PRIVACY POLICY

This Privacy Policy describes how The Elder Spores Online LLC ("we," "our," "us," or "the Platform") collects, uses, stores, shares, and protects your personal information when you use our website at theeldersporesonline.com (the "Site" or "Platform").

TABLE OF CONTENTS

1. Information We Collect
2. How We Collect Information
3. How We Use Your Information
4. Legal Bases for Processing (GDPR)
5. Data Sharing and Third-Party Services
6. Cookies and Tracking Technologies
7. Data Security
8. Data Retention and Deletion
9. Your Rights and Choices
10. Children's Privacy
11. International Data Transfers
12. California Privacy Rights (CCPA)
13. Changes to This Privacy Policy
14. Contact Us

---

1. INFORMATION WE COLLECT

We collect several types of information from and about users of our Platform:

1.1 Information You Provide Directly

• Discord user ID (required for authentication)
• Discord username and discriminator
• Discord avatar/profile picture
• Email address (if provided by Discord)

• Subscription tier and status
• Payment method details (processed by Stripe - we do not store full credit card numbers)
• Billing address
• Purchase history and transaction records

• ESO character builds you create or share
• Images you upload
• URLs and links you share
• Comments, forum posts, and messages
• Profile customizations (banners, bios, etc.)

• Messages you send to us
• Support requests and correspondence
• Feedback and survey responses

1.2 Information Collected Automatically

• Pages you visit and features you use
• Time and date of visits
• Time spent on pages
• Referring/exit pages
• Click data and navigation patterns

• IP address
• Browser type and version
• Device type (desktop, mobile, tablet)
• Operating system
• Screen resolution
• Language preferences

• Cookies and similar tracking technologies
• Log data and error reports
• Performance metrics

1.3 Information from Third-Party Services

When you authenticate through Discord, we receive:

• Discord user ID (permanent identifier)
• Username and discriminator
• Avatar URL
• Email address (if you grant permission)
• List of servers/guilds (if applicable)

When you make a purchase, Stripe shares:

• Customer ID
• Subscription ID
• Payment status
• Billing information
• Transaction history

We do NOT receive or store full credit card numbers.

2. HOW WE COLLECT INFORMATION

• Information you provide when creating content, commenting, or contacting us

• Cookies, log files, and tracking technologies as you navigate the Platform

• Discord OAuth for authentication
• Stripe for payment processing
• Google Analytics and AdSense for analytics and advertising

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 Providing and Improving Services

• Account Management: Create and maintain your account
• Authentication: Verify your identity through Discord OAuth
• Service Delivery: Provide subscriptions, features, and content you've purchased
• Personalization: Customize your experience based on preferences
• AI Features: Process requests for AI-powered builds and recommendations
• Platform Improvements: Analyze usage to improve features and user experience
• Technical Support: Respond to support requests and troubleshoot issues

3.2 Communication

• Service Updates: Notify you of changes to the Platform, subscriptions, or policies
• Marketing: Send promotional content (with your consent, where required)
• Transactional Emails: Send receipts, subscription confirmations, and account notifications
• Community Updates: Share news, events, and community announcements

3.3 Safety and Security

• Fraud Prevention: Detect and prevent fraudulent transactions
• Content Moderation: Review reported content and enforce community guidelines
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service
• Security: Protect against security threats and unauthorized access

3.4 Analytics and Advertising

• Usage Analytics: Understand how users interact with the Platform
• Advertising: Display relevant advertisements to free-tier users
• Performance Metrics: Measure effectiveness of features and marketing

4. LEGAL BASES FOR PROCESSING (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

• Processing necessary to provide services you've requested (subscriptions, features)

• Improving our Platform
• Fraud prevention and security
• Analytics and business intelligence
• Marketing to existing customers

• Complying with tax, accounting, and legal requirements
• Responding to legal requests

• Marketing communications (where required by law)
• Optional data collection (you can withdraw consent at any time)

5. DATA SHARING AND THIRD-PARTY SERVICES

We share your information with the following categories of third parties:

5.1 Essential Service Providers

• Purpose: User authentication and identity verification
• Data Shared: Discord user ID, username, avatar
• Privacy Policy: https://discord.com/privacy

• Purpose: Process subscription payments
• Data Shared: Payment information, billing address, email
• Privacy Policy: https://stripe.com/privacy

• Purpose: Store user data, content, and platform information
• Data Shared: All account data, content, and usage information
• Privacy Policy: https://supabase.com/privacy

• Purpose: Host and deliver the Platform
• Data Shared: Technical data required for hosting and content delivery
• Privacy Policy: https://vercel.com/legal/privacy-policy

• Purpose: Power AI-driven build generation and recommendations
• Data Shared: Build data, user prompts, character information
• Privacy Policy: [Grok API privacy policy URL]

5.2 Analytics and Advertising

• Purpose: Analyze website usage and user behavior
• Data Shared: Usage data, device information, anonymized data
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

• Purpose: Display advertisements to free-tier users
• Data Shared: Usage data, cookies, device information
• Privacy Policy: https://policies.google.com/privacy

5.3 Legal Requirements

We may disclose your information to:

• Law Enforcement: When required by law, subpoena, or court order
• Legal Protection: To protect our rights, property, or safety, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

5.4 Public Information

• Viewed by any Platform user or visitor
• Indexed by search engines
• Shared by other users

6. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to collect information and improve your experience.

