Privacy Policy for Hero Forge
Last updated: January 2025
Information We Collect
Hero Forge is a web-based AI character generator. We collect minimal information necessary to provide our service:
- Account Information: If you sign in with Google, we collect your name, email, and profile picture
- Purchase Information: Transaction IDs and purchase history for Gen-Token purchases (processed by Google Play and RevenueCat)
- Usage Data: Analytics on how you use the app to improve our service
- Generated Content: Characters, artifacts, and banners you create (stored locally in your browser)
- Device Information: Browser type, operating system, and device identifiers for technical support
- Bluetooth Data: Nearby device information when using the card trading feature (not stored on our servers)
- Technical Information: Performance metrics and error logs for optimization
Google AdSense
This website uses Google AdSense to display advertisements. Google AdSense may use cookies and web beacons to serve ads based on your visits to this and other websites. You can opt out of personalized advertising by visiting Google Ads Settings.
Cookies and Tracking Technologies
We use the following types of cookies:
- Essential Cookies: Required for basic functionality such as saving your preferences and character data. These cannot be disabled.
- Analytics Cookies: Help us understand usage patterns and improve the application. You can opt out through our consent banner.
- Advertising Cookies: Used by Google AdSense for personalized ads based on your interests. You can opt out through our consent banner or Google Ads Settings.
You can control cookies through your browser settings or our consent banner. Note that disabling certain cookies may affect functionality.
Data Storage
Character data is stored locally in your browser using IndexedDB. We do not store personal information on our servers. Your generated characters, preferences, and settings remain on your device and are not transmitted to our servers.
Children's Privacy (COPPA Compliance)
Hero Forge is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. The application includes an age verification gate to ensure compliance with the Children's Online Privacy Protection Act (COPPA).
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at jonslavey@hotmail.com, and we will take steps to remove such information.
Age Requirement: Users must be 13 years of age or older to use Hero Forge.
Your Rights Under GDPR (European Users)
If you are in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
- Right to Access: Request a copy of your personal data we hold.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
- Right to Restrict Processing: Request limitation of how we process your data.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing of your data for specific purposes.
- Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.
- Right to Lodge a Complaint: File a complaint with your local data protection authority.
To exercise any of these rights, please contact us at jonslavey@hotmail.com. We will respond within 30 days.
California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Know what personal information is collected, used, shared, or sold.
- Right to Delete: Request deletion of your personal information.
- Right to Opt-Out: Opt out of the sale of your personal information.
- Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights.
Do Not Sell My Personal Information: We do not sell your personal information. However, our use of Google AdSense may constitute "sharing" under CCPA. You can opt out of personalized advertising through our consent banner.
To exercise your CCPA rights, contact us at jonslavey@hotmail.com. We will verify your identity and respond within 45 days.
Google Authentication
If you choose to sign in with Google, we use Google OAuth 2.0 to authenticate your account. We collect:
- Your Google account name
- Your Google account email address
- Your Google profile picture
This information is used solely to:
- Identify you across devices
- Sync your generated characters to Firebase Storage
- Display your profile in the app
Optional Feature: Google sign-in is entirely optional. You can use Hero Forge without signing in, and all data will remain local to your device.
In-App Purchases & Payment Information
Hero Forge offers in-app purchases of Gen-Tokens through Google Play Billing, processed by RevenueCat. We collect:
- Transaction IDs: Unique identifiers for each purchase
- Purchase History: Record of Gen-Token purchases and consumption
- Customer Info: Anonymous customer ID from RevenueCat
Payment Security: We do NOT collect or store your credit card information, billing address, or payment details. All payment processing is handled securely by Google Play and RevenueCat.
Purchase Data Retention: Transaction records are retained for accounting and fraud prevention purposes for up to 7 years as required by law.
Card Trading & Bluetooth
When using the card trading feature, Hero Forge uses Bluetooth Low Energy (BLE) to connect with nearby devices. We collect:
- Nearby Device Information: Device names and Bluetooth identifiers of nearby traders
- Trade Data: Information about cards being traded (stored locally, not on our servers)
Peer-to-Peer Trading: All card trades occur directly between devices. We do not store, monitor, or control traded cards. Trade data remains on your device and the recipient's device only.
Bluetooth Permissions: You must grant Bluetooth permissions to use the trading feature. You can revoke these permissions at any time through your device settings.
Third-Party Services
Hero Forge uses the following third-party services that may collect or process data:
- Google AdSense: Advertising platform (Privacy Policy)
- Google AdMob: Mobile advertising platform (Privacy Policy)
- Google Play Billing: Payment processing (Privacy Policy)
- RevenueCat: Purchase management and analytics (Privacy Policy)
- Zero2Launch API: AI image generation service
- Novita AI: AI image generation service
- Google Gemini: AI text generation service (Privacy Policy)
- Firebase: Hosting, authentication, and storage (Privacy Policy)
Each third-party service has its own privacy policy governing data collection and use. We recommend reviewing their policies.
Data Retention
We retain your data only as long as necessary to provide our services:
- Character Data: Stored locally in your browser until you clear browser data or manually delete characters. If synced via Google, stored in Firebase until you delete your account.
- Account Data: Google account information retained while you remain signed in. Deleted when you sign out or delete your account.
- Purchase Records: Transaction history retained for 7 years for accounting and legal compliance.
- Consent Preferences: Stored for 12 months, after which you will be asked to renew consent.
- Age Verification: Stored for 30 days, after which you will be asked to verify again.
- Analytics Data: Retained for 26 months in accordance with Google Analytics policies.
- Trade Data: Stored locally on your device only; not retained on our servers.
International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by relevant data protection authorities
- Compliance with Privacy Shield principles where applicable
Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- HTTPS encryption for all data transmission
- Secure local storage using browser IndexedDB
- Regular security audits and updates
- Access controls and authentication for backend services
- No storage of sensitive personal information on our servers
While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovering the breach (GDPR requirement)
- Notify relevant data protection authorities as required by law
- Provide information about the nature of the breach and steps being taken
- Offer guidance on protective measures you can take
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Posting the new policy on this page
- Updating the "Last updated" date below
- Displaying a notification in the application (for significant changes)
Your continued use of Hero Forge after changes are posted constitutes acceptance of the updated policy.
Contact Us
For privacy-related questions, to exercise your rights, or to report concerns:
Email: jonslavey@hotmail.com
Response Time: Within 30 days (GDPR) or 45 days (CCPA)
Subject Line: Please include "Privacy Request" or "Data Rights Request"
Consent Management
You can manage your consent preferences at any time by:
- Clicking the "Cookie Settings" button at the bottom-left of the application
- Clearing your browser cookies and reloading the page
- Adjusting your browser's privacy settings
Last Updated: January 2025
Effective Date: January 2025
Version: 2.0 (GDPR/CCPA/COPPA Compliant)
← Back to Hero Forge