Privacy Policy

Last updated: May 19, 2026

1. Information We Collect

We collect the following types of information:

  • Account Information: Email address, display name, and authentication credentials provided during registration.
  • Game Data: Your in-game actions, answers, strategic decisions, and game outcomes.
  • Usage Data: Browser type, device information, IP address, pages visited, and interaction patterns.
  • Cookies: See our Cookie Policy for details.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your game actions and generate AI-driven content
  • Communicate with you about your account and the Service
  • Analyze usage patterns to improve game mechanics and user experience
  • Prevent fraud, abuse, and violations of our Terms of Service

3. AI Processing

Your in-game content (such as world-building answers and strategic actions) is sent to third-party AI providers to generate game content. We do not intentionally send account identifiers, email addresses, or other directly identifying personal information to AI providers. Game inputs are passed through parameterized templates designed to limit the inclusion of sensitive personal data.

4. Analytics

We use Google Analytics to help us understand how visitors use the Service. Google Analytics may use cookies or similar technologies and may collect information including pages you visit, browser and device information, approximate location, session activity, referral source, and general usage patterns. This helps us improve reliability, performance, and the overall product experience.

We do not knowingly send personal information such as your email address, full name, password, account identifier, token balance, or purchase metadata directly into Google Analytics. User-generated narrative and game content, including world-building answers, freeform prompts, strategic actions, chat, faction details, and referee commentary, is also not intentionally sent to analytics providers. Analytics are used to understand product usage, not to read your gameplay content.

Analytics are off by default. We use Google Consent Mode v2 with analytics storage denied until you explicitly opt in via our cookie banner. You can accept or reject analytics cookies, or change your choice later, using the Cookie Preferences link in the footer. You can also opt out of Google Analytics across all sites by installing the Google Analytics Opt-Out Browser Add-On. See our Cookie Policy for more detail.

We do not currently use advertising pixels, remarketing, session replay, or cross-context behavioral advertising. If that ever changes, we will update this policy and revisit our consent model before doing so. The Service is designed to support user privacy choices where required by applicable law; we do not claim full compliance in all jurisdictions.

5. Data Sharing

We may share your information with:

  • Service Providers: Third-party services that help us operate the Service, including providers of hosting, authentication, analytics, AI processing, and, where applicable in the future, payment processing. These providers only access the information they need to perform their function for us. See our Subprocessors page for a current list.
  • Other Players: Your display name and in-game content are visible to other players in your games.
  • Legal Requirements: When required by law, regulation, or legal process.

We do not sell your personal information to third parties.

Showcasing game content.Generated game artifacts — such as worlds, faction names, campaign chronicles, referee narration, resolutions, generated images, and gameplay screenshots — may be retained for game history and community features, and may be featured in NextOath community and promotional materials. We focus showcases on these synthesized artifacts rather than raw private submissions, and we take reasonable steps to avoid intentionally including personal information (such as email addresses or real names) in showcased materials where practical. Your display name and in-game content remain visible to other players in your games. See the “User Content & Generated Content” section of our Terms of Service for the related license grant. To raise a concern about showcased content, contact us using the details in Section 12.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit, secure authentication, and access controls. However, no method of transmission over the internet is 100% secure.

7. Data Retention

We retain your account information for as long as your account is active. Game data is retained for the duration of the game and afterwards as part of your game history.

When you delete your account (see Section 8), data is handled as follows:

  • Removed: your profile (display name, notification preferences), pinned achievements, and any unused Credits in your wallet.
  • Anonymized:your participation in past games. Your name in those games is replaced with “Deleted Player” and the link to your identity is severed. The game records themselves are preserved so other players' history stays intact.
  • Retained: payment and tax records for the period required by applicable law (typically up to seven years), and moderation history (reports, bans, and admin actions) where applicable. The link to your identity in these records is anonymized; the records themselves are retained under our legal obligations and to defend against legal claims.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to erasure)
  • Object to or restrict processing of your data
  • Data portability
  • Lodge a complaint with a supervisory authority in your jurisdiction

Self-serve account deletion. You can delete your account at any time from your account settings. We apply a 30-day grace period during which you can sign back in and cancel the request. After the grace period, the data described in Section 7 is removed or anonymized.

