Data storage

What we actually store.

Last updated 2026-06-10.

A literal inventory of every Postgres table on Tavern's server, what it holds, and why. If something is missing from this list, we don't have it.

users

Accounts

Email + argon2id password hash + display name for signed-up Tavern accounts. No phone number, no address, no real name unless you choose a display name. We never store the password itself — only the hash, and only ever with argon2id.

waitlist

Launcher waitlists

When you click "Notify me" on a non-Steam launcher card in /account, we store the launcher name + a SHA-256 hash of your IP address — no email, no identity. The count of interest signals per launcher is how we prioritize which integration ships next. The raw IP hashes are not linked to your account row in any way.

sessions

Sign-in sessions

When you sign in, we issue an opaque 32-byte random token, hash it (SHA-256), and store the hash here with your user id and a 30-day sliding expiry. The plaintext token lives only in your browser's session cookie. When you sign out, the row is deleted.

linked_accounts

Linked launchers (opt-in)

When you click "Link Steam" from /account, Steam's OpenID endpoint confirms your identity and returns your SteamID64. We store that ID against your Tavern user id — that's it. No Steam password, no friend list, no purchase history. Other launchers will appear here as their integrations ship in Phase 3.

igdb_cache

IGDB game metadata cache

Per-Steam-appid game name, summary, genres, release date — fetched from IGDB and cached so we don't hammer their API. Not user- specific. The same row is served to every Tavern user who looks at the same game.

sgdb_cache + art_cache

Cover art cache

Cover, hero, and logo image URLs from SteamGridDB plus a local mirror of the bytes at cache.tavernhq.net, so cover art loads at edge speed for everyone. Not user-specific. The "first user to fetch a game pays SGDB's network cost, every subsequent user gets the cached URL" pattern.

That's the complete list as of 2026-06-10. If we add a table that stores something user-identifying, this page gets updated and you'll see an in-app notice the next time you sign in. Email [email protected] with questions.