Legal

Privacy Policy

This Policy explains how Dungeon Buddy collects, uses, and protects your personal data.

Last updated
2 January 2026

Quick summary

GDPR-friendly • Plain English
What we collect

Account details, gameplay-related info, payment metadata, and technical logs (for security).

Why we collect it

To run the Platform, prevent fraud, handle disputes, and comply with legal obligations.

Your rights

Access, correction, deletion, objection, portability, and complaint rights under GDPR.

Privacy

Dungeon Buddy is the data controller for personal data processed through the Platform unless stated otherwise.

1. Who we are

Controller: Dungeon Buddy (the “Platform”).

Contact: [email protected]

(You can add your registered business name/address here when ready.)

2. What data we collect

  • Account data: email, username/display name, password (hashed), account settings.
  • Gameplay data: sessions you create/join, booking history, dispute information, ratings/votes (where applicable).
  • Wallet & transactions: pebble balance and ledger entries (amounts, timestamps, references).
  • Payment data: Stripe checkout/session IDs and payment status. We do not store full card numbers.
  • Technical data: IP address, device/browser info, logs for security and abuse prevention.

3. How we use your data

  • Provide and operate the Platform (accounts, bookings, sessions, wallet).
  • Process payments and prevent fraud/abuse.
  • Handle disputes and enforce Terms and GM Code of Conduct.
  • Communicate service messages (e.g., dispute clarifications, account notices).

4. Legal bases (GDPR)

  • Contract: to provide the Platform and services you request.
  • Legitimate interests: keeping the Platform safe, preventing abuse, improving reliability.
  • Legal obligation: compliance with tax/accounting requirements where applicable.
  • Consent: only where required (e.g., optional marketing emails).

5. Who we share data with

  • Payment processors: Stripe (to take payments and pay out GMs).
  • Service providers: hosting, email, analytics (only what’s necessary).
  • Legal: where required to comply with law or valid requests.

We do not sell your personal data.

6. International transfers

Some providers (e.g. payment processors) may process data outside the UK/EEA. Where this occurs, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses.

7. Data retention

  • We keep account data while your account is active.
  • We keep transaction/ledger records as required for accounting and dispute handling.
  • We may keep minimal logs for security and fraud prevention.

(If you want, we can add specific durations, e.g. “6 years for financial records”.)

8. Security

We use reasonable technical and organisational measures to protect personal data, including access controls, encryption where appropriate, and audit logging. No system is 100% secure, but we take safety seriously.

9. Your rights (UK GDPR)

  • Right to access, rectify, or delete your data.
  • Right to restrict or object to processing in certain cases.
  • Right to data portability (where applicable).
  • Right to withdraw consent (where processing is based on consent).

To exercise your rights, contact: [email protected]

10. Complaints

If you are unhappy with how we handle your data, please contact us first so we can help. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

11. Cookies

We may use cookies and similar technologies for login sessions, security, and site functionality. If we add optional analytics/marketing cookies, we will provide controls and obtain consent where required.

Contact

Questions about privacy? Email [email protected].