Privacy Policy

Last updated: 2026-01-30

This Privacy Policy explains how ANYTALE LLC (“ANYTALE”, “we”, “us”) collects, uses, shares, and protects information when you use AnyTale RPG (the “Service”).



1) Who we are

Controller (data responsible party): ANYTALE LLC.
Contact: support@anytalerpg.com (or use the in-app support/report features).



2) Information we collect

A. Information you provide

Account and profile

  • Email address, username, and a password (stored as a cryptographic hash, not in plain text).
  • Profile details you choose to add, such as avatar image URL, cover image URL, and bio.
  • Preferences such as theme preference and language.

User-generated content

  • Campaigns (title/description, settings, join/invite key, public listing details, content rating).
  • Characters (name, avatar, character sheet data) and GM notes you add (which may include “secrets” for planning/AI).
  • In-game chat and logs (in-character, out-of-character, system, dice/roll metadata, whispers), direct messages, and conversations.
  • Social content such as posts, comments, likes, follows, notifications, communities and community posts.
  • LFG posts and reviews.
  • Reports/complaints and moderation-related messages you submit.

Uploads

  • Images you upload (e.g., avatars, campaign banners, character images, chat images). Uploads may be stored and served from object storage/CDN and may be accessible to anyone who has the URL.

B. Information we collect automatically

Device and network data

  • IP address, user agent, and basic request metadata (e.g., timestamp and requested endpoint) in server logs.
  • Connection identifiers and metadata for real-time features (e.g., WebSocket/Socket.IO connections).

Usage and feature metrics (first-party)

  • Feature-related counters and state used to operate the Service (for example, play time minutes, social progression values, and AI usage quota counters).

C. Information from cookies and similar technologies

We use:

  • A strictly necessary authentication cookie (e.g., auth_token) to keep you signed in and to secure API/WebSocket requests.
  • Local storage in your browser for certain preferences and convenience (for example, saved language choice and a cached copy of basic user profile data).


3) How we use information

We use information to:

  • Provide, maintain, and improve the Service (accounts, gameplay, social features, messaging, real-time sessions).
  • Authenticate you, prevent fraud/abuse, enforce rate limits, and secure the Service.
  • Store and display your profile and content according to your settings (public/private campaigns, public profiles, etc.).
  • Moderate content and respond to reports.
  • Operate AI-assisted features when you request them.
  • Communicate with you about important Service updates (where applicable).


4) AI features and third-party processing

If you use AI features (e.g., rewriting/polishing, summaries, NPC actions, referee interpretation, assistant chat), we send the text and context needed to fulfill your request to an AI provider (currently via OpenRouter). Depending on the feature, this context may include:

  • The text you submit,
  • Recent in-game chat/log excerpts (which may include other players’ messages in your campaign),
  • Page/context information used to provide the assistant response.

Do not include sensitive personal information in AI requests. Third-party AI providers process data under their own terms and privacy policies, and their retention practices may differ from ours.



5) How we share information

We may share information:

  • With other users, when you choose to post content, join campaigns, send messages, create public content, or otherwise interact socially. What’s visible depends on your settings and the features you use.
  • With service providers that help us run the Service (for example, hosting/infrastructure, object storage for images such as Cloudflare R2-compatible storage, and AI providers for AI features). These providers process data on our behalf to deliver the Service.
  • For legal and safety reasons if we believe disclosure is necessary to comply with law, enforce policies, protect rights/safety, or prevent abuse.

We do not sell your personal information.



6) Data retention

We retain information for as long as needed to:

  • Provide the Service and your account,
  • Maintain game and social features (including logs/messages/content you and others create),
  • Comply with legal obligations, resolve disputes, and enforce agreements,
  • Maintain security logs and abuse-prevention records for a reasonable period.

If you request deletion, some data may remain where it is necessary for legitimate interests (e.g., security logs) or where your content is intertwined with other users’ experiences (e.g., campaign logs), unless we can remove or anonymize it.



7) Security

We use reasonable technical and organizational measures to protect information, including access controls and password hashing. No method of transmission or storage is 100% secure.



8) Your choices and rights

Depending on your location, you may have rights to:

  • Access, correct, or delete your personal information,
  • Object to or restrict certain processing,
  • Request a copy/portability of certain data.

To exercise rights, contact us at support@anytalerpg.com. You can also update certain profile information within the Service.



9) International data transfers

We may process and store information in countries other than where you live, including where our service providers operate. These countries may have different data protection laws.



10) Children’s privacy

The Service is not directed to children under 13 (or the minimum age required by local law). If you believe a child has provided personal information, contact us so we can take appropriate action.



11) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version and update the “Last updated” date.



12) Contact

Privacy inquiries: support@anytalerpg.com
Company: ANYTALE LLC