Weaver The Mighty
🚧 Work In Progress -This platform is under active development

Privacy Policy

Your privacy is important to us. It is our policy to respect your privacy regarding any information we may collect from you across our website, and other sites we own and operate.

Information We Collect

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.

We collect several types of information to provide and improve our TTRPG gaming platform:

Account Information: Email address (for authentication), display name (not required to be your real name), optional user handle, and secure login tokens from OAuth providers (Google, Discord).

Game Content: Character sheets including attributes, classes, races, skills, and backstories; campaign descriptions and narratives; chat messages within campaigns; custom game rules, items, spells, and creatures you create; complete game event history including all player actions and dice rolls.

Images: Character portraits and avatars you upload (up to 5MB each, stored as optimized image data).

Technical Data: Session information (IP addresses, browser details), performance metrics, error logs, WebSocket connection metadata for real-time gaming, and rate limiting data to prevent abuse.

How We Use Your Data

We use the data you provide to operate and improve our service. This includes using anonymized and aggregated data for research and development purposes, such as tracking how many players use certain game features, analyzing performance metrics, and identifying common user patterns to enhance the product for all users. We are not interested in your personal data beyond what is necessary for the functionality of the service.

Real-Time Communications

Our platform provides real-time gaming features including live chat, dice rolling, and game state synchronization using WebSocket technology through PartyKit. All real-time communications are restricted to campaign participants and require valid authentication. Chat messages and game events are stored and may be retained as part of campaign history. Real-time data may be transmitted across international borders to provide seamless gaming experiences for participants in different countries.

Data Sharing with Third Parties

We use specific third-party services including: Google and Discord (for authentication), PartyKit (for real-time gaming infrastructure), PostgreSQL hosting providers (for data storage), and image processing services. These services may have access to certain data as necessary to perform their functions, but they are bound by their own privacy policies. We do not sell, trade, or otherwise transfer your personal information to third parties for marketing purposes. Any anonymized, aggregated data used for analytics cannot be traced back to individual users.

Data Retention

We retain your account information (login tokens and display name) as long as your account is active. If you delete your account, we will remove your personal information within 30 days. We may retain anonymized, aggregated data indefinitely for research and development purposes, but this data cannot be linked back to you personally.

Children's Privacy Protection

We are committed to protecting children's privacy. Our service is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected personal information from a child under 13 without parental consent, we will take steps to remove that information from our servers promptly.

For users between 13 and 18 years of age, we recommend parental supervision when using our real-time chat and gaming features. Parents can contact us to request information about their minor child's account or to request account deletion.

Your Rights and Choices

You have the right to access, update, or delete your personal information. You can update your display name through your account settings. If you wish to delete your account and all associated data, or if you have questions about your data, please contact us. We will respond to your request within a reasonable timeframe, typically within 30 days.

European Union (GDPR) Rights

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access: You can request a copy of all personal data we hold about you.
Right to Rectification: You can request correction of inaccurate personal data.
Right to Erasure: You can request deletion of your personal data under certain circumstances.
Right to Data Portability: You can request your data in a machine-readable format.
Right to Object: You can object to processing of your personal data for certain purposes.
Right to Restrict Processing: You can request limitation of how we process your data.

To exercise these rights, please contact us. We process your personal data based on legitimate interests (providing gaming services), contract performance (your account agreement), and consent (where applicable). Data may be transferred outside the EU to provide our services, with appropriate safeguards in place.

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.
Right to Delete: You can request deletion of your personal information.
Right to Opt-Out: We do not sell personal information, but you have the right to opt-out if this ever changes.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

We do not sell personal information to third parties. We may share personal information with service providers as described in this policy. To exercise your CCPA rights, please contact us with a verifiable request.

Security

We take security seriously and implement reasonable measures to protect your information, including encryption for data in transit, secure data storage practices, and limiting access to user data to authorized personnel only. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

Weaver The Mighty