Privacy Policy

Effective Date: January 22, 2026

Summary (Plain English)

This summary is provided for convenience only and is not legally binding. Please read the full Privacy Policy below.

  • We collect your account info (email, username) and the campaign data you create.
  • When you use AI features, your prompts are sent to third-party AI providers.
  • We use your data to provide the service, improve features, and keep things secure.
  • We don't sell your personal information.
  • You can request deletion of your account and data, subject to legal/security retention requirements.
  • The service is not intended for children under 13.

1. Definitions

Throughout this Privacy Policy, the following definitions apply:

  • "Service" means the Crit Keepers web application, website, and all related features.
  • "Personal Information" means information that identifies, relates to, or could reasonably be linked to you.
  • "User Content" means content you submit through the Service, including campaign data, prompts, and notes.
  • "AI Features" means functionality that uses artificial intelligence to generate content.
  • "We," "us," or "our" means Crit Keepers and its operators.

2. Overview

Crit Keepers ("we," "us," "our") provides a web application designed to help tabletop RPG players and Dungeon Masters manage campaigns, players, encounters, and related content (the "Service").

This Privacy Policy explains what information we collect, how we use it, how we share it, and your choices regarding your information. By using the Service, you agree to the collection and use of information as described in this policy.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Username
  • Password (stored only as a secure cryptographic hash—never in plaintext)
  • Account creation date
  • Account type and subscription status (if applicable)

3.2 Campaign and Gameplay Content

You may choose to enter content into the Service, including:

  • Campaign names, descriptions, and settings
  • Player names and character details (race, class, level, stats, etc.)
  • Inventory items and equipment
  • Encounter prompts, history, and generated content
  • Session notes and history
  • Custom tags, preferences, and configuration

3.3 AI Feature Inputs and Outputs

When you use AI Features, we collect:

  • Prompts and inputs you provide to generate content
  • Context information (campaign details, player information) sent with requests
  • Generated outputs returned by AI providers

3.4 Usage and Technical Data

We automatically collect certain technical information, including:

  • IP address (for security, fraud prevention, and rate limiting)
  • Browser type and version
  • Device information (operating system, screen resolution)
  • Pages visited and features used
  • Timestamps of requests and actions
  • Referral URLs
  • Error logs and diagnostic data

3.5 Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences and settings
  • Understand how you use the Service
  • Protect against fraud and unauthorized access

Most browsers allow you to control cookies through settings. Disabling cookies may affect your ability to use certain features of the Service.

4. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service: Enable login, account access, campaign management, and all core features
  • Process AI requests: Send your prompts and context to AI providers to generate content
  • Improve the Service: Analyze usage patterns, fix bugs, and develop new features
  • Maintain security: Detect and prevent fraud, abuse, and unauthorized access
  • Enforce policies: Monitor for violations of our Terms of Service
  • Communicate with you: Send important account notifications, service updates, and respond to support requests
  • Comply with legal obligations: Respond to legal requests and enforce our rights

5. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a legal basis for processing personal data, we rely on the following bases:

  • Contract: Processing necessary to provide the Service to you (account creation, campaign management, AI features)
  • Legitimate Interests: Processing for security, fraud prevention, abuse detection, analytics, and service improvement, where our interests do not override your rights
  • Consent: Processing based on your consent, such as optional marketing communications (you may withdraw consent at any time)
  • Legal Obligation: Processing required to comply with applicable laws, regulations, or legal requests

6. AI Processing and Third-Party Providers

5.1 How AI Features Work

When you use AI Features (such as encounter generation, NPC creation, or content suggestions), your inputs—including prompts, campaign context, and character information—are sent to third-party large language model (LLM) providers for processing.

5.2 Third-Party AI Providers

We use third-party AI providers to power our AI Features. These providers process your inputs according to their own privacy policies and terms. We select providers that offer appropriate data handling practices, but we encourage you to review the privacy policies of these providers.

