TABLETOP FORGEPrivacy Policy
Short version: this website doesn't collect anything, and the application you download runs entirely on your own machine. There are no analytics, no cookies, no trackers, no accounts, and nothing transmitted back to us once the download is complete.
1. The website (forge.giantmushroom.studio)
The marketing site is a static page served over HTTPS via Cloudflare. It loads no analytics scripts, sets no cookies, and stores nothing in your browser's local storage. Cloudflare's edge keeps minimal request logs for abuse prevention as part of their standard service — those logs are governed by Cloudflare's privacy policy and we don't query or export them.
2. The application (the release zip + Android APK)
TableTop Forge is self-hosted. Once you've downloaded it and run the Docker stack on your own machine, the app talks only to:
- Its own Postgres database, running in the same Docker network on your machine, holding your sessions, characters, maps, and plugin data. Never leaves your network.
- Player web browsers connecting to the server you stand up — typically over your LAN, optionally through a tunnel you configured (Cloudflare, Tailscale, Ngrok, your call).
- Open5e for the one-time SRD spell + monster import on first boot, if the database is empty. After that the seed is cached locally and Open5e is never contacted again.
- Your own AI provider (Anthropic / OpenAI / a local SwarmUI host) — only if you enabled and configured the AI features in the GM panel. The keys you supply stay in your database. We don't proxy through any service we operate.
3. The mobile companion apps (Android, iOS / macOS)
The native player apps connect only to the TableTop Forge server URL you type into the login screen. They store the following on your device, in standard system storage (UserDefaults on Apple, DataStore on Android):
- The server URL, session code, and player name you typed in.
- The id of the last character you played, so the app can resume it.
- Theme preference (System / Light / Dark).
- An offline cache of the last creature sheet you loaded.
- Per-resource counters for your class abilities (Bardic Inspiration uses, etc.).
Logging out wipes those keys. Nothing is uploaded to any server we run.
4. What the mobile apps DO NOT do
Independent restatement of the above for clarity, because Play Store and App Store data-safety questionnaires are explicit about these categories:
- No analytics SDKs. No Firebase, no Crashlytics, no Mixpanel, no Amplitude — nothing.
- No advertising SDKs. No AdMob, no Meta Audience Network, no IronSource, no in-app advertising of any kind.
- No data sold or shared with third parties for advertising, analytics, or any other commercial purpose.
- No personal information collected beyond what you type into the login screen — and that data only travels to the server you point the app at.
- No background location, contacts, microphone, camera, or photo-library access. The apps don't request any of those permissions.
- No account creation with us. The "session code" + "player name" pairing is decided per-game by the GM running the server; we never see it.
5. Network access — what each app talks to
On Android, the app uses the standard INTERNET
permission to reach the server URL you type in. On iOS / iPadOS / macOS,
the app additionally requests local-network access at first launch
— that's the iOS-specific permission needed to talk to a server
on your home Wi-Fi by IP address or mDNS hostname.
Cleartext (HTTP) traffic is permitted only for loopback addresses,
the Android emulator's host loopback (10.0.2.2), and
mDNS .local hostnames. Public-internet HTTP is
rejected at the platform level. Reaching a server over the open
internet requires HTTPS — set that up via Cloudflare Tunnel,
Tailscale, ngrok, or a self-hosted reverse proxy with a
LetsEncrypt certificate.
6. The mobile apps' Privacy Manifest (iOS)
The iOS / macOS build ships a
PrivacyInfo.xcprivacy manifest declaring two
required-reason API uses (UserDefaults for the items above, Date()
for in-app timestamps), no third-party SDK trackers, and no data
collection. Submitted as Data Not Collected across
every category on the App Store privacy nutrition label.
7. Children
The application has no age-gating or COPPA-relevant data flow because it doesn't collect data. Whether the people at your table are children is your call as the GM running the campaign.
8. Changes
If a future version of TableTop Forge adds an opt-in feature that transmits data anywhere new (e.g. a hosted dice-broadcast service), it'll be off by default and described here before it ships.
9. Contact
Questions about how the app handles your data: [email protected].