Privacy Policy

1. Information We Collect

We collect the following categories of personal information:

• Account information: email address, name, username, password (hashed), and profile picture via Google or Discord OAuth.
• Age verification: date of birth to enforce minimum age requirements and apply minor safety protections.
• Location data: city, province/state, and country to recommend nearby events and gaming venues. You control location sharing in your profile settings.
• Profile content: bio, avatar, banner image, and other profile details you choose to share.
• Usage data: posts, messages, campaign activity, event bookings, follows, and platform interactions.
• Payment data: processed by Stripe — we do not store credit card numbers. We retain transaction records (amount, date, subscription status).
• Parental consent: for users under 18, we collect parental/guardian consent details.

2. Lawful Basis for Processing (GDPR)

We process your data on the following legal bases:

• Contract performance: to provide the Adventure Foundry platform and services you signed up for.
• Consent: for optional features such as location-based recommendations, marketing emails, and cookie preferences. You may withdraw consent at any time.
• Legitimate interests: to maintain platform security, prevent fraud, improve our services, and enforce our Terms of Service.
• Legal obligation: to comply with applicable laws (e.g., age verification, tax records for payments).

3. How We Use Information

Your information is used to:

• Provide, maintain, and improve the platform.
• Authenticate your identity and keep your session secure.
• Enforce safety protections, especially for minor accounts.
• Recommend events, campaigns, and gaming venues near you.
• Process payments and manage subscriptions.
• Send transactional emails (account confirmations, payment receipts, session reminders).
• Communicate platform updates and changes to our terms.

4. Cookies & Tracking Technologies

We use essential cookies only — no advertising, analytics, or cross-site tracking cookies. Essential cookies are required to keep you signed in and protect against security threats.

We also use localStorage and sessionStorage in your browser for caching preferences and feed data. These are never sent to third-party servers.

For full details, including a table of every cookie and storage item we use, please see our Cookie Policy.

5. Third-Party Services

We integrate with the following third-party services, each of which has its own privacy policy:

• Google OAuth: for sign-in authentication. Google receives your email and basic profile info during the login flow.
• Discord OAuth: for sign-in authentication. Discord receives similar identity information during login.
• Stripe: for payment processing. Stripe receives the payment details you provide at checkout.
• Cloudinary: for image and media hosting. Uploaded images are stored on Cloudinary's servers.
• Pusher: for real-time messaging via WebSocket connections. Message content is transmitted through Pusher's infrastructure.
• OpenStreetMap / Leaflet: for map display. Map tiles are loaded from OpenStreetMap servers, which may log your IP address.
• Nominatim (OpenStreetMap): for address geocoding. Queries are sent to the Nominatim API.

We do not use Google Analytics, Facebook Pixel, or any client-side tracking or advertising services.

6. Sharing

We do not sell, rent, or trade your personal data. We may share limited information with service providers listed above solely to operate the platform. We may also disclose information if required by law, court order, or to protect the safety of our users.

7. Data Retention

• Account data: retained until you delete your account.
• Payment records: retained for 7 years for tax and legal compliance.
• Deleted accounts: after you request deletion, your data enters a 30-day grace period and is then permanently purged.
• Email logs: transactional email metadata is retained for up to 12 months.

8. International Data Transfers

Adventure Foundry is operated from Canada. Your data may be processed in other countries through our cloud infrastructure providers (e.g., Vercel, MongoDB Atlas, Cloudinary). Where data is transferred outside Canada or the European Economic Area, we rely on standard contractual clauses or equivalent safeguards to protect your data.

9. Children & Minors

You must be at least 13 years old to use Adventure Foundry. Users under 18 are classified as minors and are subject to additional protections:

• Parental/guardian consent is required at registration.
• Direct messaging is disabled for minor accounts.
• Per-session parental approval may be required for certain activities.
• Minor profiles are set to private by default.

10. Data Security

We implement technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), CSRF protection, security headers, and access controls. However, no system is 100% secure and we cannot guarantee absolute security.

11. Your Rights

Depending on your location, you may have the following rights:

GDPR (European Economic Area)

• Access: request a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data ("right to be forgotten").
• Restriction: request that we limit how we process your data.
• Portability: receive your data in a structured, machine-readable format.
• Object: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

CCPA / CPRA (California)

• Right to know: what personal information we collect, use, and share.
• Right to delete: request deletion of your personal information.
• Right to opt-out: we do not sell or share personal information for cross-context behavioral advertising.
• Non-discrimination: we will not discriminate against you for exercising your rights.

PIPEDA (Canada)

• Access: request access to your personal information held by us.
• Correction: request correction of inaccurate information.
• Withdrawal of consent: withdraw consent for non-essential data processing.

To exercise any of these rights, you can use the self-service options in your Profile Settings (including account deletion), or contact us at the email below.

12. Your Choices

• Update your profile, location, and privacy settings from your account.
• Delete your account via Profile Settings.
• Manage cookie preferences via the cookie consent banner or your browser settings.
• Unsubscribe from emails using the link in any email footer, or visit the Unsubscribe page.
• Adjust location sharing and recommendation preferences in your settings.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a prominent notice on the platform. The "Last updated" date above indicates the most recent revision.

14. Contact

For privacy requests, questions, or complaints, contact us at: support@digitalboard.app.

If you are in the EU and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.