Privacy Policy

Terms of Service & Privacy Commitment

Effective Date: 27 Sep 2025 Last Updated: 27 Sep 2025

Plain English, Not Legalese

Let’s be honest—most Terms of Service and Privacy Policies are written for lawyers, not real people. We don’t like that either. At PostRoll, we’re building something creative and collaborative, and that includes how we communicate with you.

So we’ve written this policy in plain English. It’s still legally binding (because we have to do that), but it’s designed to be understandable.

If something in here confuses you or feels off, please reach out. You can always contact us via our contact form or at [hello@postroll.app].

Using PostRoll Means Accepting These Terms

By accessing or using PostRoll in any way—whether you're signing up for an account, joining someone else’s campaign, browsing our app, or submitting your creative work - you agree to these terms.

If you don’t agree with what’s written here, please don’t use the site. That’s the basic contract between us.

This Is a Living Document

We believe policies like this should evolve - just like our platform. We want this to be one of the most human and fair terms documents in the tabletop space.

If you think something is missing, unclear, or unfair, let us know! Email us or reach out through our contact page - we read everything.

We won’t change this document just for one person, but if your feedback makes sense for the whole community, we’ll update it for everyone. You can always check the bottom of this document to see the Document History.

Whenever we do make a significant change, we’ll post the updated version here and update the date above. By continuing to use PostRoll, you’re agreeing to whatever the current version says.

Breach of Terms

If you break these terms, your access to PostRoll may be suspended or terminated - either in part or entirely.

This could happen if you misuse the platform, infringe on someone’s rights, abuse other users, or use the service in a way that violates the spirit of fair use or collaboration.

We reserve the right to block, restrict, suspend, or delete your access to PostRoll at any time, at our sole discretion. That said, we’ll always try to be fair and transparent.

If you think your account was removed or limited by mistake, please reach out - we’ll explain our reasoning, and if appropriate, help restore your access (including your saved content).

Support

We want you to have a smooth and enjoyable experience.

You can find support in the following places:

Community Forums (coming soon!)
Help & Documentation Portal – includes guides, walkthroughs, and FAQs
Email us directly at [hello@postroll.app] for anything account - or submission-related

We’re a small but passionate team, and while we can’t guarantee instant replies, we always aim to respond as quickly and helpfully as possible.

The Types of Personal Data We Collect

We collect personal data in a few different ways:

You provide it directly when signing up, submitting content, or contacting us.
We generate some automatically when you use PostRoll.
Occasionally, we may receive data from trusted third-party tools or services you connect to.

Below is a breakdown of the categories of data we may collect in connection with our services (“Services Data”), depending on how you interact with PostRoll.

Customer Content

You may submit creative content while using PostRoll—such as cards, boards, scenes, character sheets, submissions, and wiki entries. This content may contain personal information if you choose to include it (e.g., your name in a character bio or in submitted artwork).

You are responsible for ensuring that you have the right to submit any personal data included in your content.

Account & Profile Information

To create or update a PostRoll account, you may provide:

Your name or display name
Email address
Password (stored securely and hashed)
Profile image (if uploaded)
Artist portfolio or submission information (e.g. links, bios, rates)

If you sign up using a third-party service (e.g. Google), we may receive data from them, such as your name, email address, and profile image.

Billing Information

If you purchase anything from PostRoll (e.g., premium tiers or marketplace content), our payment processor (e.g. Stripe or Paddle) may collect:

Billing address
Payment method (credit card or banking info)
Purchase history
VAT/tax ID (where applicable)

PostRoll does not store or process full payment card details—these are handled securely by the processor.

Service Metadata

As you interact with PostRoll, we generate metadata to better understand and improve how the platform is used. This may include:

Cards, boards, or wiki entries you create or view
Projects, campaigns, or groups you participate in
Clicks, searches, and button interactions
File types or image uploads used in your content

Log Data

Like most websites, our servers automatically log:

Your IP address
Browser type and settings
Date and time of visits
Referring page
Time spent on pages
Language preference
Interaction with features (e.g. toggling fog of war, opening a token menu)

This helps us debug issues, monitor performance, and improve user experience.

Device & Technical Data

We may collect basic information about your device, such as:

Type of device (e.g. desktop, tablet, phone)
Operating system and version
Browser name and version
Device identifiers (e.g. device ID, session ID)
Screen resolution
Crash logs and performance data

This helps us optimize the site across different devices and troubleshoot issues.

