History Check

Privacy Policy

Last updated: 14 June 2026

1. Introduction

History Check (“History Check”, “we”, “us”) is a web application for tabletop RPG Game Masters that records game sessions, transcribes the audio, and uses AI to generate summaries and extract campaign details. This Privacy Policy explains what data we collect, how and why we use it, who we share it with, and the rights you have over your data.

By using History Check you agree to the practices described here. For any privacy question or data request, contact us at support@historycheck.app.

2. Who We Are and Our Role

History Check is operated by Annanil Entertainment Ltd, a company registered in England & Wales (company number 17245210), registered office 5 Brayford Square, London, E1 0SG, United Kingdom. You can contact us at support@historycheck.app.

Annanil Entertainment Ltd is the data controller for the personal data processed through the App, including your account information and the content you create or record.

Where you record other people (see Section 3), you act as the controller of those participants' personal data and History Check processes that data on your behalf and to provide the service to you. You are responsible for having a lawful basis to record and upload that audio.

3. Recording Consent and Your Responsibilities

History Check records audio of tabletop sessions, which usually means recording more than one person, including people who may not be History Check users.

  • You are responsible for obtaining consent - from every person you record before you start recording and before you upload a session to History Check.
  • Recording laws vary by location. - Some jurisdictions allow recording with the consent of one party to the conversation; others require the consent of all parties (“two-party” or “all-party” consent). It is your responsibility to know and comply with the laws that apply to you and the people you record.
  • You must not use History Check to record anyone unlawfully or without the consent the law requires.

If you are recording a session, tell the other people at the table that the session is being recorded and transcribed, and that the audio will be processed by the third parties listed in Section 9.

4. Data We Collect

Account data

  • Email address - for authentication, account recovery, and transactional email.
  • Display name - the name you choose, shown in the App.
  • Profile image - optional avatar, stored in Supabase Storage.

Session and campaign data

  • Audio recordings - captured during your sessions. Audio is cached in your browser during recording, uploaded to Supabase Storage in chunks, assembled server-side, and sent to our transcription provider (AssemblyAI).
  • Transcripts - text generated from your audio. Raw transcripts are immutable; an editable copy is kept separately.
  • AI-generated content - summaries, scenes, and extracted entities (NPCs, locations, items, monsters, organisations) produced by our AI provider. Editable by you.
  • Campaign and world data - campaigns, worlds, characters, entities, and the relationships between them, plus any text or lore you paste in.

Voice and speaker data

  • To label who is speaking, our transcription provider performs speaker diarization within a single recording. See Section 7 for how we treat voice data and why we do not create persistent voiceprints.

Data about people you record

  • When you record a session, the audio, transcript, and any extracted information may contain the voices and personal information of other participants, including people who are not History Check users. We process this data to provide the service to you, the recording user. Those individuals can exercise their rights (Section 13) by contacting you as the recording user or by contacting us at support@historycheck.app.

Payment data

  • If you subscribe, payment is handled entirely by Stripe. We never see or store your card details; we receive only your subscription status and related metadata.

Analytics and diagnostics

  • Crash reports (Sentry) - when the App errors, we send a crash report containing a pseudonymous account or install identifier, error details, and device/OS information. We disable Sentry's default PII collection: we do not send your email, message content, or IP address.

5. How We Use Your Data and Our Legal Basis

We use your data to:

  • Provide the App - record, transcribe, summarise, and organise your sessions, and operate your account. Legal basis: performance of our contract with you.
  • Process recordings and generate AI content - as described in Sections 6 and 7. Legal basis: performance of our contract with you; and, for participants you record, your consent and our legitimate interest in providing the service you requested.
  • Communicate with you - account, security, and support email. Legal basis: performance of our contract and our legitimate interest in supporting you.
  • Keep the App secure and reliable - crash reporting and abuse prevention. Legal basis: our legitimate interest in a secure, working product.
  • Take payment - via Stripe, when you subscribe. Legal basis: performance of our contract with you.

6. AI Processing and Training

  • Your transcripts and session content are sent to our AI provider (Google Gemini) and transcription provider (AssemblyAI) only to provide the service to you - to transcribe audio and generate summaries and entities.
  • Under the API terms we operate, content sent to Google Gemini and AssemblyAI through their APIs is not used to train their general-purpose models.
  • We do not sell your data, and we do not use your audio, transcripts, or campaign content to train third-party AI models.
  • We may use de-identified and aggregated data (data that does not identify you or any individual) to monitor, debug, and improve the App. We will not use identifiable session content to train models without telling you first and giving you a choice where the law requires it.

7. Voice and Biometric Data

  • Speaker labels are produced by diarization within a single recording - the transcription provider groups segments of audio by speaker for that session only.
  • History Check does not create, store, or use persistent voiceprints or biometric identifiers, and does not attempt to recognise or match the same person's voice across different sessions or recordings.
  • If we ever introduce features that would create persistent voiceprints or biometric identifiers, we will update this policy, provide the notice the law requires, and obtain consent where required before doing so.

