EARLY ACCESS
// LEGAL_DOCUMENT

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information in several ways when you use ArcQuill ("the Service"). Here is what we gather and why.

Account Information

When you sign in with Google OAuth, we receive the following from your Google account:

  • Your name and display name
  • Your email address
  • Your profile picture
  • Your Google account ID (used solely for authentication)

Game Data

As you play, we store the content you create and interact with:

  • Worlds, including entities such as NPCs, locations, items, and factions
  • Characters and their associated details
  • Game sessions and chat messages (both your inputs and AI-generated responses)
  • Session Zero drafts and world-building configurations

Usage Data

We collect data about how you use the Service:

  • Credit consumption and token usage per interaction
  • Transaction and billing history
  • Session timestamps and activity logs

Technical Data

We automatically collect certain technical information when you access the Service:

  • Device type and operating system
  • Browser type and version
  • IP address (anonymized for analytics purposes)
  • Error logs and performance metrics

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and improve the game experience: Your game data powers your adventures, and usage patterns help us make ArcQuill better.
  • Process billing and credit transactions: We track credit usage and process payments so you can purchase and use credits seamlessly.
  • Send important service updates: We may contact you about significant changes to the Service, your account, or these policies.
  • Analyze usage patterns: We study how players use ArcQuill to prioritize features, fix issues, and improve performance.
  • Prevent abuse and enforce our Terms: We use technical and usage data to detect fraud, prevent misuse, and keep the platform safe for all users.

3. Third-Party Services

ArcQuill relies on several third-party services to function. Each service receives only the data it needs to perform its role.

Google OAuth

We use Google OAuth for authentication. Google provides us with the basic profile information listed in Section 1. We do not receive or store your Google password. Google's privacy policy governs how Google handles your data.

Stripe

Payment processing is handled by Stripe. When you make a purchase, your payment details are sent directly to Stripe. We do not store your credit card number or full payment credentials on our servers. See Stripe's privacy policy for details on how they handle payment data.

OpenRouter

OpenRouter provides access to the AI models that power the Dungeon Master. Your game interactions (prompts, context, and chat messages) are sent to OpenRouter for processing and response generation.

Google Gemini

We use Google Gemini for generating embeddings that power ArcQuill's world memory and semantic search. Game data such as entity descriptions and narrative context is sent to Gemini for this purpose.

Important note about AI providers: OpenRouter and Google Gemini process your game text to generate responses and embeddings. We do not send your personal account information (such as your email address or payment details) to AI providers. Only game-related content is transmitted.

4. Data Storage and Security

We take the security of your data seriously. Our measures include:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
  • Encryption at rest: Database contents are encrypted on disk.
  • Secure infrastructure: Your data is stored on secure, access-controlled servers.
  • Regular backups: We perform regular backups to protect against data loss.
  • Access controls: Internal access to user data is restricted and audited.

While we implement reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

5. Data Sharing

We do not sell your personal information. We will never monetize your data by selling it to third parties.

We share data only in the following circumstances:

  • With our service providers: We share data with the third-party services listed in Section 3, strictly for the purposes described there.
  • When required by law: We may disclose your information if required to do so by law, regulation, legal process, or governmental request.
  • To protect rights and safety: We may share information when we believe it is necessary to prevent fraud, protect our rights, or ensure the safety of our users.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Deletion: You can request deletion of your account and all associated data.
  • Data export: You can request an export of your game data, including worlds, characters, and game history.
  • Correction: You can request that we correct any inaccurate information we hold about you.

To exercise any of these rights, please contact us at:

kerem@arcquill.com

We will respond to your request within a reasonable timeframe.

7. Cookies and Local Storage

ArcQuill uses cookies and local storage strictly for functional purposes:

  • Session cookies: Used for authentication and maintaining your logged-in session.
  • HTTP-only cookies: Used to securely store JWT tokens. These cookies cannot be accessed by client-side JavaScript, providing additional security.
  • CSRF tokens: Used to protect against cross-site request forgery attacks.
  • Local storage: Used to store user preferences and cached data for a better experience.

We do not use third-party tracking cookies, advertising cookies, or any form of cross-site tracking.

8. Children's Privacy

ArcQuill is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete that information as quickly as possible. If you believe a child under 13 has provided us with personal information, please contact us at kerem@arcquill.com so we can take appropriate action.

9. Data Retention

We retain your data according to the following guidelines:

  • Account data: Retained for as long as your account is active. Deleted when you request account deletion.
  • Game data: Retained until you delete it or until your account is deleted.
  • Transaction records: Retained for 7 years to comply with legal and financial reporting requirements.
  • Server logs: Retained for 90 days, then automatically purged.

For a full breakdown of our retention practices, please see our Data Retention Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page.

For significant changes, we will notify you via email or through an in-app notification. Your continued use of ArcQuill after updated policies are posted constitutes your acceptance of those changes. If you do not agree with the revised policy, you should stop using the Service.

11. Contact

If you have questions about this Privacy Policy, want to exercise your data rights, or have any privacy-related concerns, please contact us at:

kerem@arcquill.com