Privacy Policy

How we collect, use, and protect your personal information

SkeletonKey Privacy Policy

Version 1.0

Effective Date: January 26, 2025

Last Updated: January 26, 2025

1. OVERVIEW

Odd Events LLC DBA SkeletonKey.Quest ("SkeletonKey," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SkeletonKey software and services.

Privacy by Design: SkeletonKey is built with privacy as a core principle. The free desktop application processes most data locally on your device, minimizing data collection and transmission.

This policy applies to:

  • SkeletonKey desktop application (free version)
  • SkeletonKey cloud services (premium subscription)
  • Our website and related services
  • Customer support interactions

2. INFORMATION WE COLLECT

2.1 Personal Information

We may collect the following personal information:

Account Information

  • • Email address
  • • Name (optional)
  • • Password (encrypted)
  • • Account preferences

Payment Information

  • • Billing address
  • • Payment method details
  • • Transaction history
  • • Subscription status

2.2 Usage Data

We collect information about how you use SkeletonKey:

  • Feature usage patterns and frequency
  • Performance metrics and error logs
  • Software version and operating system
  • Session duration and interaction data
  • Crash reports (anonymized)

2.3 Project Data (Cloud Services Only)

For users of our cloud services, we store:

  • Timeline projects and associated data
  • Knowledge base entries and relationships
  • Maps, narratives, and exported content
  • Collaboration settings and shared projects
  • AI interaction history and generated content

Important: For free desktop software users, project data remains on your local device and is not transmitted to our servers unless you explicitly use cloud features.

3. HOW WE USE INFORMATION

We use collected information for the following purposes:

3.1 Service Provision

  • Providing and maintaining SkeletonKey software and services
  • Processing payments and managing subscriptions
  • Synchronizing data across devices (cloud users)
  • Providing AI analysis and generation features
  • Customer support and technical assistance

3.2 Service Improvement

  • Analyzing usage patterns to improve functionality
  • Identifying and fixing software bugs and issues
  • Developing new features and capabilities
  • Optimizing performance and user experience

3.3 Communication

  • Sending service-related notifications and updates
  • Providing customer support responses
  • Sharing important policy or service changes
  • Marketing communications (with your consent)

3.4 Legal and Security

  • Complying with legal obligations and requests
  • Protecting against fraud and abuse
  • Enforcing our terms and policies
  • Securing our systems and user data

4. INFORMATION SHARING

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We may share your information in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist in operating our business:

  • Cloud Infrastructure: AWS, Google Cloud, or similar providers for data storage and processing
  • Payment Processing: Stripe, PayPal, or similar services for handling payments
  • AI Services: OpenAI and other AI providers for advanced analysis features
  • Analytics: Usage analytics services to improve our software
  • Customer Support: Help desk and communication tools

4.2 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes or government requests
  • Protect the rights, property, or safety of SkeletonKey, users, or others
  • Investigate potential violations of our terms
  • Prevent fraud or security threats

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction. We will provide notice before your information becomes subject to different privacy practices.

4.4 Consent

We may share information with your explicit consent for specific purposes not covered in this policy.

5. DATA STORAGE & SECURITY

5.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • • End-to-end encryption for data transmission
  • • AES-256 encryption for stored data
  • • Secure authentication protocols
  • • Regular security audits and testing

Operational Safeguards

  • • Limited access to personal data
  • • Employee training on data protection
  • • Incident response procedures
  • • Regular backup and recovery testing

5.2 Data Locations

Your data is stored in secure facilities:

  • Local Data: Free software data remains on your device
  • Cloud Data: Stored in enterprise-grade data centers in the United States
  • Backups: Encrypted backups stored in geographically distributed locations
  • AI Processing: May be temporarily processed by third-party AI services

5.3 Data Breach Response

In the unlikely event of a data breach, we will:

  • Promptly investigate and contain the incident
  • Notify affected users within 72 hours when required
  • Provide clear information about what happened and what we're doing
  • Take steps to prevent future incidents
  • Cooperate with law enforcement and regulatory authorities

6. LOCAL VS CLOUD DATA

Free Desktop Software

Data Processing:

  • • All project data stays on your device
  • • No data uploaded to our servers
  • • Complete data control and privacy
  • • Anonymous usage analytics only

