Lorekeeper

Privacy Policy

Effective Date: March 13, 2026

Lorekeeper ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our service at lorekeeperttrpg.com (the "Service").

1. Information We Collect

Account Information: When you register, we collect your name, email address, and password (stored securely using bcrypt hashing).

Content You Create: Characters, campaigns, session notes, homebrew content, journal entries, and other data you input into the Service.

Usage Data: We collect basic analytics about how you use the Service, including pages visited, features used, and session duration. This data is aggregated and anonymized.

Payment Information: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number — Stripe handles all payment data securely. We retain your Stripe customer ID and subscription status.

Cookies: We use session cookies to keep you logged in and remember your preferences (dark mode, compendium view). We do not use third-party tracking cookies.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service.
  • Process subscriptions and payments.
  • Send transactional emails (welcome email, session reminders, subscription updates).
  • Improve the Service based on aggregated usage patterns.
  • Respond to support requests.

We do not sell your personal information to third parties. We do not use your content to train AI models.

3. Data Sharing

We share your information only in these limited circumstances:

  • Stripe: Payment processing. See Stripe's Privacy Policy.
  • Resend: Transactional email delivery. See Resend's Privacy Policy.
  • Meilisearch: Search functionality (self-hosted, data stays on our infrastructure).
  • Legal Requirements: If required by law, regulation, or legal process.

4. Data Storage & Security

Your data is stored on servers provided by Laravel Cloud (AWS infrastructure) in the United States. We use HTTPS encryption for all data in transit, database encryption at rest, and follow industry security practices including:

  • Secure password hashing (bcrypt)
  • CSRF protection on all forms
  • HTTP security headers (HSTS, X-Frame-Options, Content-Type-Options)
  • Rate limiting on public endpoints

5. Your Rights

You have the right to:

  • Access your data at any time through the Service.
  • Export your character and campaign data.
  • Correct your information through your profile settings.
  • Delete your account and all associated data through account settings. Deletion is completed within 30 days.

If you are in the EU/EEA, you also have rights under the GDPR including data portability and the right to lodge a complaint with a supervisory authority.

6. Children's Privacy

Lorekeeper is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days. Anonymized, aggregated data may be retained for analytics purposes.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The effective date at the top of this page indicates when this policy was last updated.

9. Contact

For privacy-related questions or requests, contact us at noreply@contact.lorekeeperttrpg.com.