Location Data

We may use your IP address to approximate your general location (e.g. country or city). This is used for things like:

Language preferences
Displaying local taxes or legal disclosures
Fraud prevention and security

We do not use GPS or precise location services unless you explicitly consent to them through your device.

Third-Party Data

If you connect third-party tools (e.g. Discord, Drive, Patreon, etc.—coming soon), we may receive limited information from those services based on the permissions you grant, such as:

Username or ID from the third-party tool
Content or files linked to the integration
Authentication tokens (stored securely)

Marketing & Communication Preferences

If you opt in to receive emails from us, we may collect:

Your marketing consent status
Email engagement data (e.g. opens, link clicks)
Unsubscribe preferences

We only send marketing messages if you’ve given us permission to do so, and you can unsubscribe at any time.

We use cookies and similar technologies to help us:

Keep you logged in
Save preferences
Collect anonymous usage analytics
Monitor site performance

For more, see our Cookie Policy.

Community & Program Data

If you participate in PostRoll programs like:

Artist submissions (e.g. Impossible Realms)
Community events
Forum discussions (coming soon)
Feedback programs or playtests

We may collect and associate your submissions, messages, or preferences with your account for program management and communication.

Support & Contact Data

If you contact us directly—for example via email, support forms, or chat—we may store:

The content of your message
Your contact information
Any follow-up interactions or notes

We use this to respond to your request and improve our support systems.

Experimental Features

If you opt into using PostRoll's experimental features (e.g. Assisted card generation, automated wiki prompts), we may collect data from your interactions to help us improve these tools. This will always be optional and clearly disclosed where applicable.

Business & Partner Data

We may receive or process business contact data (e.g. creators, vendors, and collaborators) from our commercial partners, marketplaces, or affiliate platforms to manage relationships, agreements, or payments.

Final Notes on Data Collection

You’re not required to provide personal data to use most parts of PostRoll, but some features (like creating an account, joining a group, or submitting work) won’t function without it.

We’ll always aim to be transparent, fair, and secure in how we handle your data.

🔐 Access to Your Data

What personal data do we collect, and why?

When you use PostRoll - whether browsing, signing up, or submitting content - we may collect certain personal information so we can provide, protect, and improve the platform. Here's what that includes:

Information you give us directly:

Name (including display name, if used)
Email address
Any content you submit, including artwork, pitches, or profile info

We use your email to respond to support requests, verify your account, and (only if you opt in) send you occasional updates or opportunities. We never sell your data, and we don’t use your email address for anything outside what you’ve agreed to.

Information collected automatically:

When you use PostRoll, we also collect some data automatically:

IP address
Device and browser type
Pages you visit, buttons you click, and how long you stay
Cookie data (see Cookies section below)

This helps us keep things running smoothly, understand how people use the platform, and detect abuse or bugs.

We do not collect or store credit card information directly. See “Who can see my credit card number?” below for more info.

🍪 Cookies and Analytics

To use PostRoll properly, your browser needs to accept cookies. We use first-party and third-party cookies to:

Keep you logged in
Save your preferences
Collect anonymous usage statistics via tools like Amplitude

You can control or block cookies in your browser settings. If you disable cookies, some features may stop working.

You can opt out of some tracking using tools like:

🔍 Who can see my password?

No one. Not even us.
We never store your password in plain text—it’s always securely hashed using industry-standard encryption.

Reminder: Keep your login details safe. If you think someone else has accessed your account, contact us immediately.

If you forget your password, we’ll send you a secure email link so you can reset it.

💳 Who can see my credit card number?

No one at PostRoll.
We use trusted, secure third-party payment processors like Stripe or Paddle to handle transactions. They encrypt and process your payment information externally using strict security protocols.

We never store or access your full card details.

🇺🇸 California Privacy Disclosures (CCPA)

If you’re a California resident, the California Consumer Privacy Act (CCPA) gives you special rights regarding your personal data.

The information we collect corresponds to these categories under the CCPA:

Identifiers (name, username, email, IP address)
Account info (profile data, submission history)
Commercial information (e.g. purchases, subscriptions)
Usage data (pages visited, clicks, preferences)
Inferences (e.g. content or category interests)

You have the right to:

Request access to your personal information
Request deletion of your personal information (with some legal exceptions)

To exercise your rights under CCPA, email us at [your-email@postroll.com] with “CCPA Request” in the subject line. We'll respond within 10 business days and may need to verify your identity.

