Privacy Policy

Last updated: March 5, 2026

This Privacy Policy explains how Darkspire Table Top ("we", "us", or "our") collects, uses, and shares your personal data when you use our website, applications, and related services (the "Service"). It is particularly aimed at users in the United Kingdom and the European Economic Area (EEA).

1. Who Is Responsible for Your Data?

For users in the UK and EEA, [Your Legal Entity Name] acts as the "data controller" of your personal data under the UK General Data Protection Regulation ("UK GDPR") and the EU General Data Protection Regulation ("GDPR").

You can contact us about data protection at:

• Email: [privacy contact email]
• Postal address: [Your Legal Entity Name], [Street Address], [City], [Postcode], [Country]

2. What Data We Collect

2.1 Data You Provide Directly

• Account details – such as your email address, username, password (stored in hashed form), and any optional profile information (for example, avatar or short bio).
• Content – campaigns, maps, character sheets, messages, notes, and other content you create or upload using the Service.
• Support and communication – information you provide when you contact us, such as support requests or feedback.
• Billing information (if applicable) – name, billing address, and limited payment details. Full payment card data is handled by our payment processors and not stored by us.

2.2 Data We Collect Automatically

• Usage information – such as pages and screens you visit, features you use, in-app actions, and time spent on the Service.
• Device and log data – such as IP address, browser type and version, operating system, device identifiers, and error or crash logs.
• Cookies and similar technologies – see our Cookie Policy for more details.

2.3 Data from Third Parties

• Authentication providers – if you choose to sign in through a third-party provider, we may receive basic profile information such as your name, email, or profile image.
• Payment processors – we receive confirmation of payments, subscription status, and limited billing details.
• Analytics and marketing partners – we may receive aggregated or de-identified statistics about how people find and use the Service.

3. How and Why We Use Your Data (Legal Bases)

We process your personal data under the following legal bases, depending on the context:

• Performance of a contract – to create and manage your account, provide the Service, process payments, and handle support requests.
• Legitimate interests – to secure and improve the Service, prevent abuse and fraud, understand usage patterns, and develop new features. We balance these interests against your rights and expectations.
• Consent – for certain optional activities, such as sending marketing communications or setting non-essential cookies. Where we rely on consent, you can withdraw it at any time.
• Legal obligations – to comply with laws, regulations, and lawful requests from authorities, including bookkeeping and consumer protection rules.

4. How We Use Your Data

We use your data to:

• Provide, personalise, and maintain the Service.
• Enable core features such as campaigns, characters, maps, chat, and game sessions.
• Communicate with you about your account, security, updates, and support.
• Monitor, troubleshoot, and improve the performance and security of the Service.
• Send you product updates, news, or offers (where permitted by law and, where required, with your prior consent). You can opt out at any time via the email's unsubscribe link or by contacting us.
• Enforce our Terms of Use and Community & Content Guidelines.

5. How We Share Your Data

We do not sell your personal data. We may share it in these situations:

• Service providers – third parties that help us operate the Service (for example, hosting, analytics, email delivery, payment processing, customer support). They act under our instructions and are bound by appropriate data protection and confidentiality obligations.
• Other users – depending on your settings and use of the Service, other users may be able to see your profile, display name, and content you share in campaigns, sessions, or public areas.
• Legal and safety – where we are required to do so by law or where we believe it is necessary to protect our rights, users, or the public (for example, responding to lawful requests from authorities or enforcing our terms).
• Business transfers – in connection with a merger, acquisition, financing, or sale of all or part of our business, your data may be transferred to a new owner, subject to appropriate safeguards and, where required, notification.

6. International Transfers

Your personal data may be processed in countries outside the UK or EEA, where data protection laws may offer a different level of protection. Where we transfer personal data internationally, we take steps to ensure appropriate safeguards are in place, such as:

• Using European Commission or UK-approved standard contractual clauses with our service providers.
• Ensuring that recipients are in countries deemed "adequate" by the UK or EU authorities.

7. How Long We Keep Your Data

We keep your personal data only for as long as reasonably necessary for the purposes set out in this Policy, including to provide the Service, meet legal and accounting obligations, resolve disputes, and enforce our agreements.

If you close your account, we will take reasonable steps to delete or anonymise your personal data within a reasonable period, unless we are required or permitted by law to keep it longer (for example, for tax or legal compliance).

8. Your Rights (UK and EEA)

Under the UK GDPR and GDPR, you have a number of rights in relation to your personal data, subject to certain conditions and exceptions. These may include:

• Right of access – to obtain confirmation as to whether we process your personal data and to receive a copy of the data we hold about you.
• Right to rectification – to have inaccurate or incomplete personal data corrected or updated.
• Right to erasure – to request that we delete your personal data in certain circumstances ("right to be forgotten").
• Right to restriction – to ask us to restrict the processing of your personal data in certain situations.
• Right to data portability – to receive your personal data in a commonly used, machine-readable format and to have it transmitted to another controller where technically feasible.
• Right to object – to object to our processing of your personal data where we rely on legitimate interests, including profiling, and to object at any time to the use of your personal data for direct marketing.
• Right to withdraw consent – where we rely on consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

You can exercise many of these rights via your account settings, or by contacting us at [privacy contact email]. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In the EEA, you can find your authority via the European Data Protection Board.

9. Children's Privacy

The Service is not directed at children under 13 years old (or the minimum age required in your country). We do not knowingly collect personal data from children below that age. If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete it and, where applicable, close the account.

10. Security

We take reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), secure password storage, and access controls. However, no online system is completely secure and we cannot guarantee absolute security.

You are responsible for keeping your login details confidential and for notifying us promptly if you suspect unauthorised access to your account.

11. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and understand usage. Where required by UK or EU law, we will obtain your consent before setting non-essential cookies (for example, certain analytics or marketing cookies). For details, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time, for example to reflect changes in the law or our Service. When we do, we will update the "Last updated" date above and, where appropriate, provide additional notice (such as via email or in-app message).

If you continue to use the Service after an update takes effect, you will be deemed to have accepted the revised Policy. Where required by law, we will seek your consent to material changes.

13. Contact

If you have questions or concerns about this Privacy Policy or our data practices, you can contact us at:

• Email: [privacy contact email]
• Postal address: [Your Legal Entity Name], [Street Address], [City], [Postcode], [Country]