Privacy

Four things, and only what you give us or what happens automatically when something breaks:

• Your email address. Used to sign you in. Password is hashed by Supabase Auth and never visible to us.
• Campaign content you create: NPCs, locations, factions, lore, sessions, threads, player characters, and your chats with the Eye.
• Anonymous traffic data: page views, page load times, and approximate region. Provided by Vercel Analytics. No cookies, no IP storage, no cross-site tracking.
• Error and performance data: when something breaks in the app, Sentry captures the error, stack trace, and the URL where it happened. Personal identifiable information is disabled at the SDK level, request bodies are never sent, and any session replay text is masked.

• Payment data. Beta is free; there is no checkout.
• Precise location.
• Advertising or tracking cookies.
• Anything you have not typed into ScryingEye.

• To run the product (let you sign in, save your campaign, search and edit it).
• To generate AI responses when you ask the Eye. Only the relevant subset of your campaign for that question is sent to the model, plus the question itself.
• To debug crashes and improve performance using anonymized analytics.

• Sold to anyone.
• Shared with advertisers.
• Used to train AI models without explicit opt-in.

• Supabase Postgres on AWS stores your campaign data. Row-level security ensures only you can read or write your own rows.
• Google Gemini API receives prompts when you ask the Eye. During beta we use the standard API tier; Google's terms permit them to use submissions to improve their services. We plan to move to a zero-data-retention tier before public launch and will state so on this page when we do.
• Vercel hosts the application and provides anonymized analytics.
• Sentry receives error reports and performance traces. PII is disabled in our SDK config; prompts and campaign content are never sent. Session replays mask all text and media by default.
• No third party other than the four above receives your data.

• Delete a campaign: Settings → Danger zone → Delete campaign. Immediate, irreversible.
• Delete your account and all data: email ntstoltz11@gmail.com. We respond within 30 days.
• Export everything: Settings → Danger zone → Export everything. Yours in Markdown, anytime.

One cookie: the Supabase session cookie that keeps you signed in. No analytics or advertising cookies.

Questions or requests: ntstoltz11@gmail.com. Beta feedback is welcome.

Material changes will be noted at the top of this page with a new date. If you continue to use ScryingEye after a change you accept the updated terms; if you do not, the Danger zone export and delete tools are always available.