Privacy Policy
Last updated: March 27, 2026
This Privacy Policy describes how HexCrawl (“I,” “me,” or “my”) collects, uses, and stores information when you play HexCrawl or visit hexcrawl.online (collectively, the “Service”). By using the Service, you agree to the practices described here.
1. Who I Am
HexCrawl is operated by an individual developer based in Massachusetts, USA. Questions or requests regarding this policy can be sent to support@hexcrawl.online.
2. Age Requirement
The Service is intended for users 13 years of age or older. I do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided me with personal information, please contact me at support@hexcrawl.online and I will delete it promptly.
3. Information I Collect
Guest Play
You may play HexCrawl as a guest without creating an account. In this case, I do not collect any personally identifiable information. Your game session exists only for the duration of your visit.
Account Registration (OAuth Login)
If you choose to sign in using Discord or Google, I receive the following information from that provider:
- Username (your Discord username or Google display name)
- Email address
- Profile avatar URL
I also store OAuth access and refresh tokens provided by the OAuth provider in order to maintain your login. I do not receive or store your password.
Session Data
When you are logged in, I store the following per active session:
- IP address — used for security monitoring
- User agent (browser/client identifier) — used for security monitoring
- Session token — a random token used to authenticate your requests
Session tokens are transmitted via HTTP Authorization headers, not cookies. The one exception is a short-lived, HttpOnly cookie called oauth_link_session that is set temporarily during the OAuth login flow and deleted immediately once login completes. It is not used for tracking.
User-Generated Content
During character creation, you may enter free-form text (such as your character’s motivation). This text is sent to an AI language model for content moderation and narrative generation. The model evaluates content against safety guidelines before it is used in the game. I do not use this text for any other purpose and do not sell it.
Analytics (Planned)
I plan to add aggregate, anonymized analytics in the future (e.g., page views, feature usage counts). If and when I do, I will update this policy. Any analytics I add will be used solely to understand how the game is used in aggregate — not to identify individual users.
Payments (Planned)
I plan to introduce optional purchases (one-time content unlocks, cosmetic items) and rewarded advertising in the future. Payment transactions will be processed by third-party providers (such as Stripe or a mobile platform’s payment system). I will not store your full payment card details. Advertising networks may collect their own data subject to their own privacy policies. I will update this policy before any monetization features go live.
4. How I Use Your Information
I use the information I collect to:
- Authenticate you and maintain your login session
- Save and restore your game progress
- Moderate user-generated content for safety
- Investigate security issues and abuse
- Respond to support requests
I do not sell your personal information to third parties.
5. Third-Party Services
Your use of the Service involves the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Discord | OAuth login | discord.com/privacy |
| OAuth login | policies.google.com/privacy | |
| DigitalOcean | Server hosting and database | digitalocean.com/legal/privacy-policy |
| RunPod | AI inference processing | runpod.io/legal/privacy-policy |
Character motivation text submitted during character creation is processed by an AI model hosted on RunPod infrastructure.
6. Data Retention
I retain your account data for as long as your account is active or until you request deletion. I may remove accounts that have been inactive for two or more years, with reasonable advance notice where possible.
To request deletion of your account and associated data, email support@hexcrawl.online with the subject line “Account Deletion Request.” I will process your request within 30 days.
7. Security
I use reasonable technical measures to protect your data, including encrypted connections (HTTPS), HttpOnly session cookies, and server-side token storage. No method of transmission or storage is 100% secure. In the event of a data breach that affects your personal information, I will notify you as required by applicable law.
8. Your Rights
Depending on where you live, you may have rights regarding your personal data, including the right to access, correct, or delete it. To exercise any of these rights, contact me at support@hexcrawl.online.
9. Changes to This Policy
I may update this policy from time to time. When I do, I will update the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.
10. Contact
For any questions about this privacy policy or your data:
Email: support@hexcrawl.online