Legal

Privacy Policy

Last updated: April 11, 2026

The short version

Ishvana is a desktop application sold by Swordsfall Studios LLC. The desktop app runs entirely on your machine and does not send your writing, your lore, or your usage to anyone. This privacy policy covers the ishvana.com website and the limited data the app exchanges with our servers for licensing and updates.

In one sentence: we collect the minimum needed to sell you software and run a newsletter. No advertising trackers. No third-party analytics. No selling your data to anyone, ever.

What the desktop app collects

Ishvana runs locally on your computer. Your manuscripts, lore database, character notes, maps, prompts, and every other piece of content you create stay on your machine in standard file formats (SQLite, .docx, Markdown). The app has no backend server it talks to on your behalf, no cloud sync, no crash reporter that phones home with your prose, and no analytics SDK embedded anywhere.

The only network activity the app is capable of initiating on its own:

  • License activation — a one-time HTTPS call to our license server when you enter your license key. We record your license key and a machine fingerprint (a hash derived from your hardware). No personal data.
  • Periodic license re-validation — approximately once a week, the app confirms your license is still in good standing by hitting the same license server. This is how refund and revocation actually work. The call sends your license key and nothing else. If the check fails (you're offline, our server is down) the app assumes you're still valid and tries again later.
  • Optional update checks — if enabled, the app fetches a small version file from our update server. No telemetry attached, no usage data. Can be disabled in settings.
  • Optional external model calls — only if you configured a cloud provider (Anthropic, OpenAI, OpenRouter, etc.) with your own API key. These calls go directly to the provider you chose using your credentials. Ishvana never proxies them through our servers.
  • Optional web research — only when you explicitly use the research browser or Wikipedia fact-check features. Visits the websites you navigate to, same as a regular browser.

That's the complete list. There is no usage telemetry, no crash reporting without your opt-in, no heartbeat ping, no "help us improve" analytics. The app does not know how often you open it, which features you use, what you write, or who you are.

What the website collects

The ishvana.com website collects the following information, all of which is stored on infrastructure we control (not Google Analytics, not Segment, not any third-party tracker):

When you visit

  • Anonymous page views — we record which page was viewed, the time, an anonymous visitor ID (a random UUID stored in a first-party cookie), browser and OS (from the User-Agent header), and a country code derived from your IP address via an offline GeoIP database. We do not store your full IP, only a hashed version used for rate limiting.
  • Anonymous event data — when you click a tracked button (for example, a "Get Ishvana" CTA), we record the click with the same anonymous visitor ID so we can measure conversion. We do not track mouse movements, keystrokes, scroll positions beyond simple milestones, or session replays.

When you sign up for the newsletter

  • Your email address and the signup source (footer, blog, etc.).
  • A confirmation token for double opt-in. You will not receive any newsletter until you confirm via a link in an initial email.

When you purchase Ishvana

  • Email address — used to deliver your license key.
  • Stripe checkout data — your billing details are handled directly by Stripe, never stored on our servers. Stripe sends us a session ID, the customer email, and the amount. See Stripe's privacy policy for details on how they handle payment data.
  • License records — a license key we generate for you, linked to your purchase email, plus a record of each machine activation (machine fingerprint, hostname, last-seen date).

When you create an account

  • Email, name, and a hashed password (via the better-auth library). Sessions are stored in a first-party cookie.

Cookies

We use a small number of first-party cookies. None are used for advertising:

  • Session cookie — authenticates you when you're logged in to your account or the admin area.
  • Visitor ID cookie — a random UUID used to measure page-view patterns and conversion. No personal data is linked to it.
  • Session storage ID — a per-tab random ID used by the analytics pipeline to group events from the same session.

We do not use Google Analytics, Facebook Pixel, Hotjar, or any other third-party tracking cookies. We do not set any advertising cookies.

Third parties

The short list of services we rely on to operate the business:

  • Stripe — payment processing for the $99 purchase. Sees your billing details.
  • Hostinger — hosts the website. Sees request logs (IP, path, User-Agent) per standard web server logging.
  • SMTP email provider — sends transactional email (license delivery, newsletter confirmations, support replies). Sees your email address and the email content we send you.
  • better-auth — the authentication library we use. Runs entirely on our servers; no data leaves our infrastructure.

We do not sell, rent, or share any of this data with third parties for advertising or marketing purposes. Ever.

Data retention

  • Anonymous pageviews and event data — purged after 90 days.
  • Newsletter subscribers — kept while you remain subscribed. Unsubscribing removes your email from active sends; we may keep a hashed record to prevent re-subscribing unintentionally.
  • License records — kept for the life of the product so we can honor support and reinstalls. Refund records are retained for accounting and tax purposes.
  • Account data — deleted within 30 days of you closing your account.

Your rights

If you're in the EU, UK, California, or any other jurisdiction with a privacy law, you have the right to:

  • Access the data we have about you.
  • Correct anything inaccurate.
  • Delete your data (subject to our legal obligation to retain purchase records for accounting).
  • Export your data in a portable format.
  • Object to processing.

Email privacy@ishvana.com with your request. We respond within 30 days.

Children

Ishvana is not directed at children under 13 and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, email us and we will delete it.

Changes to this policy

If we change this policy in a material way, we'll announce it on the site and notify active newsletter subscribers by email. Non-material changes (formatting, clarification, link fixes) may happen without notification.

Contact

Privacy questions: privacy@ishvana.com.
General support: support@ishvana.com.

Swordsfall Studios LLC
Oregon, United States