What We Collect:

  • • Software version and OS info
  • • Feature usage patterns (anonymized)
  • • Error reports (no personal data)
  • • Performance metrics

Premium Cloud Services

Data Processing:

  • • Project data synced to secure cloud
  • • AI processing for advanced features
  • • Encrypted storage and transmission
  • • Account and billing information

What We Collect:

  • • Account and profile information
  • • All project data and content
  • • Usage and interaction data
  • • Payment and billing records

Your Choice

You can use SkeletonKey entirely offline with the free version, or opt into cloud services for additional features. Cloud features can be enabled or disabled at any time.

7. THIRD-PARTY SERVICES

SkeletonKey integrates with various third-party services. Each has its own privacy practices:

AI Services (OpenAI, etc.)

  • • Data may be processed by AI providers when using AI features
  • • Subject to third-party privacy policies and data usage terms
  • • Used only for providing requested AI functionality
  • • You can disable AI features to avoid third-party processing

Payment Processors

  • • Payment information processed by secure payment providers
  • • We do not store complete credit card numbers
  • • Payment data subject to processor privacy policies
  • • PCI DSS compliant payment handling

Cloud Infrastructure

  • • Data stored on enterprise cloud platforms (AWS, etc.)
  • • Encrypted storage with enterprise-grade security
  • • Subject to cloud provider security and privacy standards
  • • Regular security audits and compliance certifications

Analytics Services

  • • Anonymous usage analytics to improve software
  • • No personal data included in analytics
  • • Aggregated and anonymized data only
  • • Can be disabled in application settings

Important: We carefully select third-party partners with strong privacy and security practices. However, we are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

8. YOUR RIGHTS

You have the following rights regarding your personal information:

Access Rights

  • • View personal data we have about you
  • • Request copies of your information
  • • Understand how your data is used

Correction Rights

  • • Correct inaccurate personal information
  • • Update your profile and preferences
  • • Complete incomplete information

Deletion Rights

  • • Request deletion of your personal data
  • • Close your account and remove data
  • • Right to be forgotten (where applicable)

Portability Rights

  • • Export your data in standard formats
  • • Transfer data to other services
  • • Receive machine-readable copies

Restriction Rights

  • • Limit how we process your data
  • • Object to certain data uses
  • • Withdraw consent for processing

Legal Rights

  • • File complaints with data protection authorities
  • • Seek judicial remedies
  • • Exercise rights under applicable privacy laws

How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days and may require identity verification for security purposes.

9. COOKIES & TRACKING

9.1 Desktop Application

The SkeletonKey desktop application does not use cookies or web tracking technologies. All data is processed locally on your device.

9.2 Website and Web Services

Our website and web-based services may use:

Essential Cookies

Required for basic website functionality:

  • • Session management and authentication
  • • Security and fraud prevention
  • • Basic site functionality

Analytics Cookies (Optional)

Help us understand website usage:

  • • Page views and user interactions
  • • Performance and error tracking
  • • Anonymized usage statistics

Preference Cookies

Remember your choices and settings:

  • • Theme preferences (dark/light mode)
  • • Language and region settings
  • • Display preferences

9.3 Managing Cookies

You can control cookies through:

  • Browser settings to block or delete cookies
  • Cookie consent banners on our website
  • Opting out of analytics tracking
  • Using private/incognito browsing modes

Note: Disabling essential cookies may affect website functionality.

10. DATA RETENTION

We retain your information for as long as necessary to provide services and comply with legal obligations:

Active Accounts

  • • Account data: Retained while account is active
  • • Project data: Stored as long as you maintain it
  • • Usage data: Aggregated and anonymized after 24 months
  • • Support data: Retained for 3 years for quality purposes

Closed Accounts

  • • Account data: Deleted within 30 days of closure
  • • Project data: Deleted within 90 days (with recovery option)
  • • Billing records: Retained for 7 years for tax/legal compliance
  • • Analytics data: Anonymized and aggregated only

Immediate Deletion

  • • Upon explicit deletion request
  • • When required by law
  • • For inactive free accounts after 2 years
  • • When data is no longer needed for business purposes

Legal and Safety

  • • Data may be retained longer for legal compliance
  • • Security incident data retained for investigation
  • • Backup systems may retain data for recovery purposes
  • • Court orders may require extended retention

Data Minimization: We regularly review and delete data that is no longer necessary, following data minimization principles.

