← Back to RPSite

Privacy Policy

Last updated: March 17, 2026

1. Information We Collect

• Account Information: Username, email address (optional), and hashed password.
• Chat Content: Messages you send and receive, character configurations, and RP content you create.
• Usage Data: Token consumption, session information, and basic analytics (page views, feature usage).
• Technical Data: IP address, browser type, and device information (for security and rate limiting).

2. How We Use Your Information

• To provide and maintain the Service.
• To authenticate your identity and protect your account.
• To process AI chat requests (messages are sent to third-party AI providers).
• To enforce our Terms of Service and prevent abuse.
• To send transactional emails (verification, password reset) if you provide an email.

3. Third-Party Services

We use the following third-party services to provide AI functionality:

• OpenRouter: Routes AI requests to various language models. Messages you send are processed by OpenRouter and the underlying model providers.

These services have their own privacy policies. We recommend reviewing them.

4. Data Storage & Security

• Data is stored on secure servers with encryption at rest.
• Passwords are hashed using bcrypt and never stored in plain text.
• Sessions are encrypted and expire after 7 days of inactivity.
• We implement rate limiting and security headers to protect against common attacks.

5. Data Retention

• Account data is retained as long as your account exists.
• Chat history is retained until you delete it or your account is removed.
• Guest chat history is stored in-memory only and is not persisted.
• Error logs are retained for 30 days for debugging purposes.

6. Your Rights

• Access: You can view your data through the Service interface.
• Deletion: You can request account deletion by contacting an administrator. This will permanently remove all your data.
• Export: You can export your character cards and content through the Service.

7. Cookies

We use a single session cookie to maintain your login. It is httpOnly, secure (over HTTPS), and set to SameSite=Lax. We do not use tracking cookies or third-party analytics cookies.

8. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect information from minors.

9. Changes to This Policy

We may update this policy periodically. The "Last updated" date will be revised accordingly.

10. Contact

For privacy concerns or data requests, please contact the site administrator.