Privacy Policy

Last updated: February 4, 2026

Introduction

Rami Labs ("we," "our," or "us") operates RPGen, a web-based role-playing game platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using RPGen, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Personal Information

Information you provide directly to us

Account Information: Email address, username, and authentication credentials managed through our authentication provider
Profile Information: User profile data, preferences, and settings
Game Content: Characters, campaigns, universes, runs, and other content you create within the platform
Communication Data: Messages, chat logs, and interactions within the game platform

Automatically Collected Information

Information collected automatically when you use our service

Usage Data: Information about how you access and use RPGen, including IP address, browser type, device information, and usage patterns
Cookies and Tracking: We use cookies and similar tracking technologies to track activity on our service and store certain information
Log Data: Server logs, including timestamps, access times, and error information

How We Use Your Information

To provide, maintain, and improve our service
To process transactions and manage your account
To personalize your experience and deliver content
To communicate with you about your account and service updates
To detect, prevent, and address technical issues
To comply with legal obligations and enforce our terms
To analyze usage patterns and improve our platform

Third-Party Services

Service Providers

We use third-party services to operate and improve RPGen

Authentication: Clerk provides user authentication and account management services, including support for Google OAuth sign-in. Their privacy policy applies to authentication data. For detailed information about how we access and use Google user data, please see the "Google OAuth Data" section below.
Database and Storage: Supabase provides database hosting and file storage services. Your game data is stored securely on Supabase infrastructure.
Payments: Stripe processes payment transactions. Payment information is handled by Stripe in accordance with their privacy policy and PCI DSS compliance.
AI Services: We use AI inference services (via Vercel AI SDK) to power game narration and content generation. Your game interactions may be processed by these services.
Image Generation: Replicate may be used for visual scene generation. Images generated through this service are stored securely.

These third-party services have their own privacy policies governing the collection and use of your information. We encourage you to review their privacy policies.

Google OAuth Data

Google User Data Access and Usage

When you sign in with Google, we access and use specific Google user data as described below

Data Accessed

When you choose to sign in with Google, our application accesses the following types of Google user data:

Email Address: Your Google account email address for account creation and identification
Basic Profile Information: Your name and profile picture URL from your Google account
Google User ID: A unique identifier from Google for account linking and authentication

Data Usage

We use the Google user data we access for the following purposes:

Account creation and authentication when you sign in with Google
User identification and profile setup within RPGen
Linking your Google account to your RPGen user account
Storing minimal profile data (email address and username derived from your Google profile) in our database through our authentication provider, Clerk

Data Storage

Google authentication data is processed and stored as follows:

Google authentication data is processed and stored by Clerk, our authentication service provider
We store only the Clerk user ID and derived profile information (username, email address) in our Supabase database
We do not store Google passwords or Google access tokens directly
All authentication tokens and sensitive credentials are managed securely by Clerk

Data Sharing

Google user data sharing practices:

Google user data is shared with Clerk for authentication purposes only
We do not share Google user data with other third parties except as necessary for service operation (e.g., database hosting through Supabase)
We do not sell, rent, or trade Google user data to any third parties

Data Revocation and Management

You have control over your Google OAuth access and can revoke it at any time:

How to Revoke Access: You can revoke Google OAuth access through your Google Account settings at myaccount.google.com/permissions, through your RPGen account settings, or by contacting us using the information in the Contact section below
What Happens When Access is Revoked: Revoking Google OAuth access will prevent future sign-ins using Google. Your existing account data will remain unless you delete your account. You may need to set up alternative authentication methods (such as email/password) to continue accessing your account
Data Retention After Revocation: Google OAuth tokens are immediately invalidated when you revoke access. Profile data derived from Google (email address, username) may remain in our database until you request account deletion. You can request full account deletion and data removal through the "Your Rights" section below

Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Your data is stored on secure servers provided by our third-party service providers, who maintain industry-standard security practices.

Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

Access: Request access to your personal information
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information
Portability: Request transfer of your data to another service
Objection: Object to processing of your personal information
Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the Contact section below.

Cookies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal purposes.

Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Rami Labs
Email: privacy@ramilabs.com