Privacy Policy
Last updated: April 24, 2026 · Effective: April 24, 2026
Who We Are (Data Controller)
Wanderhold is operated by Studio Lybrand, 5900 Balcones Drive, Ste 4000, Austin, TX 78731, USA. For all privacy questions, requests, or complaints, contact [email protected]. Studio Lybrand is the “data controller” under GDPR/UK GDPR for the data described below and the “business” under the California Consumer Privacy Act (CCPA/CPRA).
Categories of Personal Information We Collect
- Identifiers:email address, account ID, IP address (transient, for authentication and abuse prevention).
- Account credentials (sensitive PI):password hash. We never see your plain password.
- User-generated content:campaign saves, characters, journal entries, world data you create or edit.
- Commercial information:subscription status, plan tier, billing history (handled by Stripe; we do not store full card numbers).
- Internet/usage activity:pages viewed, features used, errors encountered. Captured by PostHog and Sentry.
- Inferences:aggregated usage patterns used to improve the product. We do not build advertising or behavioural-targeting profiles.
- Date of birth (age verification only):collected at sign-up to confirm you are 13 or older. We store only the year of birth and a flag confirming the check passed; the full DOB is discarded.
How We Use Your Data & Legal Bases (GDPR Art. 6)
- To provide the service (authentication, persisting your campaigns, generating narrative). Legal basis: performance of a contract.
- To bill you for paid plans. Legal basis: contract; legal obligation (tax records).
- To monitor errors and improve the product via Sentry and PostHog. Legal basis: legitimate interests (running a reliable service); for EU/UK visitors, consent for non-essential analytics cookies.
- To send transactional email (sign-in links, billing notices). Legal basis: contract.
- To send marketing email, only if you opted in at sign-up. Legal basis: consent. You can withdraw consent at any time from your Account page or via the unsubscribe link in any marketing email.
- To enforce safety and Terms of Service. Legal basis: legitimate interests; legal obligation.
Providing your email and password is a contractual requirement:without them we cannot create your account or save your campaigns. Marketing-email consent is optional.
Automated Decision-Making & AI
Wanderhold uses Anthropic’s Claude API to generate narrative text in your campaigns. The AI does not make decisions that produce legal or similarly significant effects on you. All generated content is fictional storytelling. See our Safety Policy for details on how AI output is constrained.
Service Providers & Sub-Processors
We share personal information with the following service providers (CCPA: “service providers”; GDPR: “processors”) who process data only on our instructions:
- Supabase, Inc.: authentication, database, file storage. Categories: identifiers, credentials, user-generated content, usage activity. (US)
- Cloudflare, Inc.: hosting, CDN, edge security. Categories: identifiers (IP), usage activity. (US/global)
- Stripe, Inc.: payment processing. Categories: identifiers, commercial information, payment data. (US)
- Anthropic, PBC: AI narrative generation. Categories: campaign content sent in prompts. Anthropic does not retain prompts for model training under our API agreement. (US)
- PostHog, Inc.: product analytics. Categories: identifiers, usage activity. (US/EU; we use the EU region where available.) (US)
- Functional Software, Inc. d/b/a Sentry: error monitoring. Categories: identifiers, error/stack data. (US)
- Resend / transactional email provider: sending sign-in and billing emails. Categories: identifiers. (US)
Sale & Sharing of Personal Information
We do not sell your personal information, and we do not share it for cross-context behavioural advertising as those terms are defined under the CCPA. We honour Global Privacy Control (GPC) signals as opt-out requests for any future sharing. We do not knowingly sell or share the personal information of consumers under 16.
International Transfers
We are based in the United States and most of our service providers are also based in the United States. If you access Wanderhold from the European Economic Area, the United Kingdom, or Switzerland, your data will be transferred to the US. We rely on the EU–US Data Privacy Framework where the recipient is certified, and on Standard Contractual Clauses (SCCs) with appropriate supplementary measures otherwise.
Data Retention
| Data category | Retention |
|---|---|
| Account record & credentials | While account is active; 30 days after deletion request, then erased. |
| Campaign saves & user content | While account is active; deleted with the account. |
| Billing & tax records | 7 years (US tax-record obligation). |
| Sentry error logs | 90 days, then auto-purged. |
| PostHog analytics events | 12 months for raw events; aggregates retained indefinitely. |
| Anthropic prompt traffic | Not retained by Anthropic for training; transient logs ≤ 30 days for abuse review. |
| Marketing email list | Until you unsubscribe or delete your account. |
| Age-verification flag | While account is active. |
Cookies & Similar Technologies
We use the following cookies and local-storage items:
- Strictly necessary: Supabase authentication session, CSRF tokens, your consent choices. Always on; required for the service to work.
- Analytics: PostHog session and event cookies. Off by default for visitors in the EU/UK; loaded only after you grant consent via our cookie banner.
- Error monitoring: Sentry session ID. Strictly necessary to associate errors with a session; no advertising use.
We do not use advertising, retargeting, or third-party tracking cookies. You can manage your choices at any time via the “Cookie preferences” link in the footer.
Your Rights
Subject to your jurisdiction, you have the right to:
- Access: receive a copy of the personal information we hold about you.
- Correct: have inaccurate data corrected.
- Delete: have your data erased (“right to be forgotten”).
- Portability: receive your data in a portable, machine-readable format.
- Object / restrict: object to processing based on legitimate interests, or restrict processing in certain cases.
- Withdraw consent: for any processing based on consent, withdraw it at any time without affecting prior lawful processing.
- Limit use of sensitive PI (California): we do not use sensitive PI beyond what is necessary to provide the service.
- Non-discrimination (California): we will not deny service, charge a different price, or provide a different level of quality because you exercised a privacy right.
- Authorized agent (California): you may designate an agent to make a request on your behalf with proper verification.
Most rights can be exercised directly from your Account page (export, delete). For anything else, email [email protected]. We respond within 30 days (CCPA: 45 days, extendable once by 45 days; GDPR: 30 days, extendable once by 60 days). We verify requests by confirming control of the account email.
EU/UK residents have the right to lodge a complaint with their national data protection authority. California residents may also direct complaints to the California Privacy Protection Agency.
Children’s Privacy (COPPA)
Wanderhold is not directed to children under 13. We use a neutral age screen at sign-up and do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact [email protected] and we will delete the account and associated data promptly.
Security
Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt by Supabase. We restrict internal access to personal information on a need-to-know basis. No system is perfectly secure; we will notify affected users and applicable regulators of a confirmed personal-data breach as required by law.
Changes to This Policy
We may update this policy from time to time. Material changes will be announced by email to active users at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the current version.
Contact
Studio Lybrand · 5900 Balcones Drive, Ste 4000, Austin, TX 78731 · [email protected]