Back to Blood Ledger

Privacy Policy

Last updated: March 22, 2026

1. Data We Collect

We collect only data necessary for the application to function:

  • Registration data: name, email address, password (stored exclusively in hashed form)
  • Game data: character data (names, attributes, skills, notes)
  • Profile images: user-uploaded images stored on Vercel Blob Storage
  • Session data: technical cookies required for authentication (JWT token)

2. Data We Do Not Collect

  • We do not use any analytics tools (Google Analytics, etc.)
  • We do not use tracking cookies or third-party cookies
  • We do not share data with any third parties
  • We do not display advertisements
  • We do not collect location, IP address, or device data

3. Purpose of Processing

We process your data exclusively for:

  • Authentication and user account management
  • Storing and displaying your game characters
  • Campaign system functionality (sharing characters with Storyteller)

The legal basis for processing is user consent given during registration (Art. 6(1)(a) GDPR).

4. Data Storage and Security

  • Database: PostgreSQL (Prisma / Vercel) — encrypted connection (SSL)
  • Passwords: hashed using bcrypt, never stored in plain text
  • Images: Vercel Blob Storage with private access
  • Sessions: JWT tokens with limited validity

5. Cookies

We use only strictly necessary technical cookies for authentication (session token). These cookies:

  • Do not track your activity
  • Do not collect personal data beyond authentication
  • Are deleted upon logout / session expiry

We do not use any marketing, analytics, or third-party cookies. Therefore, we do not require a cookie banner under Art. 5(3) of the ePrivacy Directive.

6. Your Rights (GDPR)

Under Regulation (EU) 2016/679 (GDPR), you have the following rights:

  • Right of access — you can request a copy of your data
  • Right to rectification — you can correct inaccurate data
  • Right to erasure — you can request deletion of your account and all data
  • Right to data portability — you can request export of your data
  • Right to withdraw consent — at any time, by deleting your account
  • Right to lodge a complaint — with a supervisory authority

To exercise these rights, contact us at the email below.

7. Data Retention

We retain your data for the duration of your account. Upon account deletion, all data is permanently removed from the database and image storage.

8. International Data Transfers

Data may be processed on Vercel servers (USA). Vercel complies with EU Standard Contractual Clauses for data transfers outside the EEA.

9. Contact

For questions regarding data protection, contact us:

Email: bloodledger.app@gmail.com

10. Changes to Policy

This policy may be updated. We will inform about significant changes on the application's main page.

Terms of Service