Privacy Policy

This policy describes what personal data OneNomad LLC (“we”, “us”) collects through Dungeon Diary (“the Service”), how we use it, who we share it with, and the choices you have. We aim to be specific where most privacy policies are vague.

1. What we collect

1.1 Account data

When you create an account we store your display name, email address, and a hashed password. If you accept an invite without explicitly signing up, your email is added from the invite record.

1.2 Campaign content

Everything you create in a campaign — worldbuilding entities, characters, notes, dice rolls, audio recordings, AI generations — is stored in our database and (for media) in Vercel Blob storage. This content belongs to you; we host it on your behalf.

1.3 Usage data

Server logs of authenticated requests (path, status, latency, coarse user agent), errors captured by Sentry, and request-level metrics. These don't include campaign content but do include your user ID. Logs are retained for up to 30 days.

1.4 Payments

If and when you subscribe, payment is processed by Stripe. We store the Stripe customer ID and subscription state. We never see or store your card number.

1.5 Cookies

We use a session cookie (HTTP-only, secure, prefixed dd) to keep you signed in. We don't use ad cookies and we don't run third-party tracking pixels.

2. How we use it

• To deliver the Service to you and your invited players.
• To send transactional email (verification, invites, password resets, session notifications).
• To diagnose bugs and improve reliability via aggregated logs and errors.
• To enforce these Terms and prevent abuse.
• To send beta updates or product announcements that you can opt out of from your account settings.

3. AI features

AI generation requests (text and images) are routed through OpenRouter to upstream model providers. The prompt sent to the provider includes context retrieved from your campaign so the output is grounded in your world.

We do not authorize providers to use your prompts or outputs for model training; OpenRouter's data policy prohibits using API request content to train models. We retain the prompt + response in our own database so the assistant can keep context across a conversation; you can clear that history from the chat panel at any time.

4. Who we share data with

We rely on a small number of service providers to operate the Service. Each receives only the data necessary for its function:

• Vercel — hosting and edge network.
• Neon — managed Postgres database.
• Vercel Blob — file storage (uploads, AI-generated images, session audio).
• Resend — transactional email delivery.
• Ably — real-time message transport for combat, dice, and live session events.
• Stripe — payment processing (when paid plans launch).
• Sentry — error reporting.
• OpenRouter — AI model routing for generation features (text and embeddings).

We don't sell, rent, or trade your data with anyone for any reason.

5. Your rights

You have the following rights with respect to your data:

• Access & export. Request a copy of the campaign content tied to your account by emailing us.
• Correction. Update your profile fields from the account settings page; ask us for help with anything you can't self-serve.
• Deletion. Delete your account from the account settings page. We retain backups for up to 30 days before permanent erasure.
• Opt-out. Unsubscribe from product email at any time from the email footer or your account settings. Transactional email (security, invites you accepted) cannot be turned off while your account is active.
• Object / restrict / portability. If you're in the EEA, UK, or California, you can exercise the additional rights granted by GDPR / UK GDPR / CCPA by emailing us.

6. Children

The Service is not directed at children under 13 (or the local equivalent age of digital consent). If we learn we've collected personal information from a child without verifiable parental consent, we'll delete it.

7. Security

We use industry-standard transport encryption (TLS) for all data in transit and database-level encryption at rest with our managed Postgres provider. Passwords are hashed via better-auth's recommended algorithm. No system is perfectly secure; we'll notify affected users without undue delay if we become aware of a breach that affects them.

8. International transfers

The Service is hosted in the United States. If you're accessing it from outside the US, your data is transferred to and processed in the US under appropriate safeguards.

9. Changes to this policy

We'll post material changes here and notify active users by email at least 14 days before they take effect.

10. Contact

OneNomad LLC · hello@dungeondiary.app