Privacy Policy

Last updated: May 2026

1. Who We Are

Dice & Dungeon Quests is operated by Florian Daiß, Ehrenbergstr. 6, 10245 Berlin, Germany (“we”, “us”, “our”). We operate the website dicedungeonquests.com and provide tools for tabletop game masters. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

  • Account data: Email address (stored securely via Supabase)
  • Usage data: Number of generations per month (for plan limit enforcement)
  • Payment data: Processed by Stripe — we never store your card details
  • Tool inputs: Parameters you enter (e.g. party size, setting, guidance) sent to the AI for generation
  • Analytics data: Anonymised usage statistics via Google Analytics (only with your consent)

3. Legal Basis for Processing (Art. 6 GDPR)

  • Contract fulfilment (Art. 6(1)(b)): Account data and usage data are processed to provide the service you signed up for.
  • Legal obligation (Art. 6(1)(c)): Payment and billing records are retained as required by law.
  • Legitimate interest (Art. 6(1)(f)): Server logs and error tracking to maintain service security and reliability.
  • Consent (Art. 6(1)(a)): Google Analytics is only activated after you give explicit consent via our cookie banner. You may withdraw consent at any time by clearing your browser's local storage.

4. Third-Party Services & International Transfers

We use the following third-party services. Some are based outside the EU — transfers are covered by Standard Contractual Clauses (SCCs) or adequacy decisions where applicable.

  • Supabase — Authentication and database (EU servers, Ireland)
  • Stripe — Payment processing (US — SCCs apply)
  • Anthropic — AI content generation; your tool inputs are sent to Anthropic's API (US — SCCs apply)
  • Resend — Transactional email delivery (US — SCCs apply)
  • Netlify — Hosting and infrastructure (US — SCCs apply)
  • Google Analytics — Usage analytics (US — only activated with your consent; SCCs apply)

5. Data Retention

We retain your account data for as long as your account is active. Payment records are retained for 10 years as required by German tax law. You may request deletion of your account and all associated data at any time by contacting us.

6. Your Rights (Art. 15–22 GDPR)

As a user in the EU, you have the following rights regarding your personal data:

  • Access (Art. 15): You may request a copy of all personal data we hold about you.
  • Rectification (Art. 16): You may request correction of inaccurate data.
  • Erasure (Art. 17): You may request deletion of your data (“right to be forgotten”).
  • Restriction (Art. 18): You may request that we limit how we process your data.
  • Data portability (Art. 20): You may request your data in a machine-readable format.
  • Objection (Art. 21): You may object to processing based on legitimate interest.
  • Withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time.
  • Lodge a complaint (Art. 77): You have the right to lodge a complaint with the competent data protection supervisory authority in your country of residence.

To exercise any of these rights, contact us at the email address below.

Please note: some rights may limit or prevent us from providing the Service. For example, if you request deletion of your account data or object to essential data processing, we may no longer be able to maintain your account or provide access to paid features. We will always inform you before such consequences take effect.

7. Cookies

We use session cookies for authentication purposes. Google Analytics cookies are only set after you give explicit consent via our cookie banner. You may decline or withdraw consent at any time — this will not affect your ability to use the service.

8. Contact & Data Controller

Florian Daiß
Ehrenbergstr. 6, 10245 Berlin, Germany
Diceanddungeonquests@gmail.com