🎲 SetWar
Back to SetWar

Privacy Policy

Last Updated: January 2, 2025

YOUR PRIVACY IS IMPORTANT TO US. THIS PRIVACY POLICY EXPLAINS HOW WE COLLECT, USE, STORE, AND PROTECT YOUR PERSONAL INFORMATION WHEN YOU USE SETWAR.

This Privacy Policy describes how Pixel Reef, LLC, a Florida limited liability company ("Pixel Reef," "Company," "we," "us," or "our") collects, uses, stores, shares, and protects information about you when you use SetWar, including our website at setwar.com, applications, and AI content generation services (collectively, the "Service"). This Policy is incorporated into and subject to our Terms of Service.

By using the Service, you consent to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Email address, display name (optional), profile preferences, and authentication credentials
  • Payment Information: Billing information processed securely through Stripe (we do not store complete payment card details)
  • User Content: Prompts, inputs, preferences, and settings you provide to generate AI content
  • Generated Content: AI-generated RPG content created through your use of the Service
  • Communications: Messages, feedback, and information you provide when contacting our support team
  • Survey and Feedback Data: Responses to optional surveys, product feedback, and feature requests

1.2 Information Collected Automatically

  • Usage Data: Features accessed, content generated, time spent on the Service, and interaction patterns
  • Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
  • Log Data: Access times, pages viewed, clicks, system activity, and error logs
  • Performance Data: Service performance metrics, response times, and technical diagnostics
  • Session Data: Authentication tokens and session management information

1.3 Information from Third Parties

  • OAuth Providers: Basic profile information (name, email, profile picture) if you sign in with Google or other approved providers
  • Payment Processors: Transaction confirmations, subscription status, and billing information from Stripe
  • Analytics Services: Aggregated usage statistics from privacy-focused analytics tools
  • Security Services: Fraud prevention and security monitoring data from third-party security providers

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies to provide functionality and improve your experience. For detailed information about our use of cookies, please see our Cookie Policy. We primarily use essential cookies for authentication and security purposes.

2. How We Use Your Information

2.1 Service Provision and Management

  • Create, maintain, and secure your account
  • Process your AI content generation requests
  • Store, organize, and retrieve your generated content
  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Deliver Service updates and important notifications

2.2 Service Improvement and Development

  • Analyze usage patterns to improve features and user experience
  • Debug technical issues and optimize Service performance
  • Develop new features, functionality, and AI capabilities
  • Conduct research and analytics to enhance our AI models
  • Test and evaluate new technologies and improvements
  • Monitor Service quality and reliability

2.3 Communications

  • Send transactional emails (authentication, receipts, account updates, security alerts)
  • Respond to support requests and customer inquiries
  • Notify you of important Service changes, updates, or maintenance
  • Send optional product updates and feature announcements (with your consent)
  • Conduct optional surveys and collect feedback

2.4 Legal, Security, and Compliance

  • Enforce our Terms of Service and other policies
  • Prevent fraud, abuse, spam, and unauthorized access
  • Protect the security and integrity of the Service
  • Comply with legal obligations and respond to legal requests
  • Protect our rights, property, and the safety of our users
  • Conduct internal audits and maintain business records

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal bases:

  • Contract Performance: To provide the Service you requested and fulfill our contractual obligations
  • Legitimate Interests: To improve our Service, ensure security, prevent fraud, and conduct business operations
  • Legal Obligations: To comply with applicable laws, regulations, and legal processes
  • Consent: Where you have explicitly provided consent for specific processing activities
  • Vital Interests: To protect the vital interests of you or another person in emergency situations

You have the right to withdraw consent at any time where we rely on consent as the legal basis for processing. This will not affect the lawfulness of processing based on consent before withdrawal.

4. Data Sharing and Disclosure

4.1 Service Providers and Partners

We share data with trusted third-party service providers who assist in operating our Service under strict confidentiality agreements:

  • Authentication Services: NextAuth.js and OAuth providers for secure login and identity verification
  • Email Services: Resend and similar providers for transactional email delivery
  • Payment Processing: Stripe for secure billing, subscription management, and fraud prevention
  • AI Processing: OpenAI, Anthropic, and other AI providers via Straico for content generation
  • Infrastructure and Hosting: Vercel for application hosting and content delivery
  • Database Services: Neon and other database providers for secure data storage
  • Analytics: Privacy-focused analytics services like Plausible (cookieless and GDPR-compliant)
  • Security Services: Fraud prevention, DDoS protection, and security monitoring providers

4.2 Legal Requirements and Protection

We may disclose information if required by law, court order, subpoena, or government request, or if necessary to:

  • Comply with legal obligations and regulatory requirements
  • Protect our rights, property, safety, or that of our users or the public
  • Prevent or investigate fraud, abuse, or illegal activity
  • Enforce our Terms of Service and other agreements
  • Respond to emergency situations involving danger to persons

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred to the successor entity as part of the transaction. We will provide notice of such changes and any choices you may have regarding your information.

