Privacy Policy
This Privacy Policy describes how ASH (operated by [Your legal name or LLC name], the “Operator”) collects, uses, and shares your personal information when you use theashgame.com (the “Service”). By using the Service you agree to this Policy. If you do not agree, do not use the Service.
1. Who we are
ASH is operated by [Your legal name or LLC name], located in [Your State], United States. The Operator is the “data controller” of personal information collected through the Service for purposes of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
For privacy questions, email support@theashgame.com.
2. Information we collect
2.1 Account information
- Email address — required for account creation, login, password recovery, and billing.
- Username — chosen by you, optional, displayed to other players in your campaigns.
- Password — stored only as a salted PBKDF2 hash; never accessible to us in plain form.
- Account status flags — verification state, moderation actions, deletion timestamp.
2.2 Campaign and game content
- Campaigns you create or join: name, settings, tone, system, public/private flag.
- Characters, NPCs, locations, abilities, items, joint techniques: stats, descriptions, lore, and notes.
- Chat history: every message between you, your party, and the AI Dungeon Master.
- Dice roll history: every server-rolled die, the inputs, and outcomes (audit trail).
- AI-generated images: portraits and scenes you generate, stored on Cloudflare R2.
2.3 Payment metadata
Subscription payments are processed by Paddle, Inc., the Merchant of Record. We never see or store your full credit-card number. From Paddle we receive: subscription identifier, product/variant, status, period dates, customer identifier, and the amount paid — the minimum needed to grant plan benefits and reconcile billing. Paddle's collection and use of your payment information is governed by their own privacy policy.
2.4 Usage and technical data
- API usage log: per-call cost, tokens used, model identifier, feature label, timestamp. Used for billing-cap enforcement and audit.
- Audit logs: inventory mutations, dice rolls, billing events — retained for dispute resolution and tamper-evidence.
- IP address and User-Agent: collected by our hosting provider (Railway) for security, rate limiting, and abuse detection. Not stored long-term in our application database.
- Push subscription endpoint (only if you opt into notifications): the browser-provided URL we use to deliver Web Push messages.
2.5 What we do NOT collect
- We do not sell your data to advertisers.
- We do not use Your Content to train AI models.
- We do not run third-party advertising or analytics scripts.
- We do not collect your real name, address, or phone number unless you choose to provide them (e.g., in support tickets or campaign content).
3. How we use your information
| Purpose | Data used | Lawful basis (GDPR) |
|---|---|---|
| Run the AI Dungeon Master and store your campaigns | Account info, campaign content, chat history | Contract performance |
| Process payments and manage subscriptions | Email, payment metadata from Paddle | Contract performance |
| Send transactional emails (verification, password reset, receipts) | Email address | Contract performance |
| Enforce plan limits and detect abuse | API usage log, account status, IP for rate limiting | Legitimate interest |
| Investigate security incidents and prevent fraud | Audit logs, IP, User-Agent | Legitimate interest |
| Comply with tax and legal obligations | Subscription history, billing events | Legal obligation |
4. Service providers (subprocessors)
We share the minimum data necessary with the following service providers (“subprocessors”) to operate the Service. Each is bound by a data-processing agreement or equivalent contractual protection. We do not sell or share data outside this list.
| Provider | Purpose | What is shared | Region |
|---|---|---|---|
| Anthropic | AI Dungeon Master responses (Claude models) | Chat messages, campaign context, character stats — sent at inference time. Anthropic's commercial terms prohibit training on customer data. | United States |
| OpenAI | Image generation (gpt-image-1) and optional text-to-speech narration | Image prompts (description text) and TTS input (narration text). OpenAI does not train on API inputs by default. | United States |
| Paddle | Payment processing and subscription management (Merchant of Record) | Email, plan, payment method, billing address. See their privacy policy. | Global |
| Railway | Application hosting, PostgreSQL database, Redis cache | All application data is stored here. See their privacy policy. | United States |
| Cloudflare R2 | AI-generated image storage | Generated images, scoped per campaign. | Global edge network |
| Resend | Transactional email delivery | Email address, message body (verification links, password resets). | United States |
| Sentry (if enabled) | Error monitoring and stack-trace capture | Error context, user identifier, request metadata. Personally identifying details scrubbed where possible. | United States / EU |
We may add or change subprocessors as the Service evolves. Material changes will be reflected in this Policy and announced through the Service.
