The boring stuff

Who we are

Snaggletooth Forge is operated by Thomas Mitchell. For privacy questions or requests, contact us at sorcery@snaggletoothforge.com.

What we collect

We collect the following types of information:

Account information: Your email address, which we use for authentication and to send you transactional emails like magic login links.

Content you create: Campaigns, characters, notes, images, and other content you upload or create within the service. This is stored so you can access and use it.

Payment information: If you subscribe to a paid tier, our payment processor Stripe collects your payment details. We do not store your full card number—Stripe handles this securely and shares only limited information with us (such as the last four digits and expiry date) for record-keeping.

Usage data: We use Vercel Analytics to understand how people use the service. This includes page views, referral sources, and general usage patterns. Vercel Analytics is privacy-focused and does not use cookies for tracking.

Log data: Our hosting provider (Vercel) automatically collects server logs, which may include your IP address, browser type, and pages visited. These logs are used for security and debugging purposes.

How we use your data

We use your data to operate and improve the service, specifically to authenticate you and keep your account secure, store and display your content, process payments and manage subscriptions, send transactional emails (like login links), understand how the service is used so we can improve it, and respond to your questions or requests.

We do not sell your personal data. We do not use your content for advertising or share it with third parties except as needed to provide the service.

Legal basis for processing (GDPR)

If you are in the UK or European Economic Area, we process your data under the following legal bases:

Contract: Processing necessary to provide the service you signed up for, including authentication, content storage, and payment processing.

Legitimate interests: Processing for security, fraud prevention, service improvement, and analytics, where these interests do not override your rights.

Legal obligation: Processing required to comply with applicable laws, such as tax and accounting requirements.

Third-party services

We use the following third-party services to operate Snaggletooth:

Google Firebase: Authentication and data storage, including images. Firebase is operated by Google and data may be processed in the United States. Firebase Privacy Policy

Stripe: Payment processing for subscriptions. Stripe is based in the United States. Stripe Privacy Policy

Resend: Transactional email delivery (magic links, account notifications). Resend is based in the United States. Resend Privacy Policy

Vercel: Hosting and analytics. Vercel is based in the United States. Vercel Privacy Policy

International transfers

Your data may be transferred to and processed in the United States by our third-party providers. These providers participate in data protection frameworks or use standard contractual clauses to ensure appropriate safeguards for your data.

Cookies and similar technologies

We use minimal cookies, primarily for authentication. Firebase may set cookies to maintain your logged-in session. Vercel Analytics does not use cookies for tracking. We do not use advertising or third-party tracking cookies.

Data retention

We keep your account information and content for as long as your account is active. If you delete your account, we will delete your personal data and content instantly.

Payment records are retained as required by tax and accounting laws, typically for 6 years.

Server logs are retained by Vercel according to their standard retention periods.

Your rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the data we hold about you.

Correction: Ask us to correct inaccurate data.

Deletion: Ask us to delete your data (subject to legal retention requirements).

Portability: Request your data in a portable format.

Objection: Object to processing based on legitimate interests.

Restriction: Ask us to restrict processing in certain circumstances.

To exercise these rights, email privacy@snaggletoothforge.com. We will respond within 30 days. If you are in the UK or EEA and believe we have not handled your request appropriately, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).

Security

We take reasonable measures to protect your data, including encryption in transit (HTTPS), secure authentication, and limiting access to personal data. However, no online service is completely secure, and we cannot guarantee absolute security.

Children

Snaggletooth is not directed to children under 13, or under 16 where required by local law. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be posted on our site with a new effective date. If changes are significant, we will notify you by email or through the service.

Contact

For privacy questions or to exercise your rights, contact us at sorcery@snaggletoothforge.com.