4.4 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for business purposes, research, or public reporting. This data does not contain personal identifiers.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction, such as when you choose to integrate with third-party services or share content publicly.

5. Data Retention and Storage

5.1 Retention Periods

  • Account Data: Retained while your account is active and for 30 days after account deletion
  • Generated Content: Stored for 24 months or until deleted by you, whichever comes first
  • Usage and Analytics Data: Retained for 90 days for security, debugging, and service improvement
  • Payment Records: Retained as required for tax, accounting, and legal purposes (typically 7 years)
  • Communication Records: Support communications retained for 3 years for quality assurance
  • Legal and Security Data: Retained as required by law or for legitimate security purposes

5.2 Data Deletion

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where longer retention is required by law, for security purposes, or to resolve disputes. You can request expedited deletion by contacting privacy@pixelreef.org.

5.3 Data Storage Location

Your data is primarily stored in secure data centers in the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable privacy laws.

6. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework certification where applicable
  • Adequacy decisions by relevant data protection authorities
  • Binding Corporate Rules and other approved transfer mechanisms
  • Appropriate technical and organizational security measures

If you are located in the EEA, UK, or Switzerland, you can request information about the specific safeguards we use for your data transfers by contacting privacy@pixelreef.org.

7. Your Rights and Choices

7.1 Access and Portability Rights

You have the right to access your personal data and request a copy in a portable format. You can access most of your data through your account settings or by contacting privacy@pixelreef.org.

7.2 Correction and Update Rights

You can update your account information, preferences, and settings at any time through the Service. For other corrections, contact privacy@pixelreef.org.

7.3 Deletion Rights (Right to be Forgotten)

You can request deletion of your account and personal data by using account deletion features in the Service or contacting privacy@pixelreef.org. We will process deletion requests within 30 days.

7.4 Restriction and Objection Rights

You may request that we restrict processing of your data or object to certain uses of your data, particularly for direct marketing or processing based on legitimate interests.

7.5 Communication Preferences

We primarily send transactional emails necessary for Service operation. You can manage your communication preferences through your account settings or by contacting support@pixelreef.org.

7.6 Cookie Controls

We use only essential cookies for Service functionality. You can control cookies through your browser settings, though disabling essential cookies may limit Service functionality. See our Cookie Policy for details.

7.7 Automated Decision-Making

Our AI content generation involves automated processing, but this is the core functionality you request. We do not use automated decision-making for profiling or decisions that significantly affect you outside of the Service's intended functionality.

8. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

8.1 Right to Know

You have the right to know what personal information we collect, use, disclose, and sell about you.

8.2 Right to Delete

You have the right to request deletion of personal information, subject to certain exceptions.

8.3 Right to Opt-Out

You have the right to opt-out of the sale or sharing of personal information. We do not sell personal information.

8.4 Right to Correct

You have the right to request correction of inaccurate personal information.

8.5 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use of sensitive personal information to certain purposes.

8.6 Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact privacy@pixelreef.org. We may need to verify your identity before processing requests.

9. Data Security

We implement comprehensive technical, organizational, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data encrypted in transit using TLS/SSL and at rest using industry-standard encryption
  • Access Controls: Role-based access controls and multi-factor authentication for internal systems
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Regular Security Assessments: Vulnerability testing, security audits, and penetration testing
  • Employee Training: Regular security and privacy training for all personnel
  • Incident Response: Security incident response procedures and breach notification protocols
  • Data Minimization: Collection and retention of only necessary data
  • Secure Development: Security-by-design principles in software development

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data using commercially reasonable security measures, we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to children under 13 years of age (or 16 in the EEA, UK, and Switzerland). We do not knowingly collect personal information from children under these ages. If we discover that we have collected personal information from a child under the applicable age, we will delete such information promptly.

If you are a parent or guardian and believe your child has provided personal information to us, please contact privacy@pixelreef.org immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Updating the "Last Updated" date at the top of this Policy
  • Sending an email notification to your registered email address
  • Posting a notice on the Service or our website
  • For significant changes, providing at least 30 days' advance notice

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you should discontinue use of the Service.

12. Contact Information and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer
Pixel Reef, LLC
Website: pixelreef.org
Email: privacy@pixelreef.org
Data Protection Inquiries: dpo@pixelreef.org

For users in the European Union, you also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

Last Updated: January 2, 2025