Privacy Policy

Introduction

D20 Loot Tracker ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Information We Collect

Account Information

• Email address - Used for account creation and authentication
• Password - Encrypted and securely stored
• Campaign data - Campaign names, player names, items, gold amounts, and transaction history

Automatically Collected Information

• Usage data - How you interact with the app (page views, features used)
• Device information - Browser type, operating system, IP address
• Cookies - For authentication and session management

How We Use Your Information

We use your information to:

• Provide and maintain the service
• Authenticate your account
• Store your campaign data
• Sync data in real-time across devices
• Improve and optimize our service
• Communicate important updates (with your consent)

Data Storage and Security

• All data is stored on Supabase (cloud PostgreSQL database)
• Passwords are hashed using industry-standard encryption
• Data transmission is encrypted using HTTPS/TLS
• We implement Row Level Security (RLS) to isolate user data
• Your campaign data is private - only you and invited users can access it

Third-Party Services

We use the following third-party services:

Data Sharing

We DO NOT:

• Sell your personal information
• Share your data with advertisers
• Use your data for marketing without consent
• Access your campaign data except for technical support (with your permission)

We MAY share data:

• If required by law or legal process
• To protect our rights or prevent fraud
• With your explicit consent

Your Rights

You have the right to:

• Access your data - View all data we store about you
• Delete your data - Delete your account and all associated campaign data
• Export your data - Request a copy of your data (transaction logs available in-app)
• Correct your data - Update or correct inaccurate information
• Object to processing - Opt out of non-essential data collection

Data Retention

• Active accounts: Data retained while your account is active
• Deleted accounts: Data permanently deleted within 30 days
• Backups: Backup data deleted within 90 days

Cookies

We use cookies for:

• Authentication - Keeping you logged in (essential)
• Session management - Maintaining your session (essential)

You can disable cookies in your browser, but this will prevent you from using the service.

Children's Privacy

D20 Loot Tracker is not intended for users under 13. We do not knowingly collect data from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately.

International Users

Your data may be stored and processed in the United States or other countries where Supabase operates. By using our service, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by:

• Updating the "Last Updated" date
• Sending an email notification (for major changes)

Continued use of the service after changes constitutes acceptance of the updated policy.

Your Consent

By using D20 Loot Tracker, you consent to this Privacy Policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights:

Email: connorprovines@gmail.com

GDPR Compliance (EU Users)

If you're in the European Union, you have additional rights under GDPR:

• Right to data portability
• Right to restrict processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

CCPA Compliance (California Users)

If you're a California resident, you have rights under CCPA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information (we don't sell data)
• Right to non-discrimination