Privacy Policy

Effective Date: March 3, 2026 Last Updated: March 3, 2026

1. Introduction

Retrospect is a platform where you can document, express, and share your gaming life. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website at retrospect.gg and the Retrospect application (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree with this policy, please do not use the Service.

2. Who We Are

The Service is operated by:

Retrospect LLC 2870 E Grand Blvd #1004 Suite 600 Detroit, MI 48202 United States

Contact: support@retrospect.gg

3. Information We Collect

3.1 Account Data

  • Email address

  • Display name

  • Password (stored as a one-way hash — we cannot view your password; applies to local authentication only)

3.2 User-Generated Content

  • Journal entries (document, form, and canvas types)

  • Notes (including folder organization)

  • Gallery images (uploaded to the Service)

3.3 Payment Data

  • Subscription status and billing dates

  • Marketing consent preferences

  • Payment processing is handled by Paddle. We do not store credit card numbers, bank account details, or other direct payment credentials.

3.4 Authentication Data

  • If you sign in through a third-party provider (via OpenID Connect), we store the provider name, your subject identifier, and the email address associated with your provider account.

3.5 Optional Integration Data

  • Steam profile URL and Steam ID (only if you choose to connect your Steam account)

  • Game library data imported from Steam (user-initiated)

3.6 Technical Data

  • IP address (collected via Sentry error reports)

  • Browser type, version, and device information (collected via Sentry)

  • Last login timestamp

3.7 Preference Data

  • Theme selection (stored locally in your browser via localStorage — not transmitted to our servers)

4. How We Collect Information

We collect information in the following ways:

  • Directly from you: When you create an account, update your profile, create journal entries or notes, upload images, configure integrations, or adjust settings.

  • Automatically: Through error monitoring (Sentry) and standard HTTP request logging.

  • From third parties: From OpenID Connect identity providers during authentication, and from Steam when you initiate a library sync.

5. How We Use Your Information

We use your information to:

  • Provide and maintain the Service — storing your journal entries, notes, images, and game library data

  • Process payments and manage subscriptions — via Paddle

  • Send transactional emails — such as email verification (via Resend)

  • Monitor and fix errors — via Sentry error tracking to ensure service reliability

  • Moderate content — display name moderation via OpenAI to maintain community standards

  • Sync game library data — from Steam (user-initiated); game metadata is fetched from IGDB, which receives no user data

  • Store user-uploaded images — via Cloudflare R2

6. Third-Party Service Providers

We share data with the following third-party service providers, solely to operate and improve the Service:

Service Data Received Purpose DigitalOcean All data (infrastructure hosting) Cloud hosting and managed database Paddle Email, customer ID, subscription status Payment processing Sentry IP address, error context, browser/device info Error monitoring Resend Email address Transactional email delivery OpenAI Display name text only Content moderation Cloudflare R2 User-uploaded images File storage IGDB / Twitch No user data (API credentials only) Game metadata lookup Steam Steam profile URL/ID (user-initiated) Game library sync OIDC Providers Authentication code exchange User authentication

We do not sell, rent, or trade your personal information to any third party. These providers process data on our behalf and are contractually obligated to protect it.

7. Cookies & Local Storage

We use only strictly essential cookies required for the Service to function. We do not use any marketing, analytics, or tracking cookies.

We use cookies for authentication and session management. These cookies are set with industry-standard security attributes to protect your data. Session cookies expire when you close your browser; authentication cookies expire within 72 hours.

We also use your browser's local storage to save your visual theme preference. This data remains in your browser and is not sent to our servers.

8. Data Retention

Data Type Retention Period Account data Retained while your account is active; deleted upon account deletion request User-generated content (journal entries, notes, images) Retained while your account is active; deleted upon account deletion request Payment and transaction records Retained for up to 7 years after the transaction for legal and tax compliance Error logs (Sentry) Retained per Sentry's retention policy (typically 90 days) Server logs Retained for up to 30 days Refresh tokens Auto-expire after 72 hours Email verification tokens Auto-expire after 1 hour

When you request account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., payment and tax records).

9. Your Rights

Regardless of where you are located, you have the right to:

  • Access your personal information

  • Correct inaccurate personal information

  • Delete your account and associated data (self-service account deletion is available; you may also email us)

  • Export your data (by contacting us at the email address below)

To exercise any of these rights, please contact us at support@retrospect.gg.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Password hashing: Passwords are stored using industry-standard, one-way hashing — we cannot view your password

  • Token security: Authentication and verification tokens are hashed before storage

  • Encryption at rest: Sensitive configuration data is encrypted at rest

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted via HTTPS/TLS

  • Secure cookies: Authentication cookies are configured with industry-standard security attributes

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Data Breach Notification

In the event that we become aware of a security breach that compromises your personal information, we will notify affected users and the relevant authorities in accordance with applicable state and federal law. Notification will be provided as promptly as reasonably possible and will include a description of the incident and any steps you can take to protect yourself.

12. Do Not Sell My Personal Information

We do not sell your personal information to any third party. We do not share your personal information for cross-context behavioral advertising.

13. Children's Privacy

The Service is restricted to users who are 13 years of age or older. We do not knowingly collect personal information from anyone under 13 years of age, in compliance with the Children's Online Privacy Protection Act (COPPA).

If we become aware that we have collected personal information from a person under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@retrospect.gg.

14. Email Communications

We may send you transactional emails (such as email verification and account-related notices) and promotional emails (such as product updates, feature announcements, and newsletters). You may opt out of promotional emails at any time by using the unsubscribe link included in every promotional email. Opting out of promotional emails will not affect transactional emails necessary for the operation of your account.

15. Automated Decision-Making

  • Content moderation: We use automated content analysis (via OpenAI) to moderate display names for compliance with our community standards. This is limited to display name text and does not affect your access to the Service.

  • We do not engage in profiling for advertising or behavioral targeting purposes.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (sent to the email address associated with your account).

Your continued use of the Service after receiving notice of changes constitutes acceptance of the updated policy. If you do not agree with the revised policy, you may delete your account.

The "Last Updated" date at the top of this policy will always reflect the most recent revision.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@retrospect.gg

Mailing Address: Retrospect LLC 2870 E Grand Blvd #1004 Suite 600 Detroit, MI 48202 United States

18. California Privacy Rights (CCPA/CPRA)

We do not currently meet the thresholds that make the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), applicable to the Service. The CCPA applies to for-profit businesses that have gross annual revenue exceeding $26.625 million, process personal information of 100,000 or more California residents, or derive 50% or more of annual revenue from selling or sharing personal information.

However, we respect the privacy of all our users, including California residents, and are committed to transparency in how we handle personal information. The rights described in Section 9 of this policy are available to all users regardless of location.

For the avoidance of doubt:

  • We do not sell personal information.

  • We do not share personal information for cross-context behavioral advertising.

  • We acknowledge Global Privacy Control (GPC) signals. Because we do not sell or share personal information, no additional action is required when we receive a GPC signal.