Skip to main content
SessionWeaver logoSessionWeaver
Sign in to your accountGet Started

Privacy Policy

Last Updated: February 9, 2026

This Privacy Policy describes how SessionWeaver LLC (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use SessionWeaver (“the Service”). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Display name or username
  • Authentication credentials (managed by our authentication provider)
  • Subscription tier and billing status

1.2 Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not directly collect, store, or process your credit card number, bank account details, or other payment instrument data. Stripe’s handling of your payment information is governed by Stripe’s Privacy Policy. We receive from Stripe only the information necessary to manage your subscription, such as subscription status, billing cycle dates, and transaction confirmation.

1.3 Campaign and Content Data

When you use the Service, we collect and store content you create or input, including:

  • Campaign settings, descriptions, and configuration
  • Session recaps and session plans
  • Non-player character (NPC) profiles, locations, factions, items, and other campaign entities
  • Relationships and connections between entities
  • Custom guidance and instructions you provide for content generation
  • Exported documents and files

1.4 Generated Content

We store AI-generated content created through the Service, including session plans, NPC stat blocks, and other generated material, as part of your campaign data.

1.5 Usage Data

We automatically collect certain information when you use the Service, including:

  • Pages visited and features used
  • Session generation frequency and section regeneration patterns
  • Device type, browser type, and operating system
  • IP address
  • Date and time of access
  • Referring URLs

1.6 Cookies and Similar Technologies

We use essential cookies to maintain your authentication session and preferences (such as theme settings). We do not use third-party advertising cookies or tracking pixels. We may use analytics tools to understand aggregate usage patterns.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process your inputs, generate session plans and content, maintain campaign memory and entity tracking across sessions, and deliver exported files.
  • Process AI requests: Send your campaign context, session recaps, and generation instructions to third-party AI model providers to generate content (see Section 4).
  • Manage your account: Authenticate your identity, manage your subscription, and communicate with you about your account.
  • Process payments: Coordinate with Stripe to manage billing and subscriptions.
  • Improve the Service: Analyze aggregate usage patterns to improve features, performance, and reliability. We do not use your campaign content to train AI models.
  • Provide support: Respond to your inquiries and troubleshoot issues.
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
  • Comply with legal obligations: Respond to legal requests and prevent harm as required by law.

3. How We Store Your Information

3.1 Data Storage

Your account and campaign data is stored in a PostgreSQL database hosted by Neon (Neon, Inc.) on infrastructure within the United States. The application is hosted on Vercel (Vercel, Inc.) using serverless infrastructure within the United States.

3.2 Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • We will provide a 30-day window for you to export your campaign data.
  • After 30 days, your campaign data, entity libraries, and generated content will be permanently deleted from our production databases.
  • Residual copies may persist in encrypted backups for up to 90 days, after which they are purged.
  • Aggregate, anonymized usage statistics (which cannot be linked back to you) may be retained indefinitely.

3.3 Data Security

We implement reasonable technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest (managed by our database and hosting providers)
  • Access controls limiting data access to essential service operations
  • Regular security updates and dependency monitoring

While we take data security seriously, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

4. AI Processing and Third-Party AI Providers

4.1 How Your Data Is Used in AI Generation

To generate session plans and content, portions of your campaign data are sent to third-party AI model providers as part of API requests. This may include:

  • Campaign setting and tone descriptions
  • Party roster information
  • Session recaps you provide
  • Relevant entity data (NPCs, locations, factions, plot threads) from your campaign library
  • Custom guidance or instructions you provide for generation or regeneration

4.2 AI Model Providers

We currently use the following AI model providers:

Both providers process data sent via their APIs under their respective commercial API terms, which provide that:

  • API inputs and outputs are not used to train their models. Both Anthropic and OpenAI’s commercial API terms state that data submitted through the API is not used for model training purposes.
  • Data may be temporarily retained by providers for abuse monitoring and safety purposes, typically for no more than 30 days, in accordance with their policies.

We select AI providers whose commercial API terms commit to not training on customer data. If our providers change, we will update this policy accordingly.

4.3 Entity Extraction

We use AI models to extract and categorize entities (NPCs, locations, factions, items, plot threads) from your session recaps and generated content. This extraction is performed through the same API-based processing described above, and the extracted entities are stored as part of your campaign data.

5. Third-Party Services

In addition to the AI providers described in Section 4, the Service relies on the following third-party services:

ServicePurposeData Shared
StripePayment processingEmail, subscription tier, payment method (handled by Stripe directly)
VercelApplication hostingIP address, request metadata, application data in transit
NeonDatabase hostingAll stored campaign and account data (encrypted)

Each third-party service is governed by its own privacy policy and terms of service. We select providers that maintain reasonable security practices and data protection standards.

6. Your Rights and Choices

6.1 Access and Export

You may access your campaign data at any time through the Service. You may export your session plans and campaign content in multiple formats (Markdown, PDF, HTML) using the Service’s built-in export features.

6.2 Correction

You may update your account information and edit your campaign content at any time through the Service.

6.3 Deletion

You may request deletion of your account and all associated data by contacting us at support@sessionweaver.io. Upon receiving a verified deletion request, we will follow the retention and deletion process described in Section 3.2.

6.4 Data Portability

We support data portability through our multi-format export system. You may export your session plans, NPC profiles, and other generated content at any time.

6.5 Opt-Out of Non-Essential Communications

If we send promotional or product update emails, you may opt out at any time using the unsubscribe link in such emails. You cannot opt out of essential transactional communications (such as billing confirmations and security alerts).

7. State-Specific Privacy Rights

7.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at support@sessionweaver.io.

7.2 Colorado Residents (CPA)

If you are a Colorado resident, you may have additional rights under the Colorado Privacy Act, including rights to access, correct, delete, and obtain a portable copy of your personal data. To exercise these rights, contact us at support@sessionweaver.io.

7.3 Other US State Privacy Laws

We comply with applicable state privacy laws. If you are a resident of a state with specific privacy legislation (such as Virginia, Connecticut, Utah, Texas, Oregon, or others), you may exercise your applicable rights by contacting us at support@sessionweaver.io.

8. Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to promptly delete such information. If you believe a child under 13 has provided us with personal information, please contact us at support@sessionweaver.io.

9. International Users

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. If you are located in the European Economic Area (EEA), United Kingdom, or other region with data protection laws that may differ from US law, please be aware that US data protection laws may not offer the same level of protection as those in your jurisdiction.

10. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email and, where required by law, notify applicable regulatory authorities within the timeframes required by applicable law.

11. Do Not Track

The Service does not currently respond to “Do Not Track” browser signals, as there is no industry-standard interpretation of such signals. We do not engage in cross-site tracking.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through an in-app notification at least 14 days before the changes take effect. The “Last Updated” date at the top of this policy indicates when it was most recently revised. Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

SessionWeaver LLC
Email: support@sessionweaver.io

This Privacy Policy was last updated on March 1, 2026.