Privacy Policy

Last updated: February 22, 2026

Introduction
Information We Collect
How We Use Your Information
Third-Party Services
Data Sharing and Disclosure
Data Retention
Data Security
Your Rights
Children's Privacy
International Data Transfers
Changes to This Policy
Contact Us

1. Introduction

PocketScroll ("we", "our", or "us") operates the PocketScroll mobile application (the "App"), available on iOS and Android. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By using the App, you agree to the collection and use of information as described in this policy. If you do not agree with this policy, please do not use the App.

2. Information We Collect

2.1 Information You Provide

Patreon Account Data: When you sign in with Patreon, we receive your Patreon user ID, email address, display name, and subscription/membership status. We do not receive or store your Patreon password.
Foundry VTT Server URL: You provide the URL of your Foundry VTT server to connect. This URL is stored locally on your device.
Access Codes: If you generate or redeem access codes, we store the code status and association with your account.

2.2 Information Collected Automatically

Device Information: We may collect general device information such as device type, operating system version, and a unique device identifier for the purpose of subscription management and abuse prevention.
Usage Data: We may collect basic usage analytics such as app opens, feature usage, and crash reports to improve the App's performance and reliability.

2.3 Information We Do NOT Collect

We do not collect or store your Foundry VTT username or password. Authentication with your Foundry server happens directly between the App on your device and your Foundry VTT server.
We do not collect your character data, campaign data, chat messages, or any game content. All game data is transmitted directly between your device and your Foundry VTT server via Socket.IO and is never routed through our servers.
We do not collect precise location data.
We do not access your contacts, photos, camera, or microphone.

3. How We Use Your Information

We use the information we collect for the following purposes:

Account Management: To create and manage your PocketScroll account, verify your subscription status, and process access codes.
Providing the Service: To connect you to your Foundry VTT server and deliver the App's features.
Subscription Verification: To verify your Patreon subscription tier and determine which features you can access.
Abuse Prevention: To prevent unauthorized access and enforce rate limits on our services.
Improvements: To analyze aggregate usage patterns and improve the App's performance, stability, and features.
Support: To respond to your support requests and communicate important updates about the App.

4. Third-Party Services

The App integrates with the following third-party services:

4.1 Patreon

We use Patreon for authentication and subscription management. When you sign in, you are redirected to Patreon's OAuth flow. Patreon's use of your data is governed by Patreon's Privacy Policy.

4.2 Supabase

We use Supabase as our backend infrastructure for user account storage, access code management, and serving the companion Foundry VTT module. Supabase processes data in accordance with their Privacy Policy.

4.3 Foundry VTT

The App connects directly to your self-hosted or third-party-hosted Foundry VTT server. We are not responsible for data handling by your Foundry VTT server or its hosting provider. All game data is exchanged directly between your device and your Foundry server.

4.4 Expo / React Native

The App is built with Expo and React Native. Expo may collect anonymous crash reports and diagnostics. See Expo's Privacy Policy for details.

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers: With trusted third-party service providers (Supabase, Patreon) who assist in operating the App, subject to their own privacy policies.
Legal Requirements: If required by law, regulation, legal process, or governmental request.
Protection of Rights: To protect the rights, property, or safety of PocketScroll, our users, or the public.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide you with the App's services. If you wish to delete your account, please contact us (see Section 12) and we will delete your personal data within 30 days, except where we are required to retain it by law.

Locally stored data (such as your Foundry server URL and cached character data) is stored only on your device and can be removed by clearing the App's data or uninstalling the App.

7. Data Security

We take reasonable measures to protect your personal information, including:

Encrypted communication (HTTPS/TLS) for all data transmitted between the App and our servers.
Secure authentication via Patreon OAuth — we never handle or store your Patreon password.
Access controls and rate limiting on our backend services.

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate personal data.
Deletion: Request deletion of your personal data.
Portability: Request a portable copy of your data in a commonly used format.
Objection: Object to the processing of your personal data.
Withdraw Consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us using the information in Section 12. We will respond to your request within 30 days.

California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, contact us at the details below.

European Residents (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for processing your personal data is:

Contract: Processing necessary to provide the App's services to you.
Legitimate Interest: Processing necessary for abuse prevention and service improvement.
Consent: Where you have given explicit consent (e.g., signing in with Patreon).

9. Children's Privacy

The App is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe that a child under 13 has provided us with personal data, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our backend services (Supabase) may process data in data centers located in various regions. By using the App, you consent to the transfer of your information to these locations. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a concern, you can reach us at: