Legal

Privacy Policy

Last updated: [DATE] · Printfinity & Beyond Ltd

This Privacy Policy describes how Printfinity & Beyond Ltd ("we", "us", "our") collects, uses, and protects your personal data when you use LoreBox (the "App") and lorebox.co.uk (the "Website").

Printfinity & Beyond Ltd is registered in England & Wales (Company No. 15225935, VAT No. GB453490291). We are the data controller for personal data processed through the App and Website under UK GDPR.

1. Data We Collect

Account data

When you register, we collect your email address, display name, and a hashed password. This is necessary to provide the service.

Content you upload

Handout files (images, PDFs, videos, text, and other supported formats) you upload to your campaign library are stored on our servers. These files are processed only to deliver them to the players in your campaign, as directed by you.

Content received as a player

When a Game Master sends you a handout, a reference to that file is stored in your character's collection. The file itself is stored once under the GM's account.

Usage data

We collect information about how you use the App (actions taken, features used, error logs) to improve the service. This data is anonymised where possible.

Payment data

Payments are processed by Stripe. We do not store your card details. Stripe's own privacy policy applies to payment data.

Device data

We may collect device type, operating system version, and app version to diagnose technical issues and ensure compatibility.

Contact enquiries

If you contact us via the contact form, we collect your name, email address, and the content of your message in order to respond to you.

2. Content Moderation and Review

LoreBox operates a user-driven content moderation system to keep the platform safe. You should be aware of the following:

Content reports

Any player who receives a handout may report it if they believe it violates our Terms of Service. Submitting a report causes the following data to enter our moderation queue: the reported handout file, associated metadata (uploader, session, upload date), and the reported reason.

Moderator access

Reported content is reviewed by LoreBox staff and/or appointed moderators. Moderators may access and view the content of any handout that has been reported. Moderators do not routinely access, monitor, or view content that has not been reported.

Moderation outcomes

If content is found to violate our Terms of Service, it may be removed from all campaign collections it was sent to. The uploading account may receive a warning, temporary suspension, or permanent ban depending on the severity and history of violations. All moderation decisions are logged with a timestamp and the acting moderator.

Legal basis

Content moderation is carried out under our legitimate interests in maintaining a safe and lawful platform and enforcing our Terms of Service (Article 6(1)(f) UK GDPR).

3. Cookies

The Website uses cookies to:

  • Essential cookies: Maintain your session and remember your preferences. These cannot be disabled as they are necessary for the Website to function.
  • Analytics cookies: Understand how visitors use the Website. Only set with your explicit consent.

You will be asked for consent on your first visit via our cookie banner. You can change your preferences at any time.

4. How We Use Your Data

  • To provide and maintain the LoreBox service
  • To process payments and manage subscriptions
  • To send service-related communications (password resets, subscription confirmations)
  • To review reported content and enforce our Terms of Service
  • To respond to contact enquiries
  • To improve the App based on anonymised usage patterns
  • To comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising.

5. Data Sharing

We share data only with the following processors, each bound by data processing agreements:

  • Supabase — database and file storage (EU-West region, London)
  • Stripe — payment processing
  • Resend — transactional email delivery

We do not transfer personal data outside the UK or EEA for storage purposes. Where processors are based outside the UK/EEA, we ensure adequate safeguards are in place (e.g. Standard Contractual Clauses).

6. Data Retention

We retain your account data for as long as your account exists. If you delete your account, your personal data is permanently deleted within 30 days. Uploaded handout files are deleted immediately upon account deletion.

Moderation logs are retained for up to 2 years for the purpose of identifying repeat violations and maintaining platform integrity.

Contact enquiry data is retained for up to 12 months after the enquiry is resolved.

7. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to processing or request restriction of processing
  • Data portability — export your data in a machine-readable format (available in the App under Settings → Export My Data)
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please use our contact form.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.

8. International Transfers

Your data is stored in the EU-West (London) region. We take steps to ensure that any international transfers of data comply with UK GDPR requirements.

9. Children

LoreBox is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child, please contact us immediately via our contact form.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes by email. The date at the top of this page reflects the most recent update.

11. Contact

For privacy-related enquiries, please use our contact formand select "Privacy & data" as the topic.

Printfinity & Beyond Ltd
Company No. 15225935
VAT No. GB453490291