Privacy Policy

This Privacy Policy explains how Man in Jumpsuit (“we,” “us,” “our”) collects, uses, stores, and protects your information when you use Curses! Custom Character Builder (“CCB,” “the Service”), available at ccb.curses.show.

We believe in transparency and simplicity. We collect only what we need to run the Service, we never sell your data, and we give you control over your information.

1. Information We Collect

1.1 Information You Provide

• Account information: When you register, we collect your email address and a display name. If you sign in with Google, we receive your email address and name from Google.
• Character data: Character names, stats, equipment, backstories, class and subclass selections, and other information you enter while building characters.
• Campaign data: Campaign names, descriptions, session schedules, and associated character assignments.
• Uploaded images: Character portraits and avatar images you upload.
• Preferences: Display settings such as custom dice colors.

1.2 Information from Third Parties

• Google OAuth: If you choose to sign in with Google, we receive your name and email address. We do not receive your Google password.
• Patreon: If you choose to link your Patreon account, we receive your Patreon user ID and current membership tier status. We use this solely to determine which features to unlock. We do not receive your Patreon payment details.

1.3 Information Collected Automatically

• Authentication tokens: When you sign in, secure tokens are stored in your browser to keep you logged in. These are functional — not tracking cookies.

We do not use analytics cookies, advertising trackers, or any third-party tracking scripts. We do not serve advertisements.

2. How We Use Your Information

We use your information to:

• Create and manage your account
• Store and display your characters and campaigns
• Render public character sheet pages when you choose to share them
• Determine your Patreon membership tier for feature access
• Display your uploaded images within the Service
• Communicate with you about your account if necessary (e.g., security issues)

We do not use your data for advertising, profiling, automated decision-making, or any purpose unrelated to operating the Service.

3. How We Store and Protect Your Data

Your data is stored using Amazon Web Services (AWS) infrastructure:

• Authentication: Managed by AWS Cognito, which handles secure password hashing, token issuance, and login flows. We never store your password in plain text.
• Character and campaign data: Stored in AWS DynamoDB, a managed database service with encryption at rest.
• Uploaded images: Stored in AWS S3 with encryption at rest. Images are served through AWS CloudFront (a content delivery network) for performance.

All data is stored in the United States (us-east-2 region). Data is transmitted over HTTPS (TLS encryption) between your browser and our servers.

While we take reasonable measures to protect your data, no system is 100% secure. We cannot guarantee absolute security.

4. Who We Share Data With

We do not sell, rent, or trade your personal information to anyone.

We share data only in these limited circumstances:

• Infrastructure providers: AWS processes your data as part of hosting the Service. AWS acts as a data processor on our behalf under their standard terms of service.
• Public sharing: If you share a character sheet via a public URL, the character data on that page is visible to anyone with the link. This is an opt-in action you control.
• Campaign members: If you join a campaign, other members of that campaign can see your character data associated with the campaign.
• Legal requirements: We may disclose data if required by law, regulation, or valid legal process.

5. Cookies and Local Storage

CCB uses authentication tokens stored in your browser’s local storage to maintain your login session. These are strictly necessary for the Service to function and are not used for tracking or analytics.

We do not use third-party cookies, advertising cookies, or social media tracking pixels. There is no cookie consent banner because we do not use optional cookies.

6. Your Rights and Choices

You have the right to:

• Access your data: You can view all character, campaign, and profile data through the Service’s interface at any time.
• Correct your data: You can edit your display name, character information, and other data directly in the app.
• Delete your data: You can delete individual characters or campaigns, or delete your entire account. Account deletion permanently removes all of your data from our systems, including all characters, campaigns, and uploaded images.
• Unlink third-party accounts: You can disconnect your Patreon account at any time through your profile settings.
• Request a copy of your data: Contact us through Discord or our website to request a copy of the personal data we hold about you.

We honor these rights regardless of your location. You do not need to be in a specific jurisdiction to exercise them.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete all associated data (profile, characters, campaigns, images) from our production systems. Some data may persist in encrypted backups for a limited period (typically up to 30 days) before being automatically purged.

If your account is inactive for an extended period, we may contact you before taking any action on your account. We will not delete inactive accounts without notice.

8. Children’s Privacy (COPPA)

CCB is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately and we will delete the account and associated data.

Users between 13 and 18 may use the Service with the consent of a parent or legal guardian.

9. International Users

CCB is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and stored in the US. By using the Service, you consent to this transfer.

While we are not subject to the EU General Data Protection Regulation (GDPR), we follow GDPR-inspired practices as a matter of principle: we minimize data collection, provide access and deletion rights, and are transparent about how data is handled.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, you can reach us through:

• Discord: discord.gg/KBqDAS4Tbv
• Website: maninjumpsuit.com