Privacy Policy

Effective: May 27, 2026 Updated: May 27, 2026

Scry Innovations LLC ("ScryRPG," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the ScryRPG website, applications, and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account Information

  • Email address
  • Username
  • Password (stored as a secure hash, never in plain text)
  • Profile information (bio, location, website - optional)

Discord Account Information (if you connect Discord)

  • Discord user ID
  • Discord username
  • Discord avatar URL
  • Email address (from Discord, if verified)

Payment Information

  • Billing information is collected and processed by Stripe
  • We receive your Stripe customer ID, subscription status, and billing period dates
  • We do NOT receive or store your credit card number

User Content

  • Campaign notes, imports, lore, session material, and other campaign memory you create or upload
  • Items, shops, loot tables, collections, and marketplace material you create
  • Characters, parties, permissions, and shared table information
  • Party notes, ratings, conversations with your familiar, and approved changes
  • Text descriptions and names you provide
  • Images and artwork you upload
  • Images generated using AI features

AI Prompts

  • When you use your familiar, import, image generation, session-audio transcription, or other AI features, we may send relevant prompts, uploaded or imported material, audio-derived transcripts, and selected campaign context to configured AI providers
  • We may store conversations with your familiar, approved changes, generated or imported campaign records, summaries, provenance, and review decisions as part of the Service
  • We log operational metadata such as timestamp, model/provider, token count, credit usage, request status, and error state for reliability, billing, abuse prevention, and support

Communications

  • Emails you send us
  • Support requests
  • Feedback you provide

1.2 Information Collected Automatically

Device and Browser Information

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Screen resolution

Usage Information

  • Pages visited
  • Features used
  • Time spent on pages
  • Referring URLs
  • Session duration
  • First-party analytics session identifiers stored in localStorage
  • Account-linked analytics properties such as user ID, subscription tier, account age, and feature usage

API Usage (if you use our API)

  • API key identifiers
  • API request logs (endpoints called, timestamps)
  • Rate limit usage

Cookies and Tracking Technologies

  • Session cookies for authentication
  • Preference cookies for settings
  • Analytics cookies (Google Analytics)
  • Local browser storage for first-party analytics sessions and user preferences

1.3 Information from Third Parties

Discord

  • When you authenticate via Discord, we receive your Discord profile information

Stripe

  • We receive payment status, subscription information, and billing dates
  • Stripe may share information about failed payments

2. How We Use Your Information

We use your information to:

Provide the Service

  • Create and manage your account
  • Process subscriptions and payments
  • Deliver campaign memory, import review, your familiar, inventory, Discord, shops, loot, and marketplace features you use
  • Enable collaboration with other users
  • Provide API access to authorized users

Improve the Service

  • Analyze usage patterns
  • Identify and fix bugs
  • Develop new features
  • Optimize performance

Communicate with You

  • Send transactional emails (verification, password reset, subscription updates)
  • Respond to your inquiries
  • Send service announcements
  • With your consent, send marketing communications

Ensure Security

  • Detect and prevent fraud
  • Enforce our Terms of Service
  • Protect our users and systems
  • Comply with legal obligations
  • Monitor API usage for abuse

Personalize Your Experience

  • Remember your preferences
  • Show relevant marketplace content
  • Customize notifications

3. How We Share Your Information

3.1 Service Providers

We share information with third parties that help us operate the Service:

Provider Purpose Data Shared
Stripe Payment processing Email, billing info, subscription data
Discord Authentication & bot Discord ID, account linking
AI providers AI assistant, import, image generation, and audio transcription Prompts, uploaded/imported material, selected campaign context, generated outputs, and operational metadata needed to provide the feature
Brevo Email delivery Email address, email content
Cloudinary Image storage Images you generate or upload
Cloudflare R2 / hosting storage Private file and media storage where enabled Uploaded files, import artifacts, audio files, transcripts, and related metadata
Sentry Error monitoring Error data, device info, internal user ID, and debugging context; we do not intentionally send email or username
Google Analytics Usage analytics Usage data, device info, and account-linked user ID/properties when analytics is enabled

These providers are contractually obligated to use your information only to provide services to us.

3.2 Other Users

When you use collaborative features:

  • Party members can see characters, notes, lore, imports, AI assistant outputs, and activity that are visible to their party role
  • GMs and managers may have access to GM-only or manager-only party material; players should only see content made visible to them
  • Discord commands used in public or shared channels may be visible to Discord and to people with access to those channels
  • Public content is visible to all users
  • Your username is visible on content you share publicly
  • Your ratings are associated with your username

3.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to:

  • Protect our rights, property, or safety
  • Protect the safety of our users or the public
  • Detect, prevent, or address fraud or security issues

3.4 Business Transfers

If ScryRPG is acquired, merged, or sells assets, your information may be transferred. We will notify you of any change in ownership or use of your information.

3.5 With Your Consent

We may share information for other purposes with your explicit consent.

4. Cookies and Tracking

4.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies to operate and improve the Service.

4.2 Types of Cookies We Use

Essential Cookies

  • Required for authentication and security
  • Cannot be disabled while using the Service

Preference Cookies

  • Remember your settings and preferences
  • Improve your experience

Analytics Cookies

  • Help us understand how the Service is used
  • May include Google Analytics and first-party analytics sessions when enabled
  • Used to improve the Service

Advertising Pixels

We do not enable Reddit Pixel or other ad retargeting pixels by default. If we later enable ad conversion or retargeting pixels, we will update this Policy and the runtime controls before doing so.

