legal

Privacy Policy

What we collect, why we collect it, and the controls you have.

Last updated: 2026-05-24 · version 1

TavernAI.Cards ("we", "us", "the Service operator") is a character card workbench. This Privacy Policy explains what personal data we process when you visit tavernai.cards or use the workbench, what legal bases we rely on, and how you can exercise your rights. It applies worldwide; regional protections (EU/EEA/UK GDPR, UK Data Protection Act, California CCPA/CPRA, Quebec Law 25, etc.) apply on top of this baseline where they grant you stronger rights.

1. Data We Collect

1.1 Account data (via Clerk)

Authentication is handled by Clerk. When you sign up, Clerk stores your email address, optional display name / username, and (if you sign in via Google or another OAuth provider) the OAuth identifier. We receive a copy of your Clerk user id, primary email, and display name via webhook and store them in our own database so we can attach your cards and subscription state.

1.2 User Content

Character cards you upload or create — including the card JSON (V1 / V2 / V3 spec), embedded PNG portrait, lorebook entries, greetings, tags, change notes, and any metadata you set (visibility, share token, external links). Cards are stored in Cloudflare D1 (metadata) and Cloudflare R2 (PNG binary). The primary database region is configured per environment; content is served via Cloudflare's global edge network. See Section 7 (International data transfers).

1.3 Usage data

Pageviews and a small set of product events (sign up, card upload, lint run, sync attempt) recorded server-side. We use:

  • Plausible Analytics (self-hosted, cookieless) — worldwide. No personal identifiers, no cross-site tracking, no cookies that require consent.
  • Google Analytics 4 — only for visitors outside the EU, EEA, and UK. EU/EEA/UK visitors are detected via the Cloudflare cf-ipcountry request header and the GA4 script is not loaded for them, so no GA cookies are set in those regions.

1.4 Payment data (future feature, not yet collected)

If and when paid plans are introduced, we expect to use Stripe as the payment processor. Card numbers would go directly to Stripe and never touch our servers; we would only store the Stripe customer / subscription id and your plan status. This section will be updated before any paid plan goes live.

1.5 AI proxy data (future feature, not yet collected)

If and when an AI testing engine is introduced, it may route requests through providers such as OpenRouter to upstream large language model providers. In that case we would retain prompts, responses, and token counts for the duration of your test run so you can review them. The routing provider and the upstream LLM provider may also retain a copy under their own policies; we will document the list of providers and their retention windows here before the feature ships.

1.6 Webhook / system logs

We keep short-lived application logs (IP, user agent, request path, status code) for diagnostics and abuse prevention, typically rotated within 30 days at the Cloudflare edge.

2. How We Use Data

  • To operate the workbench (store, lint, sync, and serve your cards).
  • To enforce your visibility / sharing settings.
  • To detect and mitigate abuse, spam, and security incidents.
  • To send transactional email (password reset, account notices) via Clerk.
  • To measure aggregate product usage so we can improve the workbench.
  • To handle billing and subscription state (once paid plans launch).

3. Legal Bases (GDPR / UK GDPR)

  • Contract — running your account, storing your cards, processing payments.
  • Legitimate interests — abuse prevention, security logging, aggregate analytics (Plausible), product improvement.
  • Consent — only required for GA4-style cookies, which we do not load in EU/EEA/UK regions; if we ever add an optional consent-gated tracker we will surface a banner first.
  • Legal obligation — responding to lawful requests and DMCA notices.

4. Sharing & Sub-processors

We do not sell personal data. We share data with the following named sub-processors strictly to operate the service:

  • Cloudflare (Pages, Workers, D1, R2, Queues) — hosting, storage, edge network. Worldwide.
  • Clerk — authentication, user management, transactional email. Worldwide.
  • Plausible Analytics (self-hosted) — cookieless analytics. Worldwide.
  • Google Analytics 4 — non-EU/EEA/UK regions only.
  • OpenRouter and upstream LLM providers — AI testing engine (future feature).
  • Stripe — payment processing (future feature).
  • Chub.ai, RisuAI, SillyTavern — only when you explicitly trigger a sync; the card payload you choose to publish is sent under your own account credentials.

5. Retention & Deletion

You have the right to request erasure of your personal data (GDPR Article 17 / equivalent regimes). Account data and cards persist until you delete your Clerk account. When you delete your account, we promptly take the following actions to fulfil the erasure right:

  • Your personal identifiers (email, display name) are redacted from our database — no longer associated with you.
  • All of your character cards are immediately set to private and any share tokens are revoked, so existing share links return 404.

Under GDPR Article 17(3) and equivalent provisions in other jurisdictions, we retain certain non-identifying records beyond account deletion where retention is necessary for:

  • Compliance with a legal obligation, exercise or defence of legal claims, and audit / investigation of abuse.
  • System integrity (e.g. foreign-key consistency, deduplication of webhook events).

Retained records contain no direct personal identifiers after redaction. If you believe further hard-deletion is warranted in your specific case (e.g. removal of card binaries you originally uploaded), you may submit a targeted erasure request to [email protected] and we will evaluate it against the legitimate-retention grounds above.

Server logs are rotated within 30 days. Analytics events are aggregate and not tied to your account once redacted.

6. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account (see Section 5).
  • Export the data you provided — use the "Export my data" button in the dashboard, or call GET /api/me/export, to download a machine-readable JSON dump of your profile, character cards (with every version's card_json), and any waitlist entry.
  • Request the full picture (GDPR Article 15 right of access) covering telemetry, sync / lint / test job history, billing records, affiliate call logs, platform credential metadata, and system audit logs by emailing [email protected]. We handle these manually so we can scope and verify each request, and typically respond within 30 days as required by GDPR Article 12(3).
  • Object to or restrict certain processing.
  • Lodge a complaint with your local data-protection authority.

Send rights requests to [email protected]. We will endeavor to respond within the timeframes required by applicable law in your jurisdiction.

7. International Transfers

Our infrastructure is provided by Cloudflare and runs on a global edge network. Your data may be processed in any country where Cloudflare, Clerk, or our other named sub-processors operate. Where required, we rely on Standard Contractual Clauses (SCCs) and the sub-processors' own transfer mechanisms.

8. Children

TavernAI.Cards is intended for adults aged 18 or older. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please email [email protected] and we will remove the account.

9. Cookies & Local Storage

  • Strictly necessary — Clerk session cookies for authentication. Required for the workbench to function; no consent needed under ePrivacy.
  • Plausible Analytics — cookieless. No consent needed.
  • Google Analytics 4 — sets _ga / _gid cookies, but only in non-EU/EEA/UK regions where consent is not required by ePrivacy.

10. Updates

We will revise this Privacy Policy as the product evolves (particularly when AI proxy and payment features launch). The Last updated date and version number at the top of this page reflect the current revision. Material changes will be announced in the dashboard or via email.

11. Contact

Privacy questions: [email protected]
DMCA / copyright: [email protected]
Everything else: [email protected]

Privacy Policy — TavernAI.Cards