General User Privacy Policy

Updated: December 12th, 2023

Owner and Data Controller

Jason Weiser

Owner contact email:
PGP public key:

Types of Data Collected

We seek to maintain user privacy as much as possible by locally storing images, fonts, CAPTCHAs and other media as well as use a privacy-respecting analytics tool.

Login Attempts:

  • IP address
  • Date and time of attempted login

We process these data only on login attempts and only to guard against abuse. It's not linked to any other browsing or personal data.

Paying Customers:

  • First name
  • Last name
  • E-mail address
  • Username
  • Password
  • IP address

We process these data only for people who sign up and pay for a membership. Stripe requires names for billing, and we need an e-mail address to contact members. Credit card numbers and billing addresses are immediately sent securely to Stripe and not stored on our servers.

Everyone else:

We use Plausible Analytics, a privacy-respecting analytics tool that we self-host on a separate, private server. No cookies are used and no personal data—not even an IP address or browser user agent—are stored. We use Plausible so we can see how people use the site, what they're searching for, where they come from, etc. You can read more about how they count users without cookies here.

Additionally, we utilize Google's reCAPTCHAv2 only on the following checkout pages:

Visitors to these pages will be subject to Google's byzantine privacy policy. I am working on a solution that doesn't require Google getting any of your personal data, but options are limited for the membership plugin.

How we use your personal data

We use the personal data collected from login attempts solely to guard against abuse (spamming, DDoS attacks, brute force attacks, etc.). We use personal data from paying members in order to administer the membership program. No other personal data are stored.

Recipient(s) of the personal data

The personal data received through this site are sent to:

  • Our company: Bardic Enterprises LLC
  • Our web hosting provider: DigitalOcean
  • Payment processor: Stripe, Inc. (paying members only)
  • Payment processor: PayPal (paying members only)

Details of transfers to third parties and safeguards

Myths and Legends data are hosted in the USA using DigitalOcean, registered to the Privacy Shield program. We will not share or sell user behavior data with any other parties.

Additional member data (first and last name and e-mail address only) are shared solely with Stripe or Paypal for the sole purposes of payment processing. We do not retain credit card or billing address data. That is sent encrypted to Stripe or PayPal.

We will take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data.

Retention time

We keep the IP addresses on attempted logins only for a maximum period of seven days, and then they are automatically deleted.

Member data provided with the explicit consent of users that have signed up for the membership program is stored indefinitely but can be deleted upon request.

User rights

As Myths and Legends is processing personal data on legitimate interests, you can exercise the following rights:

  • Right of access: you can ask us at any time to access your personal data. (Paying members only - we do not capture any personal data from general users)
  • Right to erasure: you can ask us at any time to delete all the personal data we are processing about you.
  • Right to object: you can object to the tracking of your personal data by opting out. Once again, we don't collect any personal data from general visitors to this site, only data provided explicitly from members or if you attempt a login. If you are a former member, please contact me to delete your data.


The right to lodge a complaint with a supervisory authority

If you think that the way we process your personal data is infringing the law, you have the right to lodge a complaint with a supervisory authority.

Member data are necessary for the use of the membership and must be retained throughout the course of the chosen plan. If you wish for member data to be deleted after the membership term is complete, please e-mail with the request.