Privacy & GDPR Policy

1. Who We Are

JustDMIt ("we", "us", "our") is the data controller for personal data collected through this website and the JustDMIt application portal located at app.justdmit.com.

Contact: gm@justdmit.com
For GDPR-related enquiries or data subject requests, please email the above address with the subject line "GDPR Request".

2. What Data We Collect

We collect the following categories of personal data:

• Account data — email address, display name, password hash (portal registration)
• Session data — login timestamps, IP addresses (security logs, 30-day retention)
• Usage data — features accessed, AI session counts, generated content metadata
• Technical data — browser type, device type, language preference, time zone
• Analytics data — page views, referrer URLs, session duration (only with your consent)

We do not collect payment card details directly. Any future payment processing is handled by a certified third-party processor (PCI-DSS compliant).

3. Legal Basis for Processing

• Contract performance — processing necessary to provide the service you signed up for (Art. 6(1)(b) GDPR)
• Legitimate interests — security logging, abuse prevention (Art. 6(1)(f) GDPR)
• Consent — analytics/marketing cookies (Art. 6(1)(a) GDPR); you may withdraw at any time
• Legal obligation — retaining records as required by applicable law (Art. 6(1)(c) GDPR)

4. Cookies We Use

This site uses two categories of cookies. Necessary cookies are set automatically; analytics cookies are only set after you click Accept All or enable them in Cookie Preferences. You can manage or withdraw consent at any time using the Cookie Settings button in the page footer.

Technical & Necessary Cookies

These cookies are essential for the site and application to function. They cannot be disabled.

Name	Purpose	Duration	Type
justdmit_session	Maintains your authenticated session in the app portal	Session / 30 days (if "Remember me")	Necessary
justdmit_csrf	Cross-site request forgery protection token	Session	Necessary
justdmit_lang	Stores your chosen interface language	1 year	Necessary
justdmit_cookie_consent	Records your cookie consent choices (localStorage)	1 year	Necessary
justdmit_theme	Stores your selected UI theme preference	1 year	Necessary

Analytics & Marketing Cookies

These cookies help us understand how visitors use the site so we can improve it. They are only activated after you provide explicit consent. No personal data collected by these cookies is sold or shared with advertisers.

Name	Purpose	Duration	Type
_ga, _ga_*	Google Analytics 4 — distinguishes users for aggregate traffic analysis (page views, referrers, session duration). Data is anonymised before processing. IP addresses are truncated.	2 years	Analytics
_gid	Google Analytics — distinguishes users (24-hour session window)	24 hours	Analytics

5. Third-Party Services

We use the following third-party processors, each bound by a Data Processing Agreement (DPA):

• Google Analytics (Alphabet Inc.) — anonymised website analytics (EU-US Data Privacy Framework)
• AI model providers (OpenAI, Google, etc.) — prompt text is transmitted to generate responses; no personal data is stored by the provider beyond the request lifecycle
• Discord — if you connect via our Discord bot, Discord's own Privacy Policy applies to data held on their platform

6. Data Retention

• Account data: retained while your account is active, deleted within 30 days of account closure request
• Security logs: 30 days rolling retention
• Generated content (statblocks, campaigns, plots): retained until you delete them or your account
• Analytics data: aggregated and anonymised after 14 months per Google Analytics defaults

7. Your Rights Under GDPR

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete personal data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — ask us to pause processing of your data in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — you can withdraw cookie consent at any time via Cookie Settings in the footer, and this will not affect lawfulness of prior processing

To exercise any of these rights, email gm@justdmit.com with subject "GDPR Request". We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

8. Security

We implement industry-standard security measures including HTTPS/TLS encryption in transit, bcrypt password hashing, CSRF protection, and role-based access controls. No system is completely secure; in the event of a data breach we will notify affected users and the relevant supervisory authority within 72 hours as required by GDPR Art. 33.

9. Children

JustDMIt is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has registered without parental consent, please contact us and we will delete the account.

10. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the Last updated date above and, where required, notify registered users by email. Continued use of the service after a policy update constitutes acceptance of the revised terms.

11. Contact

Data Controller: JustDMIt
Email: gm@justdmit.com
Website: justdmit.com

← Back to JustDMIt