Privacy Policy

Effective: December 25, 2025 Updated: December 25, 2025
Table of Contents

Scry Innovations LLC ("ScryMarket," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the ScryMarket website, applications, and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account Information

  • Email address
  • Username
  • Password (stored as a secure hash, never in plain text)
  • Profile information (bio, location, website - optional)

Discord Account Information (if you connect Discord)

  • Discord user ID
  • Discord username
  • Discord avatar URL
  • Email address (from Discord, if verified)

Payment Information

  • Billing information is collected and processed by Stripe
  • We receive your Stripe customer ID, subscription status, and billing period dates
  • We do NOT receive or store your credit card number

User Content

  • Items, shops, loot tables, and collections you create
  • Characters and party information
  • Party notes and ratings
  • Text descriptions and names you provide
  • Images and artwork you upload
  • Images generated using AI features

AI Prompts

  • When you use AI features, we send your prompts to OpenAI
  • We log metadata (timestamp, token count) but do not store your prompts long-term

Communications

  • Emails you send us
  • Support requests
  • Feedback you provide

1.2 Information Collected Automatically

Device and Browser Information

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Screen resolution

Usage Information

  • Pages visited
  • Features used
  • Time spent on pages
  • Referring URLs
  • Session duration

API Usage (if you use our API)

  • API key identifiers
  • API request logs (endpoints called, timestamps)
  • Rate limit usage

Cookies and Tracking Technologies

  • Session cookies for authentication
  • Preference cookies for settings
  • Analytics cookies (Google Analytics)

1.3 Information from Third Parties

Discord

  • When you authenticate via Discord, we receive your Discord profile information

Stripe

  • We receive payment status, subscription information, and billing dates
  • Stripe may share information about failed payments

2. How We Use Your Information

We use your information to:

Provide the Service

  • Create and manage your account
  • Process subscriptions and payments
  • Deliver features you use
  • Enable collaboration with other users
  • Provide API access to authorized users

Improve the Service

  • Analyze usage patterns
  • Identify and fix bugs
  • Develop new features
  • Optimize performance

Communicate with You

  • Send transactional emails (verification, password reset, subscription updates)
  • Respond to your inquiries
  • Send service announcements
  • With your consent, send marketing communications

Ensure Security

  • Detect and prevent fraud
  • Enforce our Terms of Service
  • Protect our users and systems
  • Comply with legal obligations
  • Monitor API usage for abuse

Personalize Your Experience

  • Remember your preferences
  • Show relevant marketplace content
  • Customize notifications

3. How We Share Your Information

3.1 Service Providers

We share information with third parties that help us operate the Service:

Provider Purpose Data Shared
Stripe Payment processing Email, billing info, subscription data
Discord Authentication & bot Discord ID, account linking
OpenAI AI content generation Your prompts (text you submit)
Brevo Email delivery Email address, email content
Cloudinary Image storage Images you generate or upload
Sentry Error monitoring Error data, device info (no PII)
Google Analytics Usage analytics Usage data, device info (anonymized)

These providers are contractually obligated to use your information only to provide services to us.

3.2 Other Users

When you use collaborative features:

  • Party members can see your characters and party activity
  • Public content is visible to all users
  • Your username is visible on content you share publicly
  • Your ratings are associated with your username

3.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to:

  • Protect our rights, property, or safety
  • Protect the safety of our users or the public
  • Detect, prevent, or address fraud or security issues

3.4 Business Transfers

If ScryMarket is acquired, merged, or sells assets, your information may be transferred. We will notify you of any change in ownership or use of your information.

3.5 With Your Consent

We may share information for other purposes with your explicit consent.

4. Cookies and Tracking

4.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies to operate and improve the Service.

4.2 Types of Cookies We Use

Essential Cookies

  • Required for authentication and security
  • Cannot be disabled while using the Service

Preference Cookies

  • Remember your settings and preferences
  • Improve your experience

Analytics Cookies

  • Help us understand how the Service is used
  • Provided by Google Analytics
  • Used to improve the Service

4.3 Managing Cookies

Most browsers allow you to control cookies through settings. Blocking essential cookies may prevent you from using the Service. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4.4 Do Not Track

Some browsers send "Do Not Track" signals. We do not currently respond to these signals, but we limit tracking to what is described in this Policy.

5. Data Retention

We retain your information as follows:

Data Type Retention Period
Account data Until you delete your account
User content Until you delete it or your account
Uploaded images Until you delete them or your account
Subscription data Duration + 7 years (tax records)
Usage logs 90 days
API logs 90 days
Security logs 1 year
Analytics data 26 months (Google Analytics)
Backups Up to 30 days after deletion

After account deletion, we may retain anonymized or aggregated data indefinitely for analytics and improvement purposes.

Note on public content: As described in our Terms of Service, if your public content has been duplicated or instantiated by other users, an anonymized version may be retained to maintain functionality for those users. Your personal association with that content will be removed.

6. Data Security

We implement reasonable security measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Encrypted password storage (bcrypt hashing)
  • Secure authentication tokens
  • API key security
  • Access controls and monitoring
  • Regular security reviews

However, no system is completely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials and API keys.

7. Your Rights and Choices

7.1 Access and Data Export

You can access most of your information through your account settings.

Self-Service Export: You can export your item templates and other content in JSON format through the Service interface.

Full Data Export: To request a complete export of all your personal data, contact us at legal@scrymarket.com. We will provide your data in a structured, machine-readable format within 30 days.

7.2 Correction

You can update your account information through your account settings. Contact us for corrections we cannot process through the interface.

7.3 Deletion

You can delete your account through account settings. Upon deletion:

  • Your account and profile are removed
  • Your private content is deleted
  • Public content you shared may persist in anonymized form if duplicated by others (see Terms of Service Section 5.8)
  • Backups are purged within 30 days
  • Some data may be retained for legal or security purposes

7.4 Email Preferences

You can manage email preferences in your account settings. You cannot opt out of essential transactional emails (verification, security alerts, billing).

7.5 Disconnect Third-Party Services

You can disconnect your Discord account through your account settings. Payment information is managed through Stripe's billing portal.

7.6 API Key Management

You can view, regenerate, or revoke your API keys through your account settings.

8. International Data Transfers

ScryMarket is based in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.

By using the Service, you consent to this transfer. We take steps to ensure your data is treated securely and in accordance with this Policy.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will delete it.

Users between 13 and 18 may use the free features but may not make purchases.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out: We do not sell personal information. If this changes, we will provide an opt-out mechanism.

Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact us at legal@scrymarket.com. We will verify your identity before processing your request.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Bases for Processing

  • Contract performance (providing the Service)
  • Legitimate interests (improving the Service, security)
  • Consent (marketing communications)
  • Legal obligation (tax records, legal requests)

Your Rights

  • Access your personal data
  • Correct inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

Data Controller: Scry Innovations LLC is the data controller for your personal information.

To exercise your rights, contact us at legal@scrymarket.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date
  • Notify you by email or through the Service
  • Provide at least 30 days' notice before changes take effect

Your continued use after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Scry Innovations LLC

Montana, USA
Email: support@scrymarket.com
Privacy & legal inquiries: legal@scrymarket.com

Summary of Data Collection

This summary is for convenience only. Please read the full Policy above.

What We Collect Why Who Sees It
Email, username, password Account management Us, you
Discord info Authentication, bot Us, Discord, you
Payment info Billing Stripe (not us)
Your content Provide the Service Us, users (if shared)
AI prompts AI features OpenAI
Usage data Improve Service Us, analytics
Device info Security, analytics Us, analytics
API usage Service, security Us

Your privacy matters to us. Thank you for trusting ScryMarket.