Privacy Policy

Last updated: 17 March 2026

This policy applies to Sanity Check and any other applications published by Rune & Pixel.

What We Collect

Display name (chosen by you, not your real name)
Email address (optional, for password recovery)
Password (stored securely as a one-way bcrypt hash — we cannot see it)
Game data: characters, campaigns, notes, rolls, and related content you create

Why We Collect It

Display name: to identify you to other players in campaigns
Email: solely for password recovery and account verification
Game data: to provide the app's core functionality — character management and campaign play

How We Store It

All data is stored on a secured server hosted by DigitalOcean with AES-256 encryption at rest. Passwords are encrypted using bcrypt hashing. All connections use HTTPS with TLS 1.2 minimum and HSTS headers. We do not sell, share, or provide your data to any third party.

Email Communications

We only send emails for password reset codes and email verification. We do not send marketing emails, newsletters, or promotional content. Emails are sent via Resend (resend.com) from noreply@runeandpixel.me.

Your Rights

Under UK GDPR, you have the right to:

Access your data — use "Download My Data" in the app's Settings
Delete your account and all associated data — use "Delete Account" in Settings
Correct your data — edit your profile in Settings
Withdraw consent — remove your email at any time

Data Retention

Your data is kept for as long as your account exists. When you delete your account, all data is permanently and immediately removed from our servers.

Third-Party Services

DigitalOcean — server hosting (data stored in their EU/US data centres)
Cloudflare — DNS, CDN, and DDoS protection
Resend — transactional email delivery

No analytics, tracking, or advertising services are used.

Children

This app is not directed at children under 13. We do not knowingly collect personal data from children.

Contact

For any privacy-related questions, contact support@runeandpixel.me