Privacy Policy

1. What This Policy Covers

This policy explains how we collect, use, and protect personal data when you use ChronicleVTT. We aim to comply with UK GDPR and related UK data protection law. Guidance on controller/processor roles is published by the ICO.

2. What Data We Collect

Depending on how you use the Service, we may collect:

• Account data: email address, authentication identifiers, account status (e.g., verified/unverified)
• Billing data: subscription status, plan, transaction identifiers (payments are handled by our payment provider/Merchant of Record)
• User content: uploaded maps/assets and related metadata (file name, size, upload date)
• Usage and diagnostics: device/browser info, IP address, timestamps, feature usage, error logs
• Communications: support emails you send to us

3. How We Use Your Data

We use personal data to:

• Provide and secure the Service (login, verification, fraud prevention)
• Store and deliver your uploaded content to you and your invited players
• Enforce plan limits and prevent abuse
• Process subscriptions and account entitlements
• Provide support and communicate important service notices
• Improve reliability and performance

4. Legal Bases

We process data for purposes such as:

• Contract: to provide the Service you request
• Legitimate interests: security, abuse prevention, service improvement
• Legal obligation: compliance with applicable law
• Consent: where required (e.g., certain marketing emails)

5. Sharing Your Data

We share personal data only as needed to operate the Service, including with:

• Infrastructure providers (hosting, databases, file storage)
• Email delivery providers (verification, password resets, invites)
• Payment providers / Merchant of Record for billing and taxes
• Analytics/monitoring providers (to troubleshoot and improve)

We do not sell your personal data.

6. International Transfers

Some providers may process data outside the UK. Where applicable, we use safeguards such as contractual protections to support lawful transfers.

7. Data Retention

We keep personal data only as long as needed for the purposes above, including legal/accounting obligations. You may request deletion of your account; some data may be retained where required (e.g., billing records).

8. Your Rights

Depending on your circumstances, you may have rights to access, correct, delete, restrict processing, object, and data portability. To exercise rights, contact contact@chroniclegames.co.uk.

9. Security

We take reasonable technical and organisational measures to protect personal data, including access controls and secure storage. No system is invulnerable, but we take this seriously.

10. User Content and Moderation

If you upload content that is reported, we may quarantine and review it to enforce our policies and legal obligations. Where appropriate, we may retain moderation records for audit and safety.

11. Cookies

We may use cookies or similar technologies for authentication, session management, and basic analytics. You can control cookies through your browser settings.

12. Contact and Complaints

Contact: contact@chroniclegames.co.uk

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).