Privacy Policy

How mychar.gg collects, uses, and protects your personal information

Effective Date: February 8, 2026

Last Updated: February 8, 2026

This Privacy Policy explains how mychar.gg ("mychar", "we", "us", or "our") collects, uses, discloses, and protects your personal information when you use the mychar.gg website, platform, and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account Information When you create an account, we collect:

  • Email address
  • Password (stored securely in hashed form)
  • Username
  • Display name (optional)

Profile Information When you set up your character profile, you may provide:

  • Biography
  • Avatar image
  • Location
  • Gaming platform usernames (e.g., Steam, Xbox, PlayStation, Discord, Twitch)
  • Social media links
  • Gaming clips and media
  • Game library information
  • Any other content you choose to add to your profile

Payment Information If you subscribe to a paid tier, our payment processor Stripe collects:

  • Payment card details
  • Billing address
  • Transaction history

We do not store your full payment card information on our servers. Payment data is handled directly by Stripe in accordance with Stripe's Privacy Policy.

Communications When you contact us via email, we collect:

  • Your email address
  • The content of your message
  • Any attachments you send

1.2 Information Collected Automatically

Usage Data When you use the Service, we automatically collect:

  • Pages visited and features used
  • Profile view counts and analytics
  • Browser type and version
  • Device type and operating system
  • IP address
  • Referring URLs
  • Date and time of access

Cookies and Similar Technologies We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences (such as color mode)
  • Collect analytics data
  • Ensure the Service functions properly

See Section 6 for more details about our cookie practices.

1.3 Information from Third-Party Services

OAuth Authentication When you sign in using a third-party provider (such as Discord or Google), we receive certain information from that provider, which may include:

  • Your account ID on that platform
  • Email address
  • Display name
  • Avatar/profile picture
  • Any other information you have authorized the provider to share

The information we receive depends on your settings with the third-party provider and their privacy policies.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service — Create and maintain your account, display your profile, and deliver the features you use
  • Process payments — Handle subscription billing and payment-related communications
  • Send communications — Email confirmations, password resets, account notifications, and (with your consent) promotional messages
  • Improve the Service — Analyze usage patterns, diagnose technical issues, and develop new features
  • Ensure security — Detect and prevent fraud, abuse, and unauthorized access
  • Provide analytics — Show you profile view statistics and engagement data
  • Enforce our Terms — Investigate and address violations of our Terms of Service and Acceptable Use Policy
  • Comply with legal obligations — Respond to legal requests and prevent harm

3. How We Share Your Information

3.1 Public Information

Your character profile (including username, display name, bio, avatar, gaming links, and any content you add to your profile) is publicly visible by design. Anyone with your profile URL can view this information.

3.2 Service Providers

We share information with third-party service providers who help us operate the Service:

ProviderPurposeData Shared
SupabaseAuthentication, database hostingAccount data, profile data
StripePayment processingPayment and billing information
ResendTransactional email deliveryEmail address, email content
Hosting providerServer infrastructureAll data processed by the Service

These providers are contractually obligated to use your data only to provide services to us and in accordance with applicable data protection laws.

3.3 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to:

  • Comply with a legal obligation, court order, or legal process
  • Protect and defend our rights or property
  • Prevent fraud or address security issues
  • Protect the safety of users or the public

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

3.6 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and profile data — Retained until you delete your account
  • Payment records — Retained as required for accounting and legal compliance (typically 7 years)
  • Usage analytics — Retained in aggregated, anonymized form indefinitely
  • Support communications — Retained for up to 2 years after the last interaction
  • Server logs — Retained for up to 90 days

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

5.1 All Users

  • Access your data — View your profile information and account settings at any time
  • Update your data — Edit your profile, settings, and account information through the dashboard
  • Delete your account — Permanently delete your account and associated data through account settings
  • Opt out of marketing — Unsubscribe from promotional emails at any time using the link in the email

5.2 European Economic Area (EEA) Residents

Under the General Data Protection Regulation (GDPR), you additionally have the right to:

  • Data portability — Request a copy of your data in a structured, machine-readable format
  • Restriction of processing — Request that we limit how we use your data
  • Object to processing — Object to our processing of your data in certain circumstances
  • Withdraw consent — Where processing is based on consent, withdraw it at any time
  • Lodge a complaint — File a complaint with your local data protection authority

5.3 California Residents

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@mychar.gg. We will respond to your request within 30 days.

6. Cookies

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and improve your experience.

6.2 Cookies We Use

TypePurposeDuration
EssentialAuthentication, session management, securitySession / persistent
FunctionalTheme preference (dark/light mode), languagePersistent (1 year)
AnalyticsUnderstanding usage patterns, improving the ServicePersistent (up to 2 years)

6.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Row-level security policies on our database
  • Regular security reviews
  • Access controls limiting employee access to personal data

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

8. International Data Transfers

Your information may be processed and stored in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country. When we transfer data internationally, we implement appropriate safeguards in accordance with applicable data protection laws.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@mychar.gg, and we will delete that information promptly.

10. Third-Party Links

Your profile may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you by email or through a notice on the Service

Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

For EEA residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.