8. Architecture and Storage

History Check is a web-first application:

  • Supabase is our sole database and the source of truth. - All of your account, session, and campaign data is stored in Supabase (a cloud backend). The App does not keep a local database copy of your data.
  • During recording, audio is temporarily cached in your browser (IndexedDB) so a recording can survive a refresh or short network drop. Once a session is uploaded and assembled, that cache is no longer needed.
  • Audio recordings and entity images are stored in Supabase Storage.

9. Third-Party Processors (Subprocessors)

We use the following third-party services to operate History Check. Each is governed by its own privacy policy, which we encourage you to review.

  • Supabase (United States) - authentication, cloud database, and file storage. Receives your email, display name, all session and campaign data, audio files, and images.
  • AssemblyAI (United States) - audio transcription and speaker diarization. Receives audio recordings, which are processed then deleted per AssemblyAI's retention policy.
  • Google Gemini (Global / United States) - AI processing for summaries and entity extraction. Receives transcript text via server-side functions; not used to train Google's models per their API terms.
  • Resend (United States) - transactional email (account confirmation, password reset, support replies). Receives your email address and any message you send to support.
  • Stripe (United States) - payment processing. Handles payment information entirely; we never see or store card details.
  • Sentry (United States) - crash reporting. Receives a pseudonymous account/install identifier, error details, and device/OS information (no email, content, or IP).

All third-party API keys are managed server-side. No API keys are stored on the client.

10. Cookies and Local Storage

History Check does not use advertising or cross-site tracking cookies. We use browser storage on your device to make the App work:

  • Local storage - to keep you signed in and to hold short-lived authentication and recovery state.
  • IndexedDB - to temporarily cache audio while you record, as described in Section 8.

You can clear this data at any time through your browser settings; doing so will sign you out and remove any locally cached audio.

11. International Data Transfers

History Check and the processors listed in Section 9 are primarily located in the United States, so your data may be transferred to and processed in the United States and other countries. Where we transfer the personal data of users in the EU, UK, or Switzerland, we rely on appropriate safeguards such as the EU-US Data Privacy Framework and/or Standard Contractual Clauses (with the UK Addendum where applicable) with our processors. You can request details of these safeguards by contacting support@historycheck.app.

12. Data Retention

  • Account and campaign data - retained in Supabase until you delete it or delete your account.
  • Audio recordings - retained in Supabase Storage until you delete the session or your account.
  • Transcripts - raw transcripts are never auto-deleted; they are removed when you delete the session or your account.
  • Audio at AssemblyAI - subject to AssemblyAI's retention policy (typically deleted after processing).
  • Transcript text at Google - subject to Google's Gemini API data usage policy (not used for model training per their API terms).
  • Browser storage - cleared by clearing your browser data.

13. Your Rights

Depending on where you live, you have some or all of the following rights over your personal data:

  • Access - get a copy of the personal data we hold about you. Contact us at support@historycheck.app to request a copy.
  • Correction - correct inaccurate data.
  • Deletion - delete your data. Use “Delete Account” in the Account screen to remove your data from Supabase (database, storage, and authentication).
  • Portability - ask us for a copy of the data you provided, in a portable format.
  • Object or restrict - object to or restrict certain processing.
  • Withdraw consent - where we rely on consent.

For users in the EU, UK, and Switzerland (GDPR): you also have the right to lodge a complaint with your local data protection authority.

For California residents (CCPA/CPRA): you have the right to know, delete, correct, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information. We will not discriminate against you for exercising your rights.

To exercise any right, contact support@historycheck.app. We respond within one month, or sooner where the law requires (for example, within 45 days for CCPA requests).

14. Data Breach Notification

If a data breach affects your personal data, we will notify the relevant supervisory authority and affected users without undue delay and within the timeframes required by applicable law (for example, within 72 hours of becoming aware, where GDPR applies).

15. Automated Decision-Making

History Check uses AI to generate summaries and extract entities from your sessions. These features do not make legal or similarly significant decisions about you or any individual; the output is editable content for your campaign, not an automated decision about a person.

16. Children

History Check is not directed at young children, and we do not knowingly collect personal data from children below the minimum age. In the UK the minimum age is 13 (UK Data Protection Act 2018). In the EU it is 16, unless your country has set a lower age (which may be as low as 13). If you believe a child below the minimum age has provided us data, contact support@historycheck.app and we will delete it.

17. Security

  • All API keys are managed server-side - no secrets are stored on the client.
  • All communication uses HTTPS encryption.
  • Supabase enforces Row Level Security (RLS) so users can only access their own data.
  • We never store payment card information - all payment processing is handled by Stripe.

18. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted at this URL with an updated “Last updated” date. Continued use of the App after changes constitutes acceptance.

19. Contact

For privacy questions or data requests, contact us at support@historycheck.app.

© 2026 Annanil Entertainment Ltd. Registered in England & Wales, company no. 17245210.