Last updated: March 21, 2026
We collect only what's needed to run the service:
We do not use tracking pixels, advertising SDKs, or behavioral analytics.
All data is stored in Supabase (PostgreSQL), hosted in the United States. Data is encrypted in transit (TLS) and at rest. Access is controlled by row-level security policies — players can only see their own campaign's data.
Payments are processed by Stripe. We receive confirmation of payment status but never handle raw card data. Stripe's privacy policy applies to all payment transactions.
We do not sell, rent, or share your personal data with third parties. Campaign data is visible only to members of that campaign (players and the Dungeon Master). We use Supabase and Stripe as service providers — they process data on our behalf under their own privacy policies.
Your data is retained for as long as your account is active. To request deletion of your account and all associated data, email us at [email protected]. Deletion is permanent and cannot be undone.
We use browser localStorage to store your Supabase authentication token and app preferences. No third-party cookies are set. We do not use advertising cookies.
We may update this policy as the service evolves. The "Last updated" date at the top of this page will reflect any changes. Continued use of the service after changes constitutes acceptance of the updated policy.