Privacy Policy

Last updated: 2026-06-06

What we collect

We do not collect: phone numbers, IP-address-derived location, payment card numbers (Stripe handles those directly), real names, or cross-site advertising identifiers.

Age check at signup: we ask for your birth year to verify you're at least 13 (required by COPPA in the US). The year is checked client-side and discarded immediately — we do not store it in any account record or log.

Where your data lives

We use a small, named set of data processors:

What's publicly visible (leaderboard opt-in)

When your leaderboard opt-in is on (default), the following appear on public leaderboards and hero profile pages:

You can turn off public visibility at any time via Settings → Visibility. With opt-in off, your row is removed from public leaderboards within minutes (we refresh the public view immediately on opt-in changes per GDPR Art. 17).

Your rights

Per GDPR (EU) and CCPA (California) — and as our default for everyone:

Retention

Active account data is retained as long as your account exists. After deletion, profile and gameplay data are removed within 24 hours. Tip-payment records may be retained for up to 7 years for accounting purposes (anonymized — no link back to your account).

Cookies

Essential cookies (always on): the Supabase session cookie for authentication (HttpOnly + Secure + SameSite=Lax) and a small local-storage flag that remembers your analytics choice. No advertising cookies, ever. No fingerprinting.

Analytics cookies (only with consent): if you accept the analytics banner, PostHog sets first-party cookies/local-storage (e.g. ph_*) to de-duplicate anonymous events across page views. These are not set unless you opt in, and are cleared when you opt out via Settings. We do not use them for advertising or cross-site tracking.

Contact

Privacy-related requests: privacy@draftrpg.com. We respond within 30 days.

Data controller: DraftRPG, LLC (Kentucky, USA).

← Back to home