Skip to content

Privacy Policy

Effective Date: January 23, 2026  |  Last Updated: March 11, 2026

Heroweaver ("we", "us", "our") is a tabletop RPG character creator developed by Lil Devil Dev, based in Ireland. This policy explains what data we collect, why, and how we protect it.

1. Data We Collect

1.1 Website (heroweaver.com)

When you sign up for the beta or newsletter via our Brevo (formerly Sendinblue) form, we collect:

  • Name (first and last)
  • Email address
  • Country
  • Platform preference (Android, Windows, Linux)
  • RPG systems played (optional)

We also use Google reCAPTCHA to prevent spam. reCAPTCHA may collect technical data (IP address, browser info) — see Google's Privacy Policy.

1.2 Heroweaver App

When you use the Heroweaver app, we may collect:

DataWhenPurpose
Google account email & display nameGoogle Sign-In (optional)Authentication, cloud sync
Anonymous user IDFirst app launchFirebase Anonymous Auth for local features
Character dataCloud sync enabledCross-device character storage
Subscription statusUpgrade to paid tierFeature access, billing
Payment detailsSubscription purchaseProcessed by Stripe / Google Play (we never see full card numbers)
App logsBug reports (opt-in)Debugging via in-app feedback

What we do NOT collect: We do not collect analytics, telemetry, location data, device identifiers, or usage tracking. There are no ads in HeroWeaver.

1.3 Beta Feedback Form

Our beta feedback form collects your name, email, and feedback responses. Submissions are sent directly to our email and are not stored in a database.

2. How We Use Your Data

  • Beta communication: Sending download links, updates, and feedback requests
  • Cloud sync: Storing your characters so they're available across devices
  • Billing: Managing your subscription tier and payment status
  • Bug fixes: Investigating issues you report via the in-app feedback tool

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Legal Basis (GDPR)

We process your data under the following legal bases:

  • Consent — Newsletter signup and beta registration (you can withdraw at any time)
  • Contract — Providing the service you signed up for (cloud sync, character storage)
  • Legitimate interest — Security, fraud prevention, and improving the app

4. Data Storage & Security

  • Email lists are stored on Brevo servers in the EU
  • Character data & authentication are stored on Google Firebase (Firestore, EU region where available)
  • Website files are hosted on Scaleway Object Storage in Paris, France
  • Payments are processed by Stripe and/or Google Play Billing — we do not store payment card details

All data is transmitted over HTTPS. Firestore access is restricted by security rules so users can only read and write their own data. Subscription caches are cryptographically signed to prevent tampering.

5. Cookies & Local Storage

The Heroweaver website does not set first-party cookies. Google reCAPTCHA may set cookies as part of its bot-detection process.

The Heroweaver app stores data locally on your device:

  • Character files — saved characters in app storage
  • Subscription cache — HMAC-signed cache of your subscription status
  • App preferences — theme selection, last-used system

This local data stays on your device and is not transmitted unless you enable cloud sync.

6. Data Retention

  • Email list data: Retained until you unsubscribe or request deletion
  • Firebase account & character data: Retained while your account is active. Inactive anonymous accounts may be purged after 12 months
  • Payment records: Retained as required by tax and financial regulations (typically 7 years)
  • Bug reports: Retained for up to 12 months, then deleted

7. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Correct any inaccurate or incomplete data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Restriction — Restrict processing in certain circumstances
  • Portability — Receive your data in a machine-readable format
  • Object — Object to processing based on legitimate interest
  • Withdraw consent — At any time, without affecting prior processing

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Ireland, this is the Data Protection Commission.

8. Children's Privacy

Heroweaver is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Third-Party Services

We use the following third-party services that may process your data:

  • Brevo — Email marketing (EU-based)
  • Google Firebase — Authentication and cloud database
  • Google reCAPTCHA — Bot protection on signup forms
  • Stripe — Payment processing
  • Google Play Billing — In-app purchases on Android
  • Scaleway — Website hosting (EU-based)

Each service has its own privacy policy linked in Section 4 above.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email or in-app notification. The "Last Updated" date at the top reflects the most recent revision.

11. Contact

For any privacy-related questions or requests:

Data Controller: Lil Devil Dev
Email: [email protected]
Location: Ireland