6.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you, remember preferences, and analyze usage.

6.2 Types of Cookies We Use

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance

• Remember your preferences and settings
• Personalize your experience

• Google Analytics: Track usage patterns and performance
• Help us understand how users interact with the Platform

• Google AdSense: Display relevant advertisements
• Track ad performance

6.3 Third-Party Cookies

Third-party services (Discord, Stripe, Google) may set their own cookies. We do not control these cookies.

6.4 Managing Cookies

• Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies
• Opt-Out Links: Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
• Do Not Track: Some browsers support Do Not Track signals (we respond to these signals)

7. DATA SECURITY

We implement reasonable administrative, technical, and physical security measures to protect your personal information:

• SSL/TLS encryption for data transmission
• Encrypted database storage
• Regular security audits and updates
• Firewall protection

• Access controls and authentication
• Employee training on data protection
• Regular security reviews

• Secure data centers (through Supabase and Vercel)
• Access restrictions to physical infrastructure

• Maintaining the security of your Discord account
• Using strong, unique passwords
• Not sharing your account credentials

8. DATA RETENTION AND DELETION

8.1 How Long We Keep Your Data

• We retain your data as long as your account is active and for the purposes described in this Privacy Policy

• Accounts inactive for 2+ years may be deleted (you will receive notice before deletion)

• Payment and transaction records retained for 7 years (tax and legal requirements)

• User-generated content retained as long as your account is active

8.2 Data Deletion

1. Immediate: Your account is deactivated and content removed from public view
2. Within 48 hours: Your data is removed from active systems
3. Within 90 days: Your data is permanently deleted from all systems, including backups
Exceptions:
• Data required for legal compliance may be retained longer
• Aggregated or anonymized data may be retained indefinitely for analytics
• Backup copies deleted within 90 days

8.3 Right to Deletion

You may request deletion of your data at any time by:

• Deleting your account through account settings
• Emailing reishi@theeldersporesonline.com

We will respond to deletion requests within 30 days.

9. YOUR RIGHTS AND CHOICES

Depending on your location, you may have the following rights:

9.1 Access and Portability

• Right to Access: Request a copy of the personal data we hold about you
• Right to Portability: Receive your data in a structured, machine-readable format

9.2 Correction and Deletion

• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data (subject to legal exceptions)

9.3 Restriction and Objection

• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Object: Object to processing based on legitimate interests or for marketing purposes

9.4 Withdraw Consent

• Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time

9.5 How to Exercise Your Rights

1. Email: reishi@theeldersporesonline.com
2. Account Settings: Some data can be updated directly in your account settings
3. Unsubscribe: Marketing emails include an unsubscribe link
Response Time: We will respond to requests within 30 days (or as required by applicable law). Verification: We may ask you to verify your identity before processing requests.

---

10. CHILDREN'S PRIVACY

Our Platform is not intended for children under 13 years of age.

11. INTERNATIONAL DATA TRANSFERS

The Platform is operated from the United States. If you are accessing the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

• We implement appropriate safeguards to protect your data during international transfers
• For EEA/UK/Switzerland users, we rely on Standard Contractual Clauses or other approved transfer mechanisms

12. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

12.1 Right to Know

You have the right to request:

• Categories and specific pieces of personal information we collect
• Categories of sources from which we collect personal information
• Business or commercial purposes for collecting information
• Categories of third parties with whom we share information

12.2 Right to Delete

You have the right to request deletion of your personal information (subject to legal exceptions).

12.3 Right to Opt-Out of Sale

12.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

12.5 How to Exercise CCPA Rights

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Changes in applicable law
• New features or services

• We will post the updated Privacy Policy on this page
• We will update the "Last Updated" date
• For material changes, we will provide additional notice (email or Platform notification)

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: reishi@theeldersporesonline.com Website: https://theeldersporesonline.com

For GDPR-related inquiries: Email: reishi@theeldersporesonline.com

Reishi Spores Email: reishi@theeldersporesonline.com

15. SUPERVISORY AUTHORITY

If you are in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.