5. How long we keep your data
| Category | Retention |
|---|---|
| Account information (email, username) | While your account is active. On deletion, the account row is anonymized (username cleared, password cleared, status flagged deleted); the email is retained for tax and dispute records. |
| Campaigns, characters, chat history, dice rolls | While your account is active. Permanently deleted when you delete the account. |
| AI-generated images on R2 | While the campaign exists. Deleted when the campaign or account is deleted. |
| API usage log | Retained for cost auditing and dispute resolution. Continues to reference the (anonymized) account ID after deletion. |
| Billing events (subscriptions, payments, refunds) | Retained at least seven years for tax and accounting compliance. |
| Email verification and password reset tokens | 24 hours, then deleted automatically. |
6. Your rights
Depending on where you live, you have the following rights regarding your personal information. Most are exercisable directly through the My Account panel; others by emailing support@theashgame.com.
6.1 Access and portability
You can request a copy of your personal data in a machine-readable format. Email us; we'll respond within 30 days.
6.2 Correction
Update your username and other profile fields directly in the Account panel. For corrections to billing or audit records, email us.
6.3 Deletion (right to erasure)
Click Delete Account in the My Account panel and confirm with your password. This permanently deletes campaigns you own, your character entries in other people's campaigns, your chat history, dice rolls, and image assets; it anonymizes your account row. We retain the minimum financial and audit data required to satisfy tax and dispute-resolution obligations as described in Section 5.
If you have an active subscription, deleting your account also cancels it through the Paddle customer portal — you will not be billed again.
6.4 Restriction and objection
EU/UK residents may request that we restrict processing or object to processing based on legitimate interest. Email support@theashgame.com with your account email and the specific data category.
6.5 Right to lodge a complaint
If you believe we have mishandled your data, you may lodge a complaint with your local supervisory authority. EU users can find theirs at edpb.europa.eu.
6.6 California residents (CCPA / CPRA)
California residents have the right to: (a) know what personal information we collect, (b) delete personal information, (c) correct inaccurate personal information, (d) opt out of “sale” or “sharing” of personal information, and (e) limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. Exercise these rights through the My Account panel or by emailing support@theashgame.com.
7. Cookies
We use a single first-party session cookie (named session) to keep you signed in. It is
marked HttpOnly, Secure (in production), and SameSite=Lax, and expires after 30 days of inactivity.
This is a strictly necessary cookie and does not require consent in most jurisdictions.
We do not use third-party tracking cookies. We do not run advertising networks. We do not run analytics tools that set cookies.
8. Security
We protect your data with reasonable, commercially available measures: HTTPS/TLS in transit, password hashing (PBKDF2-SHA256 with random salt), database access via authenticated credentials, prepared SQL statements, content security policy headers, X-Frame-Options DENY, sandboxed payment processing, and webhook signature verification (HMAC-SHA256). No system is impenetrable; if a security incident affects your data, we will notify you without undue delay as required by applicable law.
9. Children's privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal information, we will delete the account and the data. Parents who believe a child has registered may email support@theashgame.com.
10. International data transfers
We are based in the United States, and our subprocessors operate primarily in the United States. If you access the Service from outside the U.S., you understand that your data will be transferred to, stored in, and processed in the United States. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms with our subprocessors to protect your data during these transfers.
11. Changes to this Policy
We may update this Policy from time to time. Material changes will be announced through the Service or by email at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.
12. Contact
Questions about this Privacy Policy or your personal information? Email support@theashgame.com.