4.3 Managing Cookies

Most browsers allow you to control cookies through settings. Blocking essential cookies may prevent you from using the Service. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4.4 Do Not Track

Some browsers send "Do Not Track" signals. We do not currently respond to these signals, but we limit tracking to what is described in this Policy.

5. Data Retention

We retain your information as follows:

Data Type Retention Period
Account data Until you delete your account
User content Until you delete it or your account
Import raw uploads and extracted source text While needed to process, review, troubleshoot, or complete the import; imported campaign records, summaries, and provenance may remain as User Content
AI assistant conversations, actions, summaries, and generated records Until deleted, archived, or removed through account deletion, except records retained for legal, billing, security, or abuse-prevention reasons
Session audio and transcripts (if enabled) Raw audio is retained only while needed for transcription, review, troubleshooting, or user-directed deletion; transcripts and imported notes may remain as User Content
Uploaded images Until you delete them or your account
Subscription data Duration + 7 years (tax records)
AI request facts and AI credit ledger records As needed for billing, credit accounting, reliability, abuse prevention, tax, and audit purposes
Discord command and handoff metadata As needed to provide Discord features, security, support, and abuse prevention, unless converted into campaign content
Usage logs 90 days
API logs 90 days
Security logs 1 year
Analytics data 26 months for Google Analytics where enabled; first-party analytics may be retained as needed for launch and product analysis unless deleted or aggregated
Backups Up to 30 days after deletion

After account deletion, we may retain anonymized or aggregated data indefinitely for analytics and improvement purposes.

Note on public content: As described in our Terms of Service, if your public content has been duplicated or instantiated by other users, an anonymized version may be retained to maintain functionality for those users. Your personal association with that content will be removed.

6. Data Security

We implement reasonable security measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Encrypted password storage (bcrypt hashing)
  • Secure authentication tokens
  • API key security
  • Access controls and monitoring
  • Regular security reviews

However, no system is completely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials and API keys.

7. Your Rights and Choices

7.1 Access and Data Export

You can access most of your information through your account settings.

Available Exports: Some Service areas provide limited CSV or file export tools. The available format and fields depend on the feature.

Privacy Export Requests: To request an export of personal data associated with your account, contact us at legal@scryrpg.com. We will verify your identity and respond within the timeline required by applicable law. Exports may exclude data we cannot lawfully provide, data that would reveal another user's information, security-sensitive records, or data retained only in aggregated or anonymized form.

7.2 Correction

You can update your account information through your account settings. Contact us for corrections we cannot process through the interface.

7.3 Deletion

To request account deletion, contact us at legal@scryrpg.com. We will verify your identity and process the request through our support/admin workflow. Upon deletion:

  • Your account and profile are removed
  • Your private content is deleted or disassociated where deletion is not technically or legally available
  • Public content you shared may persist in anonymized form if duplicated by others (see Terms of Service Section 5.8)
  • Backups are purged within 30 days
  • Billing, tax, security, anti-abuse, notification suppression, analytics, and audit records may be retained or anonymized where legally or operationally necessary

7.4 Email Preferences

You can manage email preferences in your account settings. You cannot opt out of essential transactional emails (verification, security alerts, billing).

7.5 Disconnect Third-Party Services

You can disconnect your Discord account through your account settings. Payment information is managed through Stripe's billing portal.

7.6 API Key Management

You can view, regenerate, or revoke your API keys through your account settings.

8. International Data Transfers

ScryRPG is based in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.

We take steps designed to protect transferred data, including contractual, organizational, and technical safeguards appropriate to the provider and processing activity. Where required, we rely on legally recognized transfer mechanisms rather than consent alone for routine Service processing.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will delete it.

Users between 13 and 18 may use free features but may not make purchases, receive creator payouts, or participate in paid creator programs.

Do not upload recordings, transcripts, or personal information about minors unless you have all required rights and consents.

10. California Privacy Rights

If a California privacy law applies to us or to your request, you may have additional rights, including:

Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out: We do not sell personal information. Reddit Pixel and other ad retargeting pixels are disabled by default. If our practices change or if opt-out rights apply, we will provide the required opt-out mechanism.

Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact us at legal@scryrpg.com. We will verify your identity before processing your request.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Bases for Processing

  • Contract performance (providing the Service)
  • Legitimate interests (improving the Service, security)
  • Consent (marketing communications)
  • Legal obligation (tax records, legal requests)

Your Rights

  • Access your personal data
  • Correct inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

Data Controller: Scry Innovations LLC is the data controller for your personal information.

To exercise your rights, contact us at legal@scryrpg.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date
  • Notify you by email or through the Service
  • Provide at least 30 days' notice before changes take effect

Your continued use after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Scry Innovations LLC

Montana, USA
Email: support@scryrpg.com
Privacy & legal inquiries: legal@scryrpg.com

Summary of Data Collection

This summary is for convenience only. Please read the full Policy above.

What We Collect Why Who Sees It
Email, username, password Account management Us, you
Discord info Authentication, bot Us, Discord, you
Payment info Billing Stripe (not us)
Your content Provide the Service Us, users (if shared)
AI prompts and selected campaign context AI features AI providers
Imports and session audio/transcripts Import, review, and campaign memory Us, storage/AI providers, party users with access
Usage data Improve Service Us, analytics providers if enabled
Device info Security, analytics Us, analytics
API usage Service, security Us

Your privacy matters to us. Thank you for trusting ScryRPG.