Privacy Policy

Last updated: October 15, 2025

Legal Documents

1. Introduction

HeartfeltDagger ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DaggerHeart TTRPG companion service.

By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

When you create an account or use our Service, we may collect:

  • Account Information: Username, email address, and encrypted password
  • Character Data: DaggerHeart character builds, stats, equipment, and customizations
  • Campaign Content: Campaign names, descriptions, and associated data
  • Room Participation: Room names, participant lists, and session notes
  • Storage Account Credentials: Encrypted OAuth tokens for connected cloud storage services

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, and interaction patterns
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP addresses, access times, and error logs for service improvement
  • Session Data: Login sessions and authentication tokens

2.3 Third-Party Integration Data

  • Google Drive Integration: OAuth access and refresh tokens, file metadata
  • Wasabi Storage: Access credentials and upload session information
  • WebRTC Communications: Temporary signaling data for peer-to-peer connections

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide and maintain our DaggerHeart companion features
  • Account Management: To create, authenticate, and manage user accounts
  • Character Storage: To save and sync character data across devices and sessions
  • Cloud Integration: To facilitate direct uploads to your connected storage accounts
  • Communication: To enable real-time video conferencing and messaging in rooms
  • Service Improvement: To analyze usage patterns and improve our features
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: To comply with applicable laws and regulations

4. Google Drive Integration

Our Google Drive integration allows you to upload video recordings directly to your own Google Drive account. Here's how it works:

4.1 OAuth Authorization

  • We use Google's OAuth 2.0 system to securely access your Google Drive
  • You explicitly authorize our application to upload files to your Drive
  • We store encrypted access and refresh tokens to maintain the connection
  • You can revoke access at any time through your Google Account settings

4.2 Data Handling

  • Direct Upload: Video recordings are uploaded directly from your browser to Google Drive
  • No Server Storage: We do not store copies of your recordings on our servers
  • Metadata Only: We only store file metadata (name, size, upload time) for display purposes
  • Your Ownership: All uploaded content remains in your Google Drive under your control

4.3 Permissions Requested

  • File Creation: Permission to create new files in your Google Drive
  • File Management: Limited access to files created by our application
  • Account Information: Basic profile information for account verification

5. Video Recording and Transcription

5.1 Recording Consent

  • All video recording requires explicit consent from participants
  • Consent status is stored temporarily during active sessions
  • Participants can withdraw consent and leave recorded sessions at any time
  • Room creators are responsible for managing recording permissions

5.2 Speech-to-Text Processing

  • Browser-based STT: Processed locally on your device when using browser speech recognition
  • AssemblyAI Integration: Audio may be sent to AssemblyAI for transcription when enabled
  • Temporary Processing: Audio data is processed in real-time and not permanently stored
  • Transcript Storage: Generated transcripts are saved as session notes in our database

5.3 Recording Storage

  • Video recordings are uploaded directly to the room creator's designated storage account
  • We do not retain copies of video content on our servers
  • Recording metadata (filename, size, timestamp) is stored for organizational purposes
  • Access to recordings is controlled by the storage account owner

6. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Service Providers: Third-party services that help us operate our platform (hosting, analytics)
  • Legal Requirements: When required by law, court order, or government request
  • Safety and Security: To protect our rights, property, or safety, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: When you have given explicit consent for specific sharing

7. Data Security

We implement appropriate security measures to protect your information:

  • Encryption: Sensitive data is encrypted both in transit and at rest
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Secure Authentication: Password hashing and secure session management
  • Regular Updates: Security patches and system updates are applied promptly
  • Monitoring: Continuous monitoring for security threats and vulnerabilities

8. Data Retention

  • Account Data: Retained while your account is active and for a reasonable period after deletion
  • Character Data: Stored indefinitely unless you delete characters or your account
  • Session Logs: Retained for 90 days for security and debugging purposes
  • OAuth Tokens: Stored until you disconnect the integration or delete your account
  • Video Recordings: Not stored on our servers; retention controlled by your storage provider

9. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request access to your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your character and campaign data
  • Opt-out: Disable certain features like speech-to-text or recording
  • Revoke Consent: Disconnect third-party integrations at any time

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences and settings
  • Analyze usage patterns and improve our service
  • Provide security features and fraud prevention

11. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Through our Discord community (link in footer)
  • Via our GitHub repository issues page
  • By creating an issue in our open source project

15. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

Back to Home