Legal

Privacy Policy

Last updated: 25 April 2026

Who we are

RuleVault is a board game rules companion app developed and operated by Dennis Essenburg, based in the Netherlands. When this policy says "we", "us", or "RuleVault", it means Dennis Essenburg.

For privacy questions or requests, contact us at [email protected].

What data we collect and why

Account data

When you create an account we collect your email address and, if you sign in via Google, Facebook, or Discord, your name and profile picture from that provider. We use this to identify you across sessions and to send you transactional emails (password reset, etc.). We never use your email for marketing without your explicit opt-in.

Usage data

We store which games you look up, which guides you open, and how many AI rules questions you ask in a given month. We use this to enforce the free-tier limit (10 AI questions per month), to improve the app, and to understand which games our users care about most.

AI questions

When you ask a rules question, your question text is sent to our backend and used to search our rules database and generate an answer. We log the question and answer so we can improve answer quality over time. We do not share individual questions with third parties.

Device and technical data

We collect basic technical data such as your device type, operating system, and app version. We use this for crash reporting and compatibility improvements. We do not fingerprint your device.

Theme preference

Your dark/light mode preference is stored in your browser's localStorage under the key ludo-theme. This data never leaves your device.

How we process rulebook content

RuleVault generates structured game guides by processing official rulebooks. Here is exactly how that works and what it means for your data:

  • We never store or serve rulebook PDFs. Rulebooks are downloaded privately, processed on our systems to extract structured content (setup steps, turn guides, FAQ), and then the source PDF is discarded. Users cannot download rulebooks from RuleVault.
  • We generate transformed content, not copies. What we store in our database is a structured guide derived from the rulebook — not the raw rulebook text. Each piece of content includes a reference to the page and section it came from.
  • We always link back to the official source. Every game guide includes a link to where you can read the original rulebook directly from the publisher.
  • This is your data, not ours. The rules themselves belong to each game's publisher. We are an interpretation and navigation layer, not a redistribution platform.

If you are a game publisher and have concerns about how your game is presented in RuleVault, please contact us at [email protected] and we will respond promptly.

Who we share data with

We use a small number of third-party services to operate RuleVault:

  • Supabase — our database and authentication provider. Your account data and usage data are stored on Supabase infrastructure. Supabase is SOC 2 Type II certified. Supabase privacy policy →
  • Google / Meta / Discord — only if you choose to sign in via these providers. We receive only the data they pass to us during authentication.
  • Anthropic — when you ask an AI rules question, your question is processed by Anthropic's Claude API to generate an answer. Anthropic does not use API inputs to train their models. Anthropic privacy policy →

We do not sell your data. We do not share it for advertising purposes.

How long we keep your data

  • Account data — kept for as long as your account is active. Deleted within 30 days of account deletion.
  • AI question logs — kept for 12 months for quality improvement, then deleted.
  • Usage data — kept for 24 months, then aggregated and anonymised.

Your rights (GDPR)

As we operate from the Netherlands, EU General Data Protection Regulation (GDPR) applies. You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your account and associated data.
  • Portability — request your data in a machine-readable format.
  • Restriction — ask us to pause processing while a dispute is resolved.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are unsatisfied, you may lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens .

Cookies and local storage

We do not use tracking cookies. We use localStorage solely for your theme preference (ludo-theme) and your authentication session token. No third-party advertising cookies are set by RuleVault.

Children

RuleVault is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy as the product evolves. When we make material changes, we will update the date at the top of this page and, for significant changes, notify you by email.