Privacy Policy

Effective: 18 February 2025

HistoryCheck is a desktop and web application for Game Masters that records, transcribes, and summarises tabletop RPG sessions. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

Data We Collect

Account data: email address (authentication), display name, and optional profile image (stored locally on desktop, in Supabase Storage on web).

Session data: audio recordings (stored locally on desktop, held in memory on web), transcripts, AI-generated content (summaries, entities, action items), and campaign/world data.

Analytics data (anonymous): GA4 client ID and Sentry install ID (randomly generated, not linked to your account). Anonymous usage events with no personally identifiable information.

Local-First Architecture

On desktop, all data is stored locally on your device in a SQLite database. Audio recordings and images remain on your local filesystem. Cloud sync is optional — when enabled, structured data is synced to Supabase for multi-device access.

On web, structured data is stored in a browser-local SQLite database backed by IndexedDB. Entity images are stored in Supabase Storage (cloud). Audio recordings are held in memory during the session and uploaded to AssemblyAI for transcription; they are not permanently stored on our servers.

Third-Party Processors

• Supabase — authentication and optional cloud sync.
• AssemblyAI — audio transcription (temporarily uploaded, then deleted).
• Google Gemini — AI processing (transcript text sent for analysis, not stored).
• Resend — transactional email (when triggered by user).
• Stripe — payment processing and subscription management (we never see or store card details).
• RevenueCat — subscription entitlement management across platforms.
• Sentry — anonymous crash reporting.
• Google Analytics 4 — anonymous usage analytics via Measurement Protocol.

Analytics and Crash Reporting

Google Analytics 4: anonymous usage events via Measurement Protocol. No IP addresses, email, or PII.

Sentry: crash reports with anonymous install ID and error details. sendDefaultPii is explicitly disabled.

Cookies and Local Storage

HistoryCheck does not use third-party tracking cookies. On web, we use:

• IndexedDB — browser-local SQLite database for app data.
• localStorage — authentication tokens (managed by Supabase), theme preference, and sync timestamps.

Data Retention

AssemblyAI: audio files are temporarily uploaded for transcription processing and deleted by AssemblyAI after processing completes.

Supabase: synced data is retained until you delete your account. You can delete your account from the Account screen in the app, which removes all cloud-stored data.

Local data: remains on your device until you delete it or uninstall the app.

Your Rights

• Access — use the built-in export feature (Markdown, JSON, CSV).
• Deletion — use "Delete Account" in the Account screen.
• Portability — export your data in standard formats at any time.

California Residents (CCPA)

We do not sell personal information. California residents have the right to know what personal information is collected, request its deletion, and opt out of any sale of personal information (none occurs). To exercise these rights, contact us at privacy@historycheck.app.

Children

HistoryCheck is not directed at children under 13. We do not knowingly collect data from children under 13.

Security

All API keys and secrets are stored server-side in Supabase Edge Functions. Cloud communication uses HTTPS. Supabase enforces Row Level Security on all database tables and storage buckets. We never store payment card information.

Changes

We may update this Privacy Policy from time to time. Changes will be posted at this URL with an updated date. Continued use constitutes acceptance.

Contact

For privacy-related questions or requests, contact us at privacy@historycheck.app.