Privacy Policy

Effective date: 07/07/2026 · Last updated: 07/07/2026

This Privacy Policy explains how MyAdventures Ltd ("we", "us") collects, uses,
and shares information when you use MyAdventures.AI (the "Service"). It forms part
of our Terms of Service.

1. Who we are

The data controller is MyAdventures Ltd. For privacy
questions, contact support@myadventures.ai

2. Information we collect

You provide:

  • Account information — email address, display name, and authentication data.
    If you sign in with a third-party provider, we receive basic profile information
    from them. Passwords, where used, are stored only as salted hashes.
  • Content you create — characters, worlds, stories, rulesets, and the messages
    and prompts you send during play, together with the game state derived from them.
  • Communications — messages you send us, feedback, and content reports.
  • Payment information — when you buy credits, payment is handled by
    Stripe; we receive transaction confirmation and limited billing
    details, not your full card number.

Collected automatically:

  • Usage and device data — such as pages viewed, features used, approximate
    actions, timestamps, and general device/browser information, collected to
    operate and improve the Service. [Our product analytics are designed to be
    privacy-preserving and to avoid storing directly identifying information —
    describe accurately.]
  • Cookies and similar technologies — used for authentication/session and basic
    analytics. See Section 9.

3. How we use information

We use information to: provide and operate the Service (including generating game
content and maintaining game state); create and secure your account; process
purchases and manage credits; provide support and respond to reports; monitor,
detect, and act on violations of our Terms and Acceptable Use Policy (including
automated and human content moderation); analyse and improve the Service; send
service and, where permitted, marketing communications (which you can opt out of);
and comply with legal obligations.

Legal bases (GDPR/UK GDPR). Where applicable we rely on: performance of a
contract (providing the Service); legitimate interests (securing and improving the
Service, moderation, and preventing abuse); consent (certain cookies and
marketing); and legal obligation.

4. AI processing and content moderation

  • To generate gameplay, the inputs you provide and relevant game context are
    sent to third-party AI providers
    (see Section 5) which return generated text,
    audio, or images. This processing is necessary to provide the Service.
  • We may create vector embeddings of certain content (e.g. memories and lore)
    to power search and consistency features.
  • We operate content-moderation measures — automated screening and human
    review — to enforce our Acceptable Use Policy. This may involve processing your
    prompts and generated content, and recording moderation outcomes associated with
    your account, to detect and act on violations.
  • Training. We do not sell your content, and we do not use your private
    content to train our own models. We instruct our AI providers to process your
    inputs only to provide the Service, and, to our knowledge, they do not use API
    inputs to train their models by default. [VERIFY against each provider's
    current API terms — Anthropic, Google, Z.ai, Stability AI, PixelLab — and update
    this statement to match.]

5. How we share information

We share information with:

  • Service providers / subprocessors who process data on our behalf, including
    (as configured): Anthropic (AI Game Master), Google (AI embeddings and
    text-to-speech), Z.ai / GLM (AI text and images), Stability AI and
    PixelLab (image generation), MongoDB Atlas (database hosting),
    [HOSTING PROVIDER] (application hosting), [PAYMENT PROCESSOR] (payments),
    and Resend (email delivery). Each processes data only as needed to provide
    its service.
  • Other users, for content you choose to publish or share through the
    Service's sharing features (including your display name as author).
  • Legal and safety — where we believe disclosure is necessary to comply with
    law or legal process, enforce our Terms, protect the rights, safety, and
    security of our users, the public, or us, or in connection with suspected illegal
    activity. Suspected child sexual abuse material is reported to the appropriate
    authorities as required by law.
  • Business transfers — in connection with a merger, acquisition, financing, or
    sale of assets, subject to this Policy.

6. Data retention

We retain information for as long as your account is active and as needed to
provide the Service, then for a reasonable period as required for backups, legal
compliance, dispute resolution, and enforcement. Moderation and abuse records may
be retained longer where necessary for safety and legal purposes. When you delete
content or your account, we delete or de-identify associated personal data within
a reasonable period, subject to those exceptions. [Specify concrete retention
periods with counsel.]

7. Security

We use technical and organisational measures designed to protect information (for
example, encryption in transit, hashed passwords, and access controls). No method
of transmission or storage is completely secure, and we cannot guarantee absolute
security.

8. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, port,
or restrict processing of your personal data, to object to certain processing, and
to withdraw consent. You can:

  • Access and edit account details, and delete your account, from within the
    Service.
  • Opt out of marketing email via the unsubscribe link or your settings.
  • Contact support@myadventures.ai to exercise your rights.

We will not discriminate against you for exercising these rights. If you are in the
EEA/UK you may complain to your supervisory authority; if you are in California you
have rights under the CCPA/CPRA (we do not "sell" personal information as commonly
understood — confirm and describe any "sharing" for cross-context advertising, if
any).

9. Cookies

We use strictly necessary cookies for authentication and session management, and
limited analytics cookies/technologies to understand and improve usage. You can
control cookies through your browser; disabling some may affect functionality.

10. Children

The Service is not directed to, and may not be used by, anyone under 18.
We do not knowingly collect personal data from children. If you
believe a child has provided us personal data, contact support@myadventures.ai and we
will take appropriate steps to delete it.

11. International transfers

We and our providers may process information in countries other than yours,
including United Kingdom, which may have different data-protection laws.
Where required, we rely on appropriate safeguards (such as Standard Contractual
Clauses) for such transfers.

12. Changes to this Policy

We may update this Policy. For material changes we will take reasonable steps to
notify you. The "Last updated" date shows the latest revision.

13. Contact

MyAdventures Ltd, support@myadventures.ai