Jason Holt Digital
Privacy

Privacy Policy

Your privacy, protected

Minimal data collection, local-first storage, and clear controls. Last updated: August 27, 2025

Transparency first

I built the Mythic GME apps because I love solo RPGs and wanted better digital tools for the community. This policy lays out exactly what data I collect, why, and how you stay in control.

Jason Holt Digital LLC is the data controller for both Mythic GME Mobile and Mythic GME Digital. For any privacy questions reach me at privacy@jasonholtdigital.com.

What Apps This Covers

This privacy policy applies to:

  • Mythic GME Mobile — iOS, Android, macOS, and Web versions
  • Mythic GME Digital — Windows, macOS, and Linux desktop versions

What Data I Actually Collect

I collect minimal data, and only what's necessary to make the apps work better. Here's exactly what I collect by platform:

Mobile Platforms (iOS, Android, macOS, Web)

  • Analytics (opt‑in): PostHog and Firebase capture app usage such as screen views, feature interactions, and events like dice rolls, table searches, list actions, settings changes, and support actions.
  • Technical data: app_version, platform, locale, build_channel, and current_screen; a pseudonymous per‑install identifier (PostHog distinct_id).
  • Context hashes: hashed IDs for journal, scene, table, and list context (SHA‑256 with a per‑install salt). No raw journal, scene, or table content is sent.
  • Derived metrics only: e.g., content length buckets, expression complexity flags, counts. We do not send your actual notes or journal text.
  • Crashes & errors (opt‑in): Sentry captures crash/error reports and session replays (screen capture) to help debug issues. Text content is obfuscated/redacted, including static UI labels.
  • Country/region inference: Providers may infer rough location (e.g., country) from IP for product localization; precise GPS location is not collected.

Desktop Platforms (Windows, Linux)

  • Analytics (opt‑in): Similar pseudonymous usage analytics as mobile when enabled.
  • No advertising IDs: Desktop builds do not use mobile advertising identifiers.
  • Local‑first: Journals, scenes, and custom tables remain on your device unless you export/share them.

What I DON'T Collect

  • Personal information (name, email, phone number)
  • Precise location data (GPS coordinates, exact address)
  • Your game content or journal entries
  • Browsing history outside the app
  • Photos, videos, or personal files
  • Social media connections

Your Analytics Choice

When you first open the app, you'll see a consent dialog that explains analytics and lets you choose. Analytics is off by default until you opt in. Crash and error reporting is on by default to help diagnose issues and keep the app stable. Session Replay is treated separately as described below. You can:

  • Enable or disable analytics any time in Settings (controls PostHog and Firebase).
  • Disable crash/error reporting any time in Settings.
  • v1.5.3 and later: Enable or disable Session Replay any time in Settings. Replay sampling and upload follow your preference (off unless you turn it on).
  • Prior versions: On‑error Session Replay may be on by default; you can disable it in Settings.
  • Keep using all app features even if analytics are off and/or crash reporting is disabled.

I Don't Sell Your Data. Ever.

I don't sell your data. I won't sell your data. There's no business model here that involves selling data. The only scenario where your data might be "sold" is if I ever sold the entire business, and your data transferred with it as part of the app's functionality. But I'm not selling data to advertisers, data brokers, or anyone else.

How Your Data is Processed

Analytics & Diagnostics Providers

  • PostHog (product analytics): collects pseudonymous usage events and properties listed above. Session replay is not enabled in PostHog at this time. Data is encrypted in transit. Region: United States. Retention (Cloud, paid): events retained up to 7 years; session replay recordings retained for 3 months by default (1 month on free). Some replays may be retained for up to 1 year if pinned to a playlist, shared publicly, or added to a notebook. Sources: Privacy Policy, Data retention docs.
  • Firebase Analytics (Google/GA4): receives mirrored usage events during migration for continuity. No advertising features are used. Region: United States (Google Cloud). Retention (GA4 default for free): user- and event-level data retained for 2 months by default (projects can optionally extend some data to 14 months). Planned removal: GA4 mirroring will be removed after app version 1.5.4. Source: Google Analytics retention.
  • Sentry (crash/error reporting + session replay): captures error details and short session replays to diagnose issues; text on screen is obfuscated/redacted and not readable. No keystrokes are captured. Crash/error reporting is enabled by default and can be disabled in Settings. Session Replay: v1.5.3+ sampling follows your preference (off unless enabled). Earlier versions may have on‑error replays on by default; you can disable them in Settings. Region: United States. By default, Sentry SDKs mask all text and images in replays and do not record any sessions unless sampling is explicitly enabled. Retention: Sentry retains event data according to your subscription plan’s retention window and deletes regular backups after 90 days. Exact durations vary by plan and data type. Source: Sentry Security.
  • Data Retention: I configure provider-level retention to keep analytics and diagnostics data only as long as needed, then delete or aggregate it. See provider-specific retention above. You can request deletion at any time (see Your Privacy Rights).
  • International Transfers: Data is processed in the United States under appropriate safeguards (e.g., SCCs) where required.
  • Data sharing/sale: Data is not sold. Providers process data on my behalf to improve the app.

Provider privacy and retention information:

Local Storage

  • Game Data: All your journals, custom tables, and game content stay on your device
  • File Access: I only access files you explicitly import/export (JSON for journals, Markdown for exports)
  • iCloud Sync: If enabled, your game data syncs through Apple's secure iCloud service
  • No Server Storage: Your game content never gets uploaded to my servers

Legal Basis (GDPR)

For users in the EU, my legal basis for processing is:

  • Consent (Art. 6(1)(a)): Analytics runs only if you opt in; you can withdraw consent any time in Settings.
  • Legitimate interests (Art. 6(1)(f)): Crash/error reporting (including on‑error session replay) to maintain security and stability; and responding to support emails you send. You can disable crash/error reporting in Settings.