Self-serve data download.You can download a JSON copy of the data you provided to NextOath from your account settings. The export includes your profile, communication preferences, credit history, the messages and card plays you submitted in your games, and feedback you sent. It does not include LLM-generated content (faction names, advisor councils, referee feedback), other players' data, or moderation records. Available once per day; for an Article 15 access request that includes data we cannot expose via self-serve, contact us at the email below.

For all other rights, or if you cannot access your account, contact us at nextoath@alternatethread.com. We will respond within one month as required by applicable law.

9. Your California Privacy Rights

This section provides additional disclosures required by California law, including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"). It applies to California residents.

Categories of Personal Information We Collect

In the last 12 months, we have collected the following categories of personal information as defined by California law:

  • Identifiers: email address, display name, account identifiers, IP address.
  • Internet or other similar network activity: pages visited, session activity, browser and device information, and interaction patterns.
  • Geolocation: approximate location inferred from IP address (via analytics).
  • Inferences: usage patterns used to improve game mechanics and the overall product experience.

We do not knowingly collect sensitive personal information as defined by California law (such as precise geolocation, government IDs, financial account credentials, biometric identifiers, racial or ethnic origin, religious beliefs, health data, or contents of private communications).

Sources of Personal Information

  • Directly from you (account registration, game actions, submissions)
  • Automatically from your device (cookies, analytics, server logs)
  • From our authentication provider (Google Firebase Authentication) when you sign in

Business and Commercial Purposes

We use the categories above to provide, maintain, secure, and improve the Service; to process game actions and generate AI-driven content; to communicate with you; to analyze usage; and to prevent fraud and abuse. See Sections 2 and 3 above for more detail.

Categories Disclosed to Third Parties

In the last 12 months, we have disclosed Identifiers, Internet activity, and approximate Geolocation to our service providers for the business purposes described above. See our Subprocessors page for the current list. We do not disclose personal information to third parties for their own marketing purposes.

Sale or Sharing of Personal Information

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. If our practices change, we will update this policy and provide an opt-out. See our Do Not Sell or Share My Personal Information notice.

Where legally required, we honor opt-out preference signals such as the Global Privacy Control (GPC) sent by your browser or browser extension.

Retention

  • Account information: retained for the life of your account, plus a reasonable period after closure for audit, fraud prevention, and legal obligations.
  • Game data: retained for the duration of the game and for game-history purposes while your account is active.
  • Analytics and usage data: retained per the retention settings of the analytics provider (for example, Google Analytics retains event data for up to 14 months by default).

Your California Rights

As a California resident, you have the right to:

  • Know what personal information we have collected about you
  • Request a copy of your personal information (right to access)
  • Request correction of inaccurate personal information
  • Request deletion of your personal information
  • Opt out of the sale or sharing of your personal information
  • Limit the use and disclosure of sensitive personal information (we do not collect sensitive personal information, so this right has limited effect for our Service)
  • Not receive discriminatory treatment for exercising any of these rights

How to Exercise Your Rights

To exercise your California rights, contact us at privacy@nextoath.aior through your account settings. You may also designate an authorized agent to make a request on your behalf; we may require reasonable verification of the agent's authority and your identity before responding. We will respond within the timeframes required by California law.

Shine the Light

California residents may request, once per year and free of charge, information about categories of personal information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year. We do not currently share personal information with third parties for their own direct marketing.

10. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date and, where appropriate, through in-app notifications.

12. Contact

NextOath is a studio project of Alternate Thread, which acts as the data controller for the Service. For privacy-related questions, contact us at nextoath@alternatethread.com.