Privacy Policy

Last updated: January 5, 2026

1. Introduction

At Darkcoal, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our AI character and storytelling platform.

2. Information We Collect

Account Information

  • Email Address: Required for magic link authentication
  • Subscription Status: Tier (Free/BYOK/Monthly), Coal balance, billing via LemonSqueezy
  • Usage Metrics: Monthly usage counts for feature limits

Data We DO NOT Collect or Store

  • Your Content: Characters, stories, chat messages remain in your browser only
  • API Keys: Sent with requests but never stored on our servers
  • Generated Content: We do not read, analyze, or store AI-generated text/images
  • Personal Conversations: All chat data stays locally on your device

Technical Information

  • Request Logs: Minimal logging for debugging and rate limiting
  • Error Reports: Anonymous error information to improve service reliability
  • Analytics: Basic usage statistics (not linked to personal identity)

3. How We Use Your Information

We use the limited information we collect to:

  • Authenticate your account via magic links
  • Manage your subscription and billing through LemonSqueezy
  • Enforce usage limits for free tier users
  • Provide technical support when requested
  • Improve our service performance and reliability
  • Comply with legal obligations

4. Data Storage and Security

Local Storage (Your Device)

All your creative content—characters, stories, conversations, and settings—are stored locally in your browser using IndexedDB and localStorage. This means:

  • Your content never leaves your device unless you explicitly share it
  • We cannot access or read your characters or stories
  • You have complete control over your data
  • Clearing browser data will remove your local content

Server-Side Security

For the minimal data we do store:

  • Encrypted in transit using HTTPS/TLS
  • Stored in Supabase with row-level security policies
  • Regular security audits and updates
  • API keys are transmitted securely and never logged

5. Third-Party Services

AI Providers

When you use AI features, your prompts are sent to your chosen AI provider (Google, Together AI, DeepInfra) using your own API keys:

  • We act as a secure proxy for your requests
  • Your API keys are never stored by us
  • Content is subject to each provider's privacy policies
  • You maintain direct relationship with AI providers

Payment Processing

Subscription payments are processed by LemonSqueezy. We receive only subscription status updates, not payment details. Review LemonSqueezy's privacy policy for payment data handling.

Infrastructure

  • Supabase: Database and authentication services
  • Netlify: Frontend hosting and CDN
  • Both services comply with GDPR and industry security standards

6. Your Rights and Choices

Access and Control

  • Export Data: Download all your characters and stories anytime
  • Delete Data: Clear all local data with one click
  • Account Deletion: Request complete account deletion
  • Data Portability: Export in standard JSON format

Privacy Controls

  • Choose which AI provider to use
  • Manage your own API keys
  • Control local storage and browser data
  • Opt-out of analytics (browser settings)

7. Data Retention

  • Account Data: Retained while your account is active
  • Usage Metrics: Monthly data reset each billing cycle
  • Local Content: Persists until you clear browser data
  • Logs: Automatically deleted after 30 days
  • Deleted Accounts: All associated data permanently deleted within 30 days

8. International Data Transfers

Our services are hosted in secure data centers. Since your content stays local on your device, international transfers are minimal and limited to authentication and subscription management data, which is protected by appropriate safeguards.

9. Children's Privacy

Darkcoal is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes via email or through the service. We encourage you to review this policy regularly to stay informed about how we protect your privacy.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Email: privacy@darkcoal.online
Subject Line: Privacy Policy Inquiry
Response Time: Within 72 hours

Our Privacy Commitment

Your data stays yours. We built Darkcoal with privacy by design. Your creative content never leaves your device, your API keys are never stored on our servers, and we collect only the minimal data necessary to provide our service. We believe powerful AI tools shouldn't compromise your privacy.

Back to Darkcoal