity, and stability of the platform (detect abuse, debug errors, provide support).
- (Optional) To aggregate anonymized usage statistics — only if you explicitly consent — to help us improve Citizen Hangar.

We do not sell or rent your personal data to third parties for marketing.

4. Legal Basis & Consent

If you are located in a jurisdiction under data-protection law (e.g. EU / UK GDPR), our legal basis for processing your personal data is:

- Contractual necessity: to provide the service you requested (account login, data sync, data storage).
- Legitimate interest: to maintain security, prevent abuse, and improve service stability and performance.
- Consent (where required): before using any optional analytics or non-essential tracking.

5. Data Sharing & Third Parties

We do not share your personal data with third parties — except in these cases:

- If you explicitly export your data or share a direct export from the platform.
- If required by law (legal request, court order, regulations).
- If using third-party services (e.g. email, hosting, database providers). In such cases, we require them to maintain confidentiality and process data only for hosting/maintenance purposes.
- Operational monitoring: we use Sentry (hosted in the EU) for crash reporting, profiling, and tracing. Sentry receives stack traces, limited request metadata (e.g. IP address, route, user IDs), and form inputs relevant to the error so we can debug issues quickly. Data sent to Sentry is retained per their policies and removed on request.

We will never use your data for advertising or targeted marketing without your explicit consent.

6. Data Retention & Deletion

We store your account and associated data until you choose to delete it.

You may request deletion of your account and all associated data at any time via settings or by contacting us.

We may retain minimal anonymized logs (e.g. for audit/security) for a limited period — but these logs will not contain personally identifying information.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion ("right to be forgotten") of your personal data.
- Withdraw consent at any time (for optional processing).
- Object to or restrict certain processing (e.g., analytics).
- Lodge a complaint with a supervisory authority if you believe your data is mishandled.

To exercise these rights, contact us via the contact details below.

8. Security Measures

We take reasonable technical and organizational measures to protect your data: encrypted storage, secure communication (HTTPS), access controls, token hashing where needed, regular backups, and logging of access.

However — no system is 100% secure. You should avoid sharing sensitive information beyond what is strictly necessary for using the service.

9. Cookies & Tracking

Citizen Hangar may use cookies or session cookies for login sessions. We do not use cookies for tracking or profiling by default.

If we add analytics or additional tracking, we will request your explicit consent and update this policy accordingly.

10. Children & Minors

Citizen Hangar is not intended for children under 16. We do not knowingly collect data from minors. If you believe a minor has registered, please contact us to request deletion.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on our website, with a clear “Last Updated” date. Significant changes (e.g. new data uses) will be communicated to users via banner or email (if applicable).

12. Contact Information

If you have questions, concerns, or requests regarding your data — access, deletion, corrections, complaints — contact us at:

Data Controller: Citizen Hangar
Email: support@citizenhangar.space
Address: N/A (remote team)

13. Disclaimer & Liability

Citizen Hangar is an independent platform. Use is at your own risk. We are not affiliated with any game studio or third-party game provider. We make no guarantee of data completeness, uptime, or accuracy of synced data.

14. Summary (Plain-Language)

- You log in with Discord / OAuth.
- We store your account data and optionally linked external account.
- You can upload exports/HTML for pledge/hangar data; we store and parse it to show you your ships/pledges.
- Your data stays private unless you export/share it or request deletion.
- We respect your rights: access, correct, delete data.
- We do not sell your data or use it for ads.
- You can contact us anytime — we’ll respond.

Command Deck | Citizen Hangar - Star Citizen Hangar Viewer