Do Not Sell or Share My Personal Information

I do not sell or share your personal information as defined by the CCPA/CPRA. If you still wish to submit a request regarding “Do Not Sell or Share,” email privacy@jasonholtdigital.com. I will confirm that no sale or sharing occurs and honor any applicable rights.

Your Privacy Rights

No matter where you live, you have important rights regarding your data:

Universal Rights

  • Know: What data I collect and why (it's all in this policy)
  • Access: Request a copy of any data I have about you
  • Correct: Fix any incorrect information
  • Delete: Request deletion of your data
  • Control: Turn analytics on/off anytime in app settings
  • Export: Get your game data in portable formats

Regional Privacy Laws

If you live in certain regions, you have additional rights:

European Union (GDPR)

  • Withdraw consent for analytics processing
  • Object to data processing based on legitimate interests
  • Request restriction of processing
  • File complaints with your local data protection authority

California (CCPA/CPRA)

  • Detailed disclosure of data collection practices
  • Right to opt-out of data "sales" (though I don't sell data)
  • Non-discrimination for exercising privacy rights
  • Right to limit use of sensitive personal information

Virginia, Colorado, Connecticut (State Privacy Laws)

  • Confirm what personal data I process
  • Access, correct, delete, or port your data
  • Opt-out of targeted advertising (not applicable since I don't do this)

Brazil (LGPD)

  • Confirmation of data processing activities
  • Access, correction, and deletion of personal data
  • Data portability between services
  • Information about data sharing (which I don't do)

How to Exercise Your Rights

Email me at privacy@jasonholtdigital.com with your request. I'll respond within:

  • GDPR: 30 days
  • CCPA: 45 days
  • Other laws: 30–45 days
  • General requests: 2 business days for acknowledgment

For your local game data: You already have full control. Export your journals before uninstalling if you want to keep them.

Privacy Controls

In‑App Controls

  • Settings → Analytics: Toggle analytics (PostHog/Firebase) on/off
  • Settings → Diagnostics:
    • Crash & Error Reporting: On/Off (on by default)
    • Session Replay (v1.5.3+): On/Off (off by default)
  • First‑Run Dialog: Choose your analytics preference when you first open the app
  • Export Data: Export your game journals as JSON or Markdown files
  • Delete Data: Clear all app data or uninstall to remove everything

Device‑Level Controls

iOS/iPadOS

  • App Analytics: Settings → Privacy → Analytics & Improvements → Share App Analytics
  • App Permissions: Settings → Privacy → Files and Folders → Mythic GME
  • App Tracking: Settings → Privacy → Tracking (though I don't track across apps)

Android

  • App Permissions: Settings → Apps → Mythic GME Mobile → Permissions
  • Usage Data: Settings → Google → Usage & Diagnostics
  • Advertising: Settings → Google → Ads (though I don't use ads)

Desktop (Windows/macOS/Linux)

  • Limited Analytics: Most device‑level controls don't apply
  • File Access: Desktop versions only access files you explicitly open/save
  • System Privacy: Standard OS privacy controls apply

Platform Differences

Why Desktop Has Limited Analytics

  • Windows/Linux: Firebase and PostHog have limited functionality on these platforms
  • macOS Desktop: Some analytics work, but less comprehensive than mobile
  • Technical Limitations: Desktop platforms don't support many mobile analytics features
  • Privacy by Design: Less data collection means better privacy

Children's Privacy

Mythic GME is designed for tabletop RPG players, who are typically adults. The apps are not intended for children under 13. Users must be at least 16 to consent to analytics processing in the EU, or have parent/guardian consent where applicable.

If you believe a child has used the app and analytics were enabled, please email privacy@jasonholtdigital.com immediately.

Changes to This Policy

When I update this privacy policy:

  • The "Last Updated" date will change
  • Major changes will be announced in the app
  • You'll see the consent dialog again if analytics practices change significantly
  • Continued use after changes means you accept the updated policy

Future Features

If I ever add cloud save functionality or other features that change data handling:

  • This policy will be updated first
  • You'll be notified of changes
  • New features will have their own privacy controls
  • Existing privacy settings won't change without your consent

Contact Me

For any privacy questions, concerns, or requests:

  • Email: privacy@jasonholtdigital.com (fastest response)
  • Mail: Jason Holt Digital LLC, 1111b S Governors Avenue STE 21904, Dover, DE 19904 US
  • Response Time: Within 2 business days for acknowledgment

I personally read and respond to every privacy-related email. If you have concerns, questions, or suggestions about how I handle privacy, please reach out.

App Store Compliance

Google Play Data Safety

This privacy policy supports Google Play Data Safety requirements by disclosing:

  • Data collected: App activity (feature interactions, screen views), App info & performance (diagnostics where applicable), and Device or other IDs (pseudonymous per‑install ID). No personal or precise location data is collected.
  • Purposes: Product analytics and app functionality; no advertising.
  • Data sharing: Only with analytics providers (Firebase, PostHog) for processing on my behalf. Data is not sold.
  • Security practices: Data encrypted in transit; minimal collection.
  • User controls: Analytics is optional and controlled by an in‑app toggle.

Apple Privacy Nutrition Labels

For App Store compliance, this policy supports Apple's Privacy Nutrition Label requirements:

  • Data not linked to you: Usage Data (App Interactions, Screen Views) and Diagnostics (including crash reports and session replays with text redaction) where applicable.
  • Tracking across apps/websites: Not used.
  • Third‑party partners: Firebase (Google) and PostHog process analytics data as described.
  • User control: Analytics is opt‑in and can be turned off any time in Settings.