Data Sovereignty

Transparency on how your digital essence is handled within the Haven.

Last CalibrationJuly 4, 2026

We respect your absolute sovereignty over your persona data. This protocol explains what signals we collect, how they are modulated, and the control you maintain over your presence here.

Signal Acquisition (Data Collection)

Account Matrix

Username, email uplink, cryptographic password hash, and profile configurations.

Lore & Media

Personas, world chronicles, visual assets, and community interactions you initiate.

Technical Telemetry

Network address (IP), hardware signatures, and system logs used for security and diagnostics.

Transaction Metadata

Sequence IDs for membership upgrades. Actual financial data is isolated via third-party encryption nodes.

Modulation Strategy (Data Usage)

  • Operation: To sustain and display your lore within the CharHaven network.
  • Alerts: To dispatch critical status updates, security warnings, and billing sequences.
  • Fortification: To detect anomalies, neutralize threats, and prevent unauthorized data access.
  • Improvement: To troubleshoot bugs, analyze feature usage in aggregate, prioritize roadmap work, and measure the performance of platform systems.

Sovereign Controls (Your Rights)

You maintain full control over your digital signature. You may:

Rectification: Update your profile and records at any time via the Matrix settings.
Extraction: Request a full archive of your synchronized data via admin@charhaven.com.
Erasure: Terminate your account to remove your lore from active indexing (some data may persist in encrypted backups for legal audit trails).

Orbital Safeguards (Security)

CharHaven uses administrative, technical, and organizational safeguards designed to reduce the risk of unauthorized access, disclosure, misuse, or loss of personal information. No internet service can be guaranteed perfectly secure, but we work to limit access, log important security events, and respond to credible threats. We do not sell your personal data to third parties for monetary consideration.

Age Requirements & Youth Privacy

CharHaven is restricted to adults and does not knowingly collect personal information from anyone under 18.
  • Users must be at least 18 years of age to register an account.
  • Age verification is performed during registration. Accounts found to belong to users under 18 will be immediately terminated and all associated data permanently deleted.
  • We do not serve targeted advertising to users under 18.
  • If you are a parent or guardian and believe your child under 18 has created an account, please contact us immediately at admin@charhaven.com and we will delete the account and associated data.

Content Safety & Mature Content

CharHaven features user-generated content that may include mature themes. We implement the following safeguards:

  • All mature content is hidden by default behind age-verification gates and content filters.
  • Users must be 18+ and explicitly consent before they can view mature-tagged content.
  • Consent records (including timestamp, IP address, and user agent) are stored for legal compliance.
  • For the full content policy, refer to our Community Guidelines and Terms of Service.

Cookies & Tracking Technologies

CharHaven uses the following types of cookies and tracking technologies:

Session Cookies

Essential cookies for authentication, CSRF protection, and user session management. These are required for the platform to function.

Preference Cookies

Used to store your theme selection (light/dark mode), language preference, and mature content consent. Stored locally in your browser.

Analytics

We may use analytics tools for aggregate usage statistics such as page views, session patterns, and feature adoption. Browser privacy controls may limit some analytics behavior, but essential service and security logging may still occur.

Security Cookies

Age verification block cookie and reCAPTCHA tokens for bot prevention. These are essential for platform safety.

Third-Party Services & Data Sharing

We share data with the following categories of third-party service providers as necessary to operate the platform:

Payment Processors: Ko-fi, PayPal, Stripe, and related processors we use for memberships, supporter flows, or Haven Coin purchases. We do not store full payment-card details on CharHaven servers.
Authentication Providers: Google & Discord — for OAuth sign-in. Only your profile ID, email, and avatar URL are received.
Real-Time Messaging: Pusher — for live chat and notifications. Only anonymized session data and message payloads are processed.
Bot Protection: Google reCAPTCHA — for preventing automated abuse. Subject to Google's privacy policy.
Media Services: Tenor — for GIF search. Search queries are sent to Tenor's API; no personal data is shared.

We do not sell, rent, or trade your personal data to advertisers, data brokers, or any third party for marketing purposes.

Data Retention

  • Account data: Retained while your account is active and for up to 30 days after deletion.
  • Server logs: Retained for 90 days for security analysis, then automatically purged.
  • Encrypted backups: May persist for up to 90 days after account deletion for disaster recovery.
  • Transaction records: Retained for 7 years as required by financial regulations.
  • Moderation records: Reports and enforcement actions are retained indefinitely for platform safety.

Breach Notification

If we determine that a security incident has affected your personal information and notification is required by applicable law, we will notify affected users and regulators within the timeframe required by that law. The notice may describe the nature of the incident, the information involved, and recommended protective steps where available.

International Users & Data Transfer

CharHaven may store and process data in countries other than the one in which you live. When cross-border transfers occur, we use reasonable operational, contractual, or technical safeguards appropriate to the service and the nature of the data involved.

Access, Deletion & Verification Requests

If you submit a privacy request, we may ask you to verify ownership of the account or otherwise confirm your identity before disclosing, exporting, correcting, or deleting personal information. We may deny or limit a request where the law permits, including where we need to retain data for fraud prevention, moderation records, tax obligations, security logs, or unresolved disputes.

European Economic Area (EEA) / GDPR Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal exceptions (fraud prevention, moderation records, legal obligations).
  • Right to Data Portability (Art. 20): Request your data in a structured, commonly used, machine-readable format (JSON export).
  • Right to Restrict Processing (Art. 18): Request that we limit how we use your data under certain circumstances.
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal Basis for Processing: We process your personal data on the following legal bases: (a) your consent (e.g., creating an account, cookie acceptance), (b) performance of a contract (e.g., providing the Service), (c) legitimate interests (e.g., security, fraud prevention, service improvement), and (d) legal obligations (e.g., financial record-keeping). To exercise any GDPR right, contact admin@charhaven.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request the categories and specific pieces of personal data we have collected about you.
  • Right to Delete: Request deletion of your personal data, subject to legal exceptions.
  • Right to Opt-Out: We do not sell personal information. No opt-out is necessary.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at admin@charhaven.com. We will verify your identity before processing requests.

Privacy queries or data requests: admin@charhaven.com