5.3 What We Send

When you use AI Features, we may send:

  • Your prompt or request
  • Relevant campaign context (names, settings, player information)
  • Previous conversation context (for multi-turn interactions)

We do not intentionally send your email address, password, payment information, or other sensitive account credentials to AI providers.

5.4 AI Provider Data Retention

Third-party AI providers may retain prompts and outputs for safety monitoring, abuse prevention, and service improvement purposes according to their own policies. We do not control how long AI providers retain data. Where available, we use API configurations that minimize data retention, but we cannot guarantee that providers do not store or process your inputs beyond the immediate request.

7. How We Share Information

We do not sell your personal information.

We may share information in the following limited circumstances:

7.1 Service Providers

We share information with third-party service providers who help us operate the Service, including:

  • Hosting and infrastructure providers
  • Database services
  • AI/LLM providers (for content generation)
  • Payment processors (if applicable)
  • Analytics services (if used)
  • Email delivery services

7.2 Legal Requirements

We may disclose information if required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to valid legal requests (subpoenas, court orders, etc.)
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or the public

7.3 Business Transfers

If Crit Keepers is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

7.4 With Your Consent

We may share information with your consent or at your direction.

8. Data Retention

We retain your information for as long as:

  • Your account is active
  • Needed to provide the Service to you
  • Required to comply with legal obligations
  • Necessary to resolve disputes or enforce agreements

When you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, security, or fraud prevention purposes.

Some information (such as server logs and backup data) may be retained for a limited period for security and debugging purposes even after account deletion.

9. Your Rights and Choices

9.1 Access Your Information

You can view your account information and campaign data at any time through the Service. You may also request a copy of your personal information by contacting us.

9.2 Update Your Information

You can update your account information (password, preferences) through your Account Settings page.

9.3 Delete Your Account

You can permanently delete your account at any time through your Account Settings page. When you delete your account:

  • Your account and login credentials are permanently deleted
  • All campaigns, players, encounters, and other content are permanently deleted
  • This action cannot be undone

You may also contact us at admin@critkeepers.com to request account deletion.

9.4 Export Your Data

We recommend regularly backing up your important campaign data. You may request an export of your data by contacting us.

9.5 Jurisdiction-Specific Rights

Depending on your location, you may have additional rights under applicable privacy laws (such as GDPR, CCPA, or others). These may include:

  • Right to access your personal information
  • Right to correct inaccurate information
  • Right to delete your personal information
  • Right to data portability
  • Right to object to or restrict certain processing
  • Right to withdraw consent

To exercise these rights, please contact us at admin@critkeepers.com.

10. Security

We implement reasonable technical and organizational safeguards to protect your information, including:

  • Secure password hashing (passwords are never stored in plaintext)
  • Encrypted data transmission (HTTPS)
  • Access controls and authentication
  • Rate limiting and abuse prevention
  • Secure session handling
  • Regular security reviews

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You use the Service at your own risk and are responsible for maintaining the security of your account credentials.

11. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing activity not be tracked. We do not currently respond to DNT signals. However, you can manage cookies and tracking preferences through your browser settings.

12. Email Communications

12.1 Transactional Emails

We may send you transactional emails related to your account and use of the Service, including:

  • Account verification and password reset emails
  • Important service announcements and security alerts
  • Changes to our Terms of Service or Privacy Policy

These emails are necessary for the operation of your account and cannot be opted out of while you maintain an account.

12.2 Marketing Emails

With your consent, we may send you promotional emails about new features, tips, or updates. You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or by contacting us.

13. Children's Privacy

The Service is not intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.

If you believe we have collected information from a child under 13, please contact us immediately at admin@critkeepers.com.

14. International Users

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will:

  • Update the "Effective Date" at the top of this page
  • Notify you through the Service or by email (for significant changes)

Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

16. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your information, please contact us:

Privacy Inquiries: admin@critkeepers.com

General Support: admin@critkeepers.com