This Privacy Policy describes what information PF1e Campaigner collects, how it is used, and the third-party services involved in operating the app.
Last updated: 13 June 2026
Account information. When you sign up, Clerk (our authentication provider) collects your email address and any other identifiers you provide (display name, profile image). A minimal profile row mirroring your Clerk user id is written to our database so that characters and campaigns can be associated with you.
Application content. Characters, campaigns, party rosters, treasure ledgers, encounters, notes, homebrew content, uploaded portraits, and DM-staged images that you create are stored in our Supabase Postgres database and Supabase Storage buckets so that they persist across sessions and devices.
Billing information. If you subscribe to Pro, your payment card details are collected and stored by Stripe via Clerk Billing. We never see or store your full card details. We do record a small amount of subscription state (plan slug, trial-consumed flag, subscription id) in our database so we can correctly gate Pro features.
Support content. If you file a bug report, leave feedback, or use the contact form, the content of those messages (and, for the contact form, the email address you provide) is stored or transmitted so we can respond and improve the app. Bug reports and feedback are stored in our database. Contact-form messages are delivered to our support inbox via our email provider (Resend). AI-assisted triage may analyse bug reports automatically; the analysis is admin-only and never shared with other users.
AI features. Two optional Pro features send the text you provide to our AI provider (Anthropic) for processing: the AI character generator (your one-line build brief) and the homebrew assistant (your homebrew description). The AI bug-triage system also processes the contents of bug reports you file. Anthropic processes this input to return a result and, under its commercial API terms, does not use it to train its models. We do not send your characters, campaigns, notes, treasure, or other content to any AI provider unless you choose to use one of these features.
Technical data. Our hosting provider (Vercel) logs basic request information (IP address, user-agent, timestamps) for operational and security purposes.
We use the information above to operate the Service: to authenticate you, to render your characters and campaigns, to broadcast realtime updates to seated campaign members, to charge for Pro subscriptions and gate Pro features, to respond to support requests, and to detect and fix bugs.
We do not use your application content (characters, campaigns, notes, etc.) for advertising, profiling, or sale to third parties. We do not train AI models on your data.
PF1e Campaigner relies on the following providers. Each has their own privacy practices; we summarise what they do for us and link to their policies.
We use cookies and browser local storage strictly to operate the Service:
pf1e_mode cookie remembers whether you chose the Player or DM interface.We do not use third-party advertising or analytics cookies.
Within the app, content is visible to the other people who need to see it. If you join a campaign, the GM can see your seated character’s stats and your display name. Other seated players can see the same party-view summary the GM uses. If you publish a DM image, every seated player can see it. We do not share your application content outside the app without your action.
Scheduling.When you mark your availability or RSVP to a session, other members of that campaign can see it. If you subscribe to a campaign’s calendar feed, the feed URL contains a private token and is served without a sign-in — anyone who has that URL can see the campaign’s session schedule (dates, titles, descriptions, locations). Treat the feed URL like a password and rotate it from the schedule page if it leaks.
Delegation. If the owner of a character delegates control to another player at the same table, that player can view and edit the character until the owner reclaims it.
We retain your account and content for as long as your account exists. If you delete a character or campaign, the underlying rows are removed from our database. If your Pro subscription lapses, your data is preserved so you can reactivate later (see Terms § 5). You can request full account deletion via the support channels below; we will delete your account and associated content within a reasonable time.
Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. You can exercise these rights by contacting us through the in-app feedback channel. We’ll respond within the timeframe required by your local law.
The Service is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child under 13 has created an account, contact us and we’ll remove the account and its data.
We use industry-standard providers for authentication, payment processing, hosting, and storage. Database access is gated by row-level security policies tied to your account. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you in line with applicable law.
We may update this Privacy Policy from time to time. Material changes will be surfaced in-app and the “Last updated” date at the top of this page will be revised.
For privacy questions or data-rights requests, email pf1ecampaigner@gmail.com. If you are signed in, you can also use the in-app feedback form or the bug-report channel.