11. INTERNATIONAL TRANSFERS

SkeletonKey is based in the United States. Your information may be transferred to and processed in countries other than your own:

11.1 Data Transfer Locations

  • Primary Storage: United States (enterprise data centers)
  • Backup Storage: Multiple geographic regions for redundancy
  • AI Processing: May be processed by providers in various countries
  • Support Services: May involve international team members

11.2 Transfer Safeguards

When transferring data internationally, we ensure appropriate safeguards:

Legal Frameworks

  • • Standard Contractual Clauses
  • • Adequacy decisions where available
  • • Binding Corporate Rules
  • • Privacy Shield successors

Technical Safeguards

  • • End-to-end encryption
  • • Secure transfer protocols
  • • Access controls and monitoring
  • • Regular security assessments

11.3 Your Rights

For users in the EU, UK, and other regions with data protection laws:

  • You have the right to know about international transfers
  • You can request information about transfer safeguards
  • You may object to transfers in certain circumstances
  • Local data protection authorities can provide guidance

12. CHILDREN'S PRIVACY

Age Requirements

SkeletonKey services are intended for users who are at least 13 years old. Users between 13-18 years old must have parental consent.

12.1 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA):

  • We do not knowingly collect personal information from children under 13
  • If we discover we have collected such information, we will delete it promptly
  • Parents can contact us to review, delete, or stop collection of their child's information

12.2 Parental Rights

Parents and guardians have the right to:

  • Review personal information collected from their child
  • Request deletion of their child's personal information
  • Refuse to allow further collection of their child's information
  • Contact us with questions about our children's privacy practices

12.3 Educational Use

For educational institutions using SkeletonKey:

  • Schools may provide consent on behalf of students for educational purposes
  • We work with schools to ensure FERPA compliance when applicable
  • Student data is used only for educational purposes
  • Enhanced privacy protections apply to student accounts

Contact Us: If you believe we have collected information from a child under 13, or if you are a parent seeking to exercise your rights, please contact us at [email protected].

13. POLICY CHANGES

13.1 Updates and Modifications

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices or services
  • New legal requirements or regulatory changes
  • Improvements to our privacy protections
  • Feedback from users and privacy authorities

13.2 Notification Process

When we make changes to this policy, we will:

Minor Changes

  • • Update the "Last Updated" date
  • • Post the revised policy on our website
  • • Continue services without interruption

Material Changes

  • • Email notification to registered users
  • • In-app notifications where applicable
  • • 30-day notice period before implementation
  • • Clear explanation of changes

13.3 Your Options

When we make material changes:

  • Continued use of our services indicates acceptance of the updated policy
  • You may contact us with questions or concerns about changes
  • You can close your account if you disagree with material changes
  • Some changes may require your explicit consent

Stay Informed: We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your privacy. You can always find the current version at skeletonkey.quest/privacy.

14. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries

Email: [email protected]

Response Time: Within 30 days

For: Privacy questions, data requests, consent withdrawal

General Support

Email: [email protected]

Response Time: Within 48 hours

For: Technical support, account issues, general questions

Legal Matters

Email: [email protected]

Response Time: Within 15 days

For: Legal requests, compliance issues, law enforcement

Company Information

Legal Name: Odd Events LLC DBA SkeletonKey.Quest

Jurisdiction: California, United States

Website: https://skeletonkey.quest

Data Protection Authorities

If you are located in the European Union, United Kingdom, or other regions with data protection authorities, you have the right to file a complaint with your local supervisory authority if you believe we have not addressed your privacy concerns adequately.

When Contacting Us

To help us respond more effectively, please include:

  • • Your account email address (if applicable)
  • • Specific details about your request or concern
  • • Any relevant dates or reference numbers
  • • Your preferred method of response

Your Privacy Matters

We are committed to protecting your privacy and being transparent about our data practices. Thank you for trusting SkeletonKey with your information.

Privacy Policy Version: 1.0

Effective Date: January 26, 2025

Last Updated: January 26, 2025