Privacy Policy

Last Updated: November 18, 2025

This Privacy Policy describes how we collect, use, and protect your personal information when you use our Arkham Horror: The Card Game companion website.

1. Information We Collect

1.1 Information You Provide

When you create an account, we collect:

1.2 Information Automatically Collected

We automatically collect certain information when you use our service:

1.3 Game Data

We store the following game-related data you create:

2. How We Use Your Information

We use the information we collect to:

3. Third-Party Services

3.1 Firebase Authentication

We use Google Firebase Authentication to securely manage user accounts. When you sign in, Firebase processes your authentication credentials. Please review Google's Privacy Policy for information about how Firebase handles your data.

3.2 Font Awesome Icons

We use Font Awesome icons via CDN (cdnjs.cloudflare.com). This service may collect usage statistics. Please review Font Awesome's Privacy Policy.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information:

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Cookies and Tracking

We use cookies and similar technologies to:

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our service.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

7. Your Rights Under GDPR and Other Data Protection Laws

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, you have the following rights:

7.1 Right of Access

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information about how it is being processed.

7.2 Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when:

7.4 Right to Restrict Processing

You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

7.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable data protection laws.

7.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@arkham606.com. We will respond to your request within one month (or two months if the request is complex). We may require verification of your identity before processing your request.

8. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal bases:

9. Data Controller Information

Data Controller: The operator of this website

Contact Email: support@arkham606.com

Purpose of Processing: Providing and maintaining the Arkham Horror: The Card Game companion website service

10. Data Processing and Third-Party Processors

10.1 Data Processors

We use the following third-party processors who process personal data on our behalf:

10.2 Data Processing Agreements

All third-party processors are bound by contractual obligations to process personal data only in accordance with our instructions and applicable data protection laws.

11. Data Retention Periods

We retain personal data for the following periods:

12. Data Deletion Policy

12.1 Requesting Data Deletion

You have the right to request deletion of your personal data. To request data deletion, please send an email to support@arkham606.com with the subject line "Data Deletion Request" and include your account email address. We will process your request within 30 days of receipt.

12.2 Data That Will Be Deleted

Upon receiving a valid data deletion request, we will permanently delete the following data:

12.3 Data That May Be Retained

Certain data may be retained for legal, security, or operational reasons, even after account deletion:

12.4 Third-Party Data

When you request data deletion, we will also request deletion of your data from third-party processors (such as Firebase Authentication). However, third-party processors may have their own data retention policies. We will make reasonable efforts to ensure your data is deleted from all third-party systems under our control.

12.5 Verification Requirements

To protect your privacy and prevent unauthorized deletion requests, we may require verification of your identity before processing a data deletion request. This may include:

12.6 Deletion Timeline

Upon verification of your identity and receipt of a valid deletion request:

12.7 Exceptions to Deletion

We may deny or delay a data deletion request if:

If we deny a deletion request, we will provide you with a written explanation of the reason for denial and information about your right to appeal.

12.8 Confirmation of Deletion

Upon completion of the data deletion process, we will send a confirmation email to the address from which the deletion request was made (or your registered email address if different). This confirmation will include a summary of what data was deleted and what data (if any) was retained and why.

13. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

By using our service, you consent to such transfers subject to these safeguards.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

15. Children's Privacy

Our service is not intended for children under 13 years of age (or 16 years in the EEA). We do not knowingly collect personal information from children under the applicable age threshold. If you believe we have collected information from a child under the applicable age, please contact us immediately at support@arkham606.com and we will take steps to delete such information.

16. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Your continued use of the service after changes become effective constitutes acceptance of the updated Privacy Policy.

18. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: support@arkham606.com

We will respond to all inquiries within a reasonable timeframe and in accordance with applicable data protection laws.

19. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

To exercise your California privacy rights, please contact us at support@arkham606.com.

20. Other Jurisdictions

If you are located in other jurisdictions with data protection laws (such as Canada's PIPEDA, Brazil's LGPD, etc.), you may have similar rights. Please contact us at support@arkham606.com to learn more about your rights and how to exercise them.