We won’t discriminate against you for exercising your rights.

🇪🇺 Data Rights for EU and UK Users

Under the GDPR, you also have the right to:

Access the personal data we hold about you
Correct or update your information
Request deletion
Object to or restrict processing
Withdraw consent (for things like newsletters)
Lodge a complaint with your data protection authority

If you'd like to make a GDPR-related request, please email us at [support@postroll.app].

Effective Date: [Insert Date]
Last Updated: [Insert Date]

Welcome to PostRoll, a creative platform for tabletop roleplaying communities, operated by Tide and Bone Ltd, a company registered in England and Wales (Company No: [Insert Company Number]).

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, app, or services.

1. Who We Are

Tide and Bone Ltd
Trading as: PostRoll
Registered Office: [Insert address]
Email: [your-email@postroll.com]
Tide and Bone Ltd is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

2. What Information We Collect

We may collect the following categories of personal data when you interact with our services:

a. Information You Provide Directly:

Name, username, or display name
Email address
Profile picture (if uploaded)
Artist submissions (e.g. Impossible Realms projects)
Content you create using our tools (e.g. cards, boards, wiki entries)
Messages or comments you post
Payment or billing info (if you purchase anything)
Any additional details you provide via forms or email

b. Information Collected Automatically:

IP address and browser/device type
Usage data (pages visited, features used, time spent)
Authentication logs and login attempts
Cookies and similar technologies (see Section 9)

c. From Third Parties:

Authentication services (e.g. Google login)
Payment processors (e.g. Stripe, Paddle)
Analytics tools (e.g. PostHog, Plausible)

3. How We Use Your Information

We use your information to:

Provide and personalise your experience on the app and website
Manage your account and content
Respond to inquiries, submissions, or feedback
Evaluate artist submissions for projects and commissions
Send optional updates or marketing (only with your consent)
Monitor site performance and improve our services
Fulfil legal and financial obligations

4. Legal Bases for Processing (UK & EU Users)

We rely on the following legal bases:

Contract – to provide services you sign up for (e.g. hosting your content)
Consent – for optional email marketing or newsletters
Legitimate interest – to improve our services, prevent fraud, or evaluate submissions
Legal obligation – for record-keeping or tax compliance

We do not sell your data. We may share it with trusted providers who help us run our services, such as:

Hosting and infrastructure services (e.g. Vercel, Supabase)
Analytics platforms (e.g. PostHog, Plausible)
Email and communication tools (e.g. Resend, MailerSend)
Payment processors (e.g. Stripe, Paddle)
Legal or regulatory authorities (only when required)
All providers are bound by contractual obligations to protect your data.

6. International Transfers

Some service providers may be located outside the UK or EEA. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the UK or EU
Provider participation in approved certification schemes

7. Data Retention

We retain your data only as long as necessary for:

Providing you with the service
Legal or regulatory reasons
Evaluating submissions and creative work
You may request deletion of your data at any time (see Section 8).

8. Your Rights

Under applicable data protection laws, you have the right to:

Access your personal data
Correct or update inaccurate data
Request deletion (“right to be forgotten”)
Withdraw consent for marketing
Object to or restrict certain processing
Request data portability (in applicable cases)

To exercise these rights, contact us at [your-email@postroll.com].

9. Cookies and Tracking

We use cookies and similar technologies to:

Keep you logged in
Save your preferences
Measure how our app is used (anonymously)

You can control or delete cookies in your browser settings. We do not use third-party advertising or invasive tracking.

10. Artist Submissions

If you submit a pitch or artwork for a PostRoll feature project (like Impossible Realms), we will:

Keep your submission private and internal unless a commission is agreed
Never use or publish your work without consent
Retain your submission for a limited period to consider future opportunities

For full terms, see our Submission Terms and Conditions.

11. Children’s Privacy

PostRoll is not intended for children under 13. If you are under 13, do not submit personal data. If we become aware that a child has submitted data, we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we’ll update the “Last Updated” date and, where appropriate, notify you.

13. Contact Us

For questions, concerns, or data access requests, please contact:

Email: [your-email@postroll.com]
Postal: Tide and Bone Ltd, [Insert Address]
Data Protection Contact (if applicable): [Insert DPO or contact name if designated]