We respect your absolute sovereignty over your persona data. This protocol explains what signals we collect, how they are modulated, and the control you maintain over your presence here.
Signal Acquisition (Data Collection)
Account Matrix
Username, email uplink, cryptographic password hash, and profile configurations.
Lore & Media
Personas, world chronicles, visual assets, and community interactions you initiate.
Technical Telemetry
Network address (IP), hardware signatures, and system logs used for security and diagnostics.
Transaction Metadata
Sequence IDs for membership upgrades. Actual financial data is isolated via third-party encryption nodes.
Modulation Strategy (Data Usage)
-
Operation: To sustain and display your lore within the CharHaven network.
-
Alerts: To dispatch critical status updates, security warnings, and billing sequences.
-
Fortification: To detect anomalies, neutralize threats, and prevent unauthorized data access.
-
Improvement: To troubleshoot bugs, analyze feature usage in aggregate, prioritize roadmap work, and measure the performance of platform systems.
Sovereign Controls (Your Rights)
You maintain full control over your digital signature. You may:
Orbital Safeguards (Security)
CharHaven uses administrative, technical, and organizational safeguards designed to reduce the risk of unauthorized access, disclosure, misuse, or loss of personal information. No internet service can be guaranteed perfectly secure, but we work to limit access, log important security events, and respond to credible threats. We do not sell your personal data to third parties for monetary consideration.
Age Requirements & Youth Privacy
- Users must be at least 18 years of age to register an account.
- Age verification is performed during registration. Accounts found to belong to users under 18 will be immediately terminated and all associated data permanently deleted.
- We do not serve targeted advertising to users under 18.
- If you are a parent or guardian and believe your child under 18 has created an account, please contact us immediately at admin@charhaven.com and we will delete the account and associated data.
Content Safety & Mature Content
CharHaven features user-generated content that may include mature themes. We implement the following safeguards:
- All mature content is hidden by default behind age-verification gates and content filters.
- Users must be 18+ and explicitly consent before they can view mature-tagged content.
- Consent records (including timestamp, IP address, and user agent) are stored for legal compliance.
- For the full content policy, refer to our Community Guidelines and Terms of Service.
Cookies & Tracking Technologies
CharHaven uses the following types of cookies and tracking technologies:
Session Cookies
Essential cookies for authentication, CSRF protection, and user session management. These are required for the platform to function.
Preference Cookies
Used to store your theme selection (light/dark mode), language preference, and mature content consent. Stored locally in your browser.
Analytics
We may use analytics tools for aggregate usage statistics such as page views, session patterns, and feature adoption. Browser privacy controls may limit some analytics behavior, but essential service and security logging may still occur.
Security Cookies
Age verification block cookie and reCAPTCHA tokens for bot prevention. These are essential for platform safety.
Third-Party Services & Data Sharing
We share data with the following categories of third-party service providers as necessary to operate the platform:
We do not sell, rent, or trade your personal data to advertisers, data brokers, or any third party for marketing purposes.
Data Retention
- Account data: Retained while your account is active and for up to 30 days after deletion.
- Server logs: Retained for 90 days for security analysis, then automatically purged.
- Encrypted backups: May persist for up to 90 days after account deletion for disaster recovery.
- Transaction records: Retained for 7 years as required by financial regulations.
- Moderation records: Reports and enforcement actions are retained indefinitely for platform safety.
Breach Notification
If we determine that a security incident has affected your personal information and notification is required by applicable law, we will notify affected users and regulators within the timeframe required by that law. The notice may describe the nature of the incident, the information involved, and recommended protective steps where available.
International Users & Data Transfer
CharHaven may store and process data in countries other than the one in which you live. When cross-border transfers occur, we use reasonable operational, contractual, or technical safeguards appropriate to the service and the nature of the data involved.
Access, Deletion & Verification Requests
If you submit a privacy request, we may ask you to verify ownership of the account or otherwise confirm your identity before disclosing, exporting, correcting, or deleting personal information. We may deny or limit a request where the law permits, including where we need to retain data for fraud prevention, moderation records, tax obligations, security logs, or unresolved disputes.
European Economic Area (EEA) / GDPR Rights
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of Access (Art. 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal exceptions (fraud prevention, moderation records, legal obligations).
- Right to Data Portability (Art. 20): Request your data in a structured, commonly used, machine-readable format (JSON export).
- Right to Restrict Processing (Art. 18): Request that we limit how we use your data under certain circumstances.
- Right to Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Legal Basis for Processing: We process your personal data on the following legal bases: (a) your consent (e.g., creating an account, cookie acceptance), (b) performance of a contract (e.g., providing the Service), (c) legitimate interests (e.g., security, fraud prevention, service improvement), and (d) legal obligations (e.g., financial record-keeping). To exercise any GDPR right, contact admin@charhaven.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request the categories and specific pieces of personal data we have collected about you.
- Right to Delete: Request deletion of your personal data, subject to legal exceptions.
- Right to Opt-Out: We do not sell personal information. No opt-out is necessary.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, contact us at admin@charhaven.com. We will verify your identity before processing requests.
Privacy queries or data requests: admin@charhaven.com