Seal of Confidence
How the Howl of Eternity chroniclers handle your traces and data.
Howl of Eternity is an original Czech fantasy RPG system and a play aid for that system: a tabletop role-playing game inspired by the tradition of classic tabletop RPGs. It is an unofficial project and is not affiliated with, approved by, or endorsed by Wizards of the Coast or the Dungeons & Dragons brand. We work with as little data as possible. We do not sell it, pass it on, or track you across other domains. This scroll explains what we actually know about you, and more importantly, what we do not want to know.
📜 What we store
- IP address in an in-memory rate limiter. It is used only to protect the service from abuse, such as game creation spam or socket flooding. The IP address lives only in the memory of the running process for at most 60 seconds (the sliding rate-limit window), and is forgotten when the server restarts. If you have an active game session at that moment, its persistent snapshot stores only a salted SHA-256 hash of the IP (16 hex characters, not reversible without the server key), not the IP address itself. The hash is only a safety measure against abuse when restoring sessions after deployment. Legal basis: the operator's legitimate interest in service security (Article 6(1)(f) GDPR).
-
Game state in server memory while a session is active:
nickname, character data, chat, action log, and dice results. None of
this is stored in the main database. To let games survive a planned
server restart (deployment of a new version), we save a
complete snapshot of active sessions roughly once per
minute to an encrypted disk volume in the EU (Fly.io, Frankfurt) as a
HOWL-XXXX.jsonfile. The snapshot contains everything needed to restore the game (members, characters, combat, chat, log) except readable IP addresses. The file is automatically deleted 24 hours after the last write, or earlier when the session ends. -
Data in your browser (
localStorage/sessionStorage): a character created in Character Creation, a reconnect token for returning to a running game (it expires automatically after 24 hours even if it remains in the browser), and the code of the last session. This data stays with you, is not sent anywhere by itself, and can be deleted at any time in your browser settings. - Anonymous character creation statistics. When you export a character from Character Creation, the internal SQLite database stores: race, subrace, class, whether the character uses magic, chosen deity, stat distribution (Strength, Dexterity, and so on), selected skills, and counts of abilities and spells. No player identifier, no IP address, no character name: only aggregate numbers for the public Statistics page. The timestamp is stored only at day precision for the last-30-days activity chart.
- Anonymous combat statistics. When combat starts and ends in a multiplayer party, we record: number of players, number of enemies, number of rounds, combat duration, and result (victory / defeat / neutral). No player name, character name, chat content, or action details are stored. This feeds the aggregate chronicle on the Statistics page.
- Page traffic (Umami). We use Umami (processor: Umami Software, Inc.) for anonymous traffic measurement. It collects visited URL, referrer, approximate country derived from IP, browser type, operating system, and screen resolution. No cookies, no visitor identifier, no cross-site profiling: the IP address is discarded immediately after geolocation and is not stored. The data is held by the processor and used only for aggregate traffic statistics. Legal basis: the operator's legitimate interest in measuring the usefulness of content (Article 6(1)(f) GDPR). Details: Umami privacy policy.
🚫 What we do NOT store
- No third-party cookies.
- No invasive tracking: no Google Analytics, no Meta Pixel, no visitor profiling across websites.
- No e-mails, no passwords, no registrations.
- No payment data: the website is free.
- No data that identifies you outside your own session.
🛡️ Data subject rights (GDPR)
As a data subject, you have the right of access, rectification, erasure, restriction of processing, and the right to object to processing.
Because you use the website anonymously and the only personal data is
your IP address (in memory for at most 60 seconds, on disk only as a
non-reversible hash), most of these rights are effectively handled by
stopping use of the service: the data disappears on its own within
24 hours. If you want a specific game snapshot deleted before TTL expires
(for example, by sending the HOWL-XXXX code), want deletion
from anonymous statistics, or have another privacy question, contact us
at the address below.
✉ Contact
🏰 Operator
The operator is a natural person (fan project). The website is hosted by Fly.io in the Frankfurt region (Germany, EU).
🕯 Changes
If this policy changes, the updated version will be published here. Last updated: 2026-05-24 (session persistence, IP hashing, reconnect token TTL).
— seal of the chroniclers' guild —