Privacy Policy

This policy explains what personal data we collect, how we store it, and your rights as a user of this app.

We aim to store as little personal data as possible. All storage is limited to what is necessary to deliver the core functionality of the app or what you explicitly consent to.

What We Collect and Why

1. Session Cookie (JWT)

  • What:A secure, HttpOnly cookie containing a JSON Web Token (JWT).
  • Purpose:Used to manage your login session after signing in (e.g., via OAuth). This cookie is required to access user-specific features.
  • Duration:Up to 30 days, depending on session settings.
  • Legal Basis:Contractual necessity (to provide access to your account).
  • Control:You can log out at any time, which will delete this cookie.

2. API Keys (Google / OpenAI)

  • What:Your personal API keys for third-party services, stored in secure,HttpOnly cookies.
  • Purpose:Required to interact with the AI Game Master. Without at least one key, core gameplay is unavailable.
  • Duration:Up to 1 year if you choose to store them. Otherwise, they are used only during the current session.
  • Legal Basis:Your explicit consent (you must opt in via checkbox before storage).
  • Control:You can delete your stored API keys at any time via your profile settings.

3. OAuth Profile Picture

  • What:A link to your profile picture from your OAuth provider (e.g., Google or GitHub).
  • Purpose:Displayed in your user interface to personalize your account.
  • Duration:Until you remove it or delete your account.
  • Legal Basis:Legitimate interest (personalizing your experience).
  • Control:You can remove your profile picture at any time from your profile settings.

4. OAuth Email Address

  • What:Your email address from your OAuth provider (e.g., Google or GitHub).
  • Purpose:Used for account identification and to associate your data with your account.
  • Duration:Until you delete your account.
  • Legal Basis:Contractual necessity (to provide access to your account and data).
  • Control:You can delete your account at any time, which will remove your email address from our records.

5. Usage Analytics (Optional)

  • What:Basic usage data such as page views, device type, and general user interactions collected via Vercel Analytics.
  • Purpose:To understand how many users use the app and from what devices. This helps improve the app experience.
  • Duration:Analytics data is retained according to Vercel's data retention policy.
  • Legal Basis:Your explicit consent (you must opt in to analytics collection).
  • Control:You can opt out of analytics collection at any time in your settings.

Important: Analytics data is never sold to third parties and is used solely for understanding app usage patterns to improve the user experience.

Where and How Your Data Is Stored

All personal data is stored securely in a PostgreSQL database hosted by Neon, a third-party infrastructure provider. Neon acts as our data processor and does not access or use your data for any other purpose.

If you consent to analytics collection, usage data is processed by Vercel Analytics. Vercel acts as a data processor and follows strict privacy standards.

All data is transmitted securely using HTTPS encryption.

We do not use tracking cookies (beyond analytics if consented), third-party ads, data brokers, or any form of user profiling. Your data is never sold.

Your Rights

You have the right to:

Accessyour stored data
Deleteyour account or stored data (API keys, profile picture)
Withdraw consentat any time (e.g., stop storing your API keys)
Lodge a complaintwith your local data protection authority
Opt out of analyticsdisable usage analytics collection at any time

To exercise your rights, use the controls available in your profile settings or contact us at team@runelogic.dev.

Changes to This Policy

We may update this policy to reflect changes in how we handle data. If we make significant changes, we'll inform you through the app interface.