Roleplayr

Privacy Policy

Last updated: January 1, 2025

Roleplayr ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our role-playing game management platform.

1. Information We Collect

Information You Provide

We collect information you provide directly to us, including:

  • Account information (email address, username, password)
  • Profile information (display name, avatar, preferences)
  • User content (characters, locations, events, campaign data, notes, images)
  • Payment information (processed through third-party payment providers)
  • Communications with us (support requests, feedback)

Automatically Collected Information

When you use our Service, we automatically collect:

  • Usage data (features used, time spent, interactions)
  • Device information (browser type, operating system, IP address)
  • Log data (access times, pages viewed, errors)
  • Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process your transactions and manage subscriptions
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and fraud
  • Personalize and improve your experience
  • Send you promotional communications (with your consent)
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your information depends on the data and context:

  • Contract Performance: Processing necessary to provide our Service
  • Legitimate Interests: Improving our Service, security, and fraud prevention
  • Consent: Marketing communications and optional features
  • Legal Obligations: Compliance with applicable laws

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • Service Providers: Third-party vendors who perform services on our behalf (hosting, analytics, payment processing)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly agree to share information

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and monitoring
  • Access controls and authentication requirements
  • Secure database infrastructure (Supabase with Row Level Security)

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

  • Account data: Until you delete your account or request deletion
  • User content: Until you delete it or your account is deleted
  • Usage logs: Typically 90 days, unless required for security or legal purposes
  • Payment records: As required by tax and financial regulations

7. Your Privacy Rights

General Rights

You have the right to:

  • Access and review your personal information
  • Update or correct your information
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt-out of marketing communications
  • Object to certain processing activities

EU/EEA Residents (GDPR Rights)

If you are located in the European Economic Area, you have additional rights under GDPR:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with your data protection authority

California Residents (CCPA Rights)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information collected, used, or shared
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit: Limit the use of sensitive personal information

Categories of Personal Information (CCPA):

  • Identifiers (email, username, IP address)
  • Commercial information (subscription details, payment history)
  • Internet activity (usage data, browsing behavior)
  • Geolocation data (derived from IP address)
  • Professional information (if provided in user content)

To exercise any of these rights, please contact us through the Help page or support channels. We will respond to your request within 30 days (45 days for California residents).

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction.

When we transfer data from the EU/EEA to other countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics Cookies: Help us understand how users interact with our Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features.

10. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

  • Supabase: Database and authentication provider
  • Payment Processors: Handle subscription and payment processing
  • AI Services: OpenAI, Anthropic, and OpenRouter for content generation
  • Analytics Services: Usage and performance monitoring

We recommend reviewing the privacy policies of these third-party services.

11. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Users between 13 and 18 must have parental or guardian consent to use the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through:

  • The Help page within the Service
  • Our support channels

For EU/EEA Residents: You have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

For California Residents: You may contact us to exercise your CCPA rights or submit a complaint to the California Attorney General.