Privacy Policy
Last updated: May 1, 2025
| Who we are | P&P Ready, operated by Trevor Carlston (Utah, USA) |
|---|---|
| What we collect | Email address, technical data, and content you create in the app |
| How we use it | To provide, operate, and secure the Service: nothing else |
| Who we share with | Supabase (database storage), legal authorities when required. We do not sell your data. |
| Your rights | Access, correction, deletion, portability, objection, and more: see Section 9 |
| Children | Not intended for users under 13 |
| Contact | tcarlston@questluminary.com |
1. Introduction
1.1. This Privacy Policy describes how P&P Ready ("we," "us," or "our") collects, uses, and stores personal information about users ("you") of the P&P Ready application and website (collectively, "the Service").
1.2. P&P Ready is operated by Trevor Carlston, based in Utah, USA. We are the controller of Personal Data collected through the Service.
1.3. By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
2. Definitions
2.1. The following terms have the meanings set out below.
2.2. "Personal Data" means any information relating to an identified or identifiable individual.
2.3. "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
2.4. "Service" means the P&P Ready application and website.
2.5. "Content Data" means characters, campaigns, notes, and other materials you create within the Service.
2.6. "Data Subject" means any individual whose Personal Data we Process.
3. Information We Collect
3.1. Identity Data. Your email address, collected when you create an account and used for authentication and account management.
3.2. Technical Data. Information collected automatically when you use the Service, including your IP address, browser type and version, device type, operating system, and time zone.
3.3. Content Data. Characters, campaigns, notes, and other content you create within the Service. This data is stored and associated with your account.
3.4. Usage Data. Information about how you interact with the Service, including features used, pages visited, and session activity.
3.5. Analytics Data. We use third-party analytics tools that collect information about how you use the Service through cookies and similar tracking technologies. This information includes pages visited, features used, and general session activity. It is used solely to understand usage patterns and improve the Service. You may disable cookies through your browser settings, though doing so may affect the functionality of the Service.
3.6. If you use the Service without creating an account, no data is transmitted to our servers. All content is stored exclusively in your browser's local storage.
4. How We Use Your Information
4.1. We use the information we collect for the following purposes:
- To authenticate you and manage your account;
- To store and sync your Content Data across devices;
- To enable campaign sharing with players you invite;
- To maintain the security and integrity of the Service;
- To understand how the Service is used and to improve it; and
- To comply with applicable legal obligations.
4.2. We do not sell your Personal Data. We do not use your Personal Data for advertising or share it with advertisers.
6. International Data Transfers
6.1. P&P Ready is operated from the United States. If you access the Service from outside the United States, your Personal Data will be transferred to and processed in the United States.
6.2. For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that international transfers are subject to appropriate safeguards. Where required, we rely on Standard Contractual Clauses approved by the European Commission to protect your Personal Data in transit.
6.3. For more information about the safeguards we use, contact us at the address in Section 14.
7. Data Security
7.1. We implement reasonable technical and organizational measures to protect your Personal Data against unauthorized access, loss, alteration, or destruction, including:
- Encryption of data in transit and at rest via Supabase's infrastructure;
- Row-level security policies ensuring each user can only access their own data; and
- Access controls limiting data access to authorized systems and processes.
7.2. No method of electronic transmission or storage is completely secure. In the event of a data breach affecting your Personal Data, we will notify you as required by applicable law.
8. How We Access Your Data
8.1. We restrict internal access to your Personal Data to the minimum necessary. The following guidelines govern when and how we access user data:
- We access account or content data only in response to a reported support issue or to investigate a problem affecting the Service.
- Access is strictly limited to diagnosing and resolving the issue in question.
- We do not modify your data unless you explicitly request it.
- We do not share what we observe in your data with other users or third parties.
- We may disclose data to US authorities if required by law. Where permitted, we will notify you if this occurs.
9. Data Retention
9.1. We retain Personal Data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. The following schedule applies:
| Category | Examples | Retention Period |
|---|---|---|
| Identity Data | Email address, login credentials | While account is active; up to 2 years after deletion |
| Content Data | Characters, campaigns, notes | While account is active; deleted upon account deletion request |
| Technical Data | IP address, device info, usage logs | Up to 12 months |
| Support Records | Correspondence and requests | 3 years after resolution |
| Legal / Compliance Records | Data subject requests, legal holds | Duration of legal requirement |
9.2. When retention is no longer required, we will delete or anonymize your Personal Data. Where immediate deletion is not possible (for example, data in backup systems), we will isolate it from further use until deletion is possible.
10. Your Rights
10.1. Depending on your location, you may have the following rights regarding your Personal Data:
- Right to access: request a copy of the Personal Data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your Personal Data.
- Right to data portability: request your data in a structured, machine-readable format.
- Right to restrict processing: request that we limit how we use your data in certain circumstances.
- Right to object: object to certain types of processing.
- Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.
- Right to lodge a complaint: contact your local data protection authority if you are unsatisfied with how we handle your data.
10.2. EEA, UK, and Swiss residents. We process your Personal Data on the following legal bases under the GDPR and UK GDPR:
- Performance of a contract: to provide the Service you signed up for.
- Legitimate interests: to maintain security, prevent fraud, and improve the Service, where these interests are not overridden by your rights.
- Legal obligation: to comply with applicable laws.
- Consent: where explicitly provided.
10.3. US residents. Residents of Utah, California, and other US states with applicable privacy laws have the rights described in Section 10.1. We do not sell your Personal Data and do not engage in cross-context behavioral advertising.
10.4. To exercise any of these rights, contact us at tcarlston@questluminary.com. We will respond within 30 days. We may request verification of your identity before processing your request.
10.5. If we deny your request, you may appeal by responding to our denial in writing. If you remain unsatisfied, you have the right to contact your applicable data protection authority or, for US residents, your state Attorney General.
11. Children's Information
11.1. The Service is not intended for use by individuals under the age of 13. We do not knowingly collect Personal Data from children under 13.
11.2. If we discover that we have inadvertently collected Personal Data from a child under 13, we will promptly delete it. If you believe we have collected such information, please contact us immediately at the address in Section 14.
12. Your Choices
12.1. Account information. You may update your account details at any time through your account settings.
12.2. Account deletion. To permanently delete your account and all associated Personal Data, contact us at tcarlston@questluminary.com. Requests will be processed within 30 days, subject to any legal retention obligations.
12.3. Local storage. If you use the Service without an account, you may clear all locally stored data at any time by clearing your browser's local storage.
13. Changes to This Policy
13.1. We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent revision.
13.2. If we make material changes to this policy that significantly affect how we Process your Personal Data, we will notify you by email at the address associated with your account before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
14. Contact
Questions, requests, or concerns regarding this Privacy Policy may be directed to tcarlston@questluminary.com.