Isometra

Privacy Policy

Last updated: 2026-06-16

This Privacy Policy explains how Isometra ("we", "us", "the service") collects, uses, and protects your data when you use the platform. By using Isometra you agree to the practices described below.

1. Who we are

Isometra is a 5E-compatible virtual tabletop for in-person and online tabletop roleplaying. The service is operated by an individual developer; the operator is the data controller for the purposes of GDPR/UK GDPR. See the Contact section at the bottom for how to reach us.

2. What we collect

We collect only what's needed to run the service.

Account data

Game content you create

Chat content (AI features)

Billing and subscription data (if you subscribe or buy AI credits)

Diagnostic and operational data

Cookies and similar

We do not intentionally collect: precise geolocation, device fingerprints beyond what your browser auto-sends, full payment card numbers (card data is entered and processed entirely by Stripe — see below), or social-graph data from other platforms.

Audio feature

The in-app audio library plays entirely client-side in your browser (and out to whatever speaker your device is connected to). Playing a clip does not collect any new personal data — we don't record what you played, when, or for how long. As with every other feature, opening the audio panel may be counted by our existing anonymous feature-usage analytics (the feature_events metadata described in the "Diagnostic and operational data" bullet above): the feature name only, never audio content, listening behavior, or any personal identifier.

3. How we use your data

We do not sell your data, share it with advertisers, or use it for advertising profiling.

4. Who processes your data on our behalf

Isometra uses third-party sub-processors for infrastructure. Each sub-processor receives only what they need to perform their function.

Sub-processorPurposeData sharedRegion
Supabase (Postgres + Auth)Database, authenticationAll persisted user dataUS
VercelApplication hosting, analytics, AI GatewayApp requests, analytics events, AI promptsUS (primarily)
StripePayment processing + subscription billingYour email, subscription/payment status, billing history (card data is entered directly on Stripe's checkout and is never stored by us)US
AnthropicAI model inference (via Vercel AI Gateway)Chat messages and structured context for the AI personasUS
Google Generative AI (Gemini)Image generation (via Vercel AI Gateway)Image generation prompts you submitUS
SentryError reporting (when enabled)Error stack traces, request URL, user IDUS/EU
Open5eD&D 5.1 SRD content lookupPublic SRD slug queries onlyUS

5. AI processing disclosure

When you chat with an Isometra AI persona (Loremaster or Lyra) or use AI helpers like NPC suggestions, character portraits, or session summaries:

6. Data retention

7. Your rights

Depending on where you live, you have rights under GDPR, UK GDPR, CCPA/CPRA, or other privacy laws. We honor these rights regardless of jurisdiction:

To exercise any of these rights, see Contact.

8. Security

We use industry-standard practices: TLS in transit, Supabase Row-Level Security to scope every database query to the calling user, environment-level secret management, and sub-processors with their own security posture. No system is perfectly secure; if we discover a breach affecting your data, we will notify you in line with applicable law.

9. Children

Isometra is intended for users 13 and older. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us — we will delete it.

10. Changes to this policy

When we change this policy materially, we will update the "Last updated" date and surface a notice in the app. Continued use after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy questions, requests, or to exercise the rights above:

We aim to respond within 30 days for substantive requests.


See also: Terms of ServiceLicensing & Attribution.