LARPN.

LARPN.

▸ Legal

Privacy.

Effective: 2026-05-25 · Last updated: 2026-05-25

LARPN is a small studio. We collect as little as we can get away with, we never sell or trade what you share, and we follow VCDPA (Virginia), GDPR (EEA/UK), CCPA/CPRA (California), COPPA, and CalOPPA. The rest of this page is the formal version.

1. Information we collect

We collect only what's needed to talk to you.

  • Contact form: your name, email address, budget tier, and any optional message text you choose to send.
  • FAQ submissions: the question text you submit, and an optional name if you provide one. Submissions are stored in our database and reviewed before publication.
  • Operational data: standard server logs (request IP, user-agent, timestamp) retained briefly for security and abuse prevention.
  • Cookies: no advertising or cross-site tracking cookies. Supabase may set short-lived functional cookies to keep submission sessions secure. They expire when the browser tab closes.

2. How we use information

Contact-form data is used solely to reply to your inquiry. FAQ submissions are reviewed and, if approved, published publicly along with our answer. We do not use any of this data for marketing, profiling, or any purpose unrelated to the original submission.

3. Third-party service providers

Your data passes through and is stored by two providers, each with their own published privacy practices:

  • Supabase — hosted Postgres database used to store FAQ submissions and approved answers. Supabase privacy policy.
  • Resend — outbound email delivery used to forward contact-form submissions to our inbox. Resend privacy policy.

We do not sell, rent, or share your personal data with third-party advertisers, brokers, or data resellers.

4. Children's privacy

This site is not directed to children under 13 (or under 16 in Virginia under VCDPA). We do not knowingly collect personal data from minors. If a parent or guardian believes a minor has submitted information through the contact form or FAQ feature, please email us at o.18hamdan@outlook.com and we will permanently delete it from our database.

5. Your rights (GDPR / VCDPA / CCPA)

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data from our database.
  • Receive a copy of your data in a portable format.
  • Opt out of any sale of personal data. (We do not currently sell any data; this right is preserved by default.)

To exercise any of these rights, email o.18hamdan@outlook.com from the email address you used at submission. We verify the request by reply and act within 30 days (45 days for VCDPA requests if extended notice is given).

6. Do Not Track (CalOPPA)

We do not track users across websites or services, so there is no behavioral profile to disable. As a result, we honor browser “Do Not Track” signals by default — the experience does not differ whether the signal is present or not.

7. Data retention

  • Contact-form messages are kept while the related project is active, then deleted on request or within 12 months of last contact, whichever comes first.
  • Approved FAQ submissions remain visible indefinitely as part of the public knowledge base. Unapproved submissions are deleted within 90 days.
  • Server logs are rotated and discarded within 30 days unless retained for an active security investigation.

8. Security

All submissions are encrypted in transit using TLS. Stored data lives in Supabase's managed Postgres, encrypted at rest. No system is bulletproof — please don't send anything sensitive (financial, medical, government IDs) through the forms on this site.

9. Changes

If this policy changes materially, we update the “Last updated” date at the top of the page and post the new version here. Continued use of the site after a change indicates acceptance of the updated policy.

10. Contact

Privacy questions, data requests, or anything else legal:

See also: Terms of Service.