Privacy Policy

Last updated: May 22, 2026

1. Introduction

QuickMonster ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide

  • Account Information: When you register, we collect your name, email address, and password (encrypted).
  • User Content: Monsters you create, campaigns, encounters, and associated prompts.
  • Communications: Information you provide when contacting us.

3.2 Information Collected Automatically

  • Session Data: We use session cookies to keep you logged in and maintain your preferences.
  • Usage Data: Pages visited, features used, and interaction patterns (anonymized).
  • Device Information: Browser type, operating system, and device type for compatibility.

3.3 AI-Generated Content

When you generate monsters, your prompts are sent to third-party AI services (OpenAI) for processing. These prompts are used solely to generate your requested content and are not stored by the AI provider beyond the processing time.

4. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To create and manage your account, generate monsters, and provide our core services.
  • Service Improvement: To understand how users interact with our service and improve functionality.
  • Communication: To respond to your inquiries and send important service updates.
  • Security: To protect against unauthorized access and maintain service integrity.
  • Legal Compliance: To comply with applicable laws and regulations.

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services to you.
  • Legitimate Interests: For service improvement and security, where these interests don't override your rights.
  • Consent: Where you have given explicit consent (e.g., marketing communications).
  • Legal Obligation: Where required by law.

6. Data Sharing and Disclosure

We may share your information with:

  • AI Service Providers: OpenAI processes your prompts to generate monster content. See their privacy policy.
  • Image Generation Services: Third-party services that generate monster images based on descriptions.
  • Hosting Providers: Our servers are hosted by reputable cloud providers with appropriate data protection measures.
  • Legal Authorities: When required by law or to protect our rights.

We do not sell your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for AI processing). We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party providers

8. Data Retention

We retain your data for as long as necessary to provide our services:

  • Account Data: Until you delete your account.
  • Created Content: Until you delete the content or your account.
  • Session Data: Automatically deleted after 120 minutes of inactivity.
  • Backup Data: Retained for up to 30 days for disaster recovery.

9. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Data Portability: Receive your data in a machine-readable format.
  • Right to Restrict Processing: Request limitation of how we use your data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at privacy@quickmonster.com or use the data export and account deletion features in your profile settings.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of passwords using industry-standard algorithms
  • HTTPS encryption for all data transmission
  • Secure session management with HTTP-only cookies
  • Regular security audits and updates
  • Access controls limiting data access to authorized personnel

11. Cookies

We use cookies to provide our services. For detailed information about the cookies we use, please see our Cookie Policy.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

15. Supervisory Authority

If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.