General User Privacy Policy

Updated: July 14th, 2023

Owner and Data Controller

Jason Weiser

Owner contact email:
PGP public key:

Types of Data Collected

We seek to maintain user privacy as much as possible by locally storing images, fonts, CAPTCHAs and other media. We process the following data ONLY on a login attempt to the site to secure the site and guard against abuse. It is not linked to any other browsing or personal data.

  • IP address
  • Date and time of attempted login

Customers who participate in the Myths and Legends paid membership program provide the following data:

  • First name
  • Last name
  • E-mail address
  • Username
  • Password
  • IP address

Stripe requires names for billing and we need an e-mail address to contact members.

Additionally, we utilize Google's reCAPTCHAv2 on our checkout pages:

Visitors to these pages will be subject to Google's byzantine privacy policy. I am working on a solution that doesn't require Google getting any of your personal data, but options are limited for the membership plugin.

How we use your personal data

We use the data solely to guard against abuse (spamming, DDoS attacks, brute force attacks, etc.)

Recipient(s) of the personal data

The personal data received through this site are sent to:

  • Our company: Bardic Enterprises LLC
  • Our web hosting provider: DigitalOcean
  • Payment processor: Stripe, Inc. (paying members only)
  • Payment processor: PayPal (paying members only)

Details of transfers to third country and safeguards

Myths and Legends data is hosted in the USA within DigitalOcean, registered to the Privacy Shield program. We will not share or sell user behavior data with any other parties.

Additional member data (first and last name and e-mail address only) is shared solely with Stripe or Paypal for the sole purposes of payment processing. We do not retain credit card or billing address data. That is sent encrypted to Stripe or PayPal.

We will take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data.

Retention time

We keep the IP addresses on attempted logins only for a maximum period of seven days, and then they are automatically deleted.

Member data provided with the explicit consent of users that have signed up for the membership program is stored indefinitely but can be deleted upon request.

User rights

As Myths and Legends is processing personal data on legitimate interests, you can exercise the following rights:

  • Right of access: you can ask us at any time to access your personal data. (Paying members only - we do not capture any personal data from general users)
  • Right to erasure: you can ask us at any time to delete all the personal data we are processing about you.
  • Right to object: you can object to the tracking of your personal data by opting out. Once again, we don't collect any personal data from visitors to this site, only data provided explicitly from members. If you are a former member, please contact me to delete your data.


The right to lodge a complaint with a supervisory authority

If you think that the way we process your personal data with is infringing the law, you have the right to lodge a complaint with a supervisory authority. Whether the provision of personal data is part of a statutory or contractual requirement; or obligation and possible consequences of failing to provide the personal data.

Member data is necessary for the use of the membership and must be retained throughout the course of the chosen plan. If you wish for member data to be deleted after the membership term is complete, please e-mail with the request.