Privacy Policy

• Email address — only if you bind an email to your account. Used for authentication and important account notices.
• Game data — character details, save state, narrative history, choices, and any content you generate while playing.
• Anonymous account ID — if you play without an email, a randomly generated identifier persists your save in your browser.
• Billing data — handled by Stripe. We receive only metadata (subscription status, customer ID). We never see or store your card number.
• Basic logs — request timestamps, error traces, and rough usage counts used to operate and debug the Service.

• To provide the game (load saves, generate narrative, process turns).
• To authenticate you and protect your account.
• To process payments and apply subscription tiers.
• To send transactional email (magic links, billing notices, important account changes).
• To debug, improve performance, and prevent abuse.

We do not sell your data. We do not use your gameplay content to train AI models.

Operating the game requires sending data to a small number of trusted service providers acting as data processors on our behalf:

• Authentication and database provider — stores your email, save data, and portrait images.
• Payment processor (Stripe) — handles all card data; we receive only subscription metadata. Stripe’s privacy policy is at stripe.com/privacy.
• AI narrative and image providers — receive the relevant slice of your save (character, recent history, current action) at the moment a turn is processed. Required for the game to function.
• Email delivery provider — receives your email address to send magic-link logins and important account notices.
• Hosting provider — runs the application servers. Standard request logs apply.

Each provider operates under its own privacy policy and contractual obligations. We disclose categories rather than vendor names because our stack may change over time without affecting the categories of data shared. If you would like the current list of named providers for a data-rights request, contact us.

To generate narrative for your turn, the relevant slice of your save (character details, recent history, current action) is processed by third-party service providers as described in section 3. This processing is required for the game to function. Inputs are processed in real time and not used by us to train models. Provider retention policies apply to data they receive.

We use only the cookies and local storage entries necessary to operate the Service:

• Authentication tokens (so you stay logged in).
• Anonymous session identifiers (for guest play).
• UI preferences saved locally in your browser.

We do not use third-party advertising or tracking cookies.

We retain your account and save data for as long as your account exists. If you request deletion (or if your account is closed for cause), we delete your saves and personal data within 30 days, except where retention is required for legal, tax, or fraud-prevention purposes (Stripe retains transaction records independently).

Depending on where you live, you may have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Request deletion of your data.
• Export your save data.
• Object to certain processing or withdraw consent.

To exercise any of these rights, email us at the address below. We will respond within a reasonable time.

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have done so, contact us and we will delete it.

We use industry-standard measures to protect your data — TLS in transit, encrypted storage at rest via our infrastructure providers, and least-privilege access controls. No system is perfectly secure; we cannot guarantee that data will never be compromised. If a breach occurs that affects you, we will notify you as required by law.

Your data may be processed in the United States and other countries where our providers operate. By using the Service, you consent to this transfer.

We may update this Policy. Material changes will be announced at least 14 days before taking effect. The “Last updated” date at the top of this page reflects the most recent revision.

Privacy questions or requests: mosaicplatformsllc@gmail.com