Pre-alpha access is still staged. Start with About URSRP and Discover.

Privacy policy
Effective May 7, 2026

Privacy Policy

This policy covers what URS collects, how it uses and shares that data, how long it keeps different categories, and where to send privacy requests.

01

Scope and contact

This Privacy Policy applies to the Ultimate Roleplay System and the related account, billing, support, moderation, and product flows URS operates through rp.ursrp.com. It covers information URS collects when you create an account, verify your age and email, use projects, characters, discovery, inbox, rooms, Premium billing, or support and moderation tools. Read this policy together with the Terms of Service.

Privacy, data, and policy questions can be sent to administrative@ursrp.com.

02

Information URS collects

URS collects the information needed to run the service, secure accounts, process billing, moderate the platform, and enforce platform and project rules.

  • Account and identity data, including your email address, password hash or connected sign-in provider, session and MFA state, adult-confirmation and email-verification state, display settings, account preferences, and remembered-account state.
  • Device, session, and security data, including browser or device identifiers, session cookies, local or session storage state, connection metadata, request logs, and IP-derived abuse-prevention signals or similar security telemetry.
  • Project and character data, including projects, memberships, rooms, factions, characters, drafts, approvals, discovery settings, trust settings, notifications, and project-scoped permissions.
  • Messages and roleplay records, including inbox messages, room messages, timestamps, reactions, edits, attachments, scene metadata, and related moderation or audit events.
  • Media uploads, including account avatars, character images, project logos, faction logos, and other images uploaded through the service.
  • Billing and subscription data, including checkout sessions, customer and subscription references, payment status, invoice or renewal metadata, and billing-support records handled through URS and Stripe.
  • Safety, support, and operational records, including reports, blocks, appeals, export or deletion requests, fraud-prevention events, moderation notes, security logs, and audit logs.
03

How URS uses information

URS uses information to authenticate accounts, operate projects and rooms, deliver discovery and messaging features, process Premium access, moderate the platform, respond to reports, prevent fraud or abuse, and comply with legal obligations.

  • To create and maintain your account, sign-in sessions, email verification, adult-only access controls, and recovery flows.
  • To run projects, character tools, discovery, inbox, rooms, on-site notifications, and realtime updates.
  • To process subscriptions, renewals, cancellations, billing support, refunds or reversals where applicable, disputes, and subscription enforcement.
  • To investigate reports, enforce platform and project rules, review abuse or fraud, and keep moderation and evidence records.
  • To send transactional emails, service notices, verification messages, and important policy, security, or billing updates.
  • To maintain backups, logs, access records, and other operational history needed for continuity, auditing, and legal compliance.
04

How URS shares information

URS does not promise zero-sharing or server-blind storage. Information is shared only when needed to operate the service, process payments, support moderation, or comply with law.

  • Service providers may process data for hosting, database operations, storage, email delivery, payments, security, and realtime delivery. Current launch providers may include Vercel for application hosting, Neon for database hosting, Cloudflare R2-compatible object storage for private media, Stripe for billing, Resend for system email, Ably for realtime delivery, and social-auth providers you choose to use.
  • Project owners, managers, faction leaders, and room moderators may see project-scoped information that the product intentionally exposes to them under its permission rules.
  • Authorized URS staff may access records when needed for support, moderation, fraud review, abuse response, security investigation, billing issues, or legal compliance.
  • URS may disclose information when reasonably required to protect the service, respond to subpoenas or legal requests, investigate threats, or enforce these policies and the Terms of Service.
05

Cookies, sessions, realtime, and browser storage

URS uses cookies and similar browser storage to keep you signed in, protect sign-in and adult-confirmation flows, remember settings, and support account, billing, and realtime features.

  • URS uses session cookies plus local or session storage for sign-in state, verification state, account switching, preferences, trust controls, and other product settings.
  • Third-party providers may set or use service-related cookies, local storage entries, or connection identifiers when you use payments, social sign-in, or realtime features.
  • Stripe, social sign-in providers, and Ably may receive the technical metadata needed to authenticate your session with those services and deliver the feature you requested.
  • URS does not currently operate the service as an advertising network, and it does not currently serve third-party ads inside the core product experience.
  • URS does not currently respond to browser Do Not Track requests through a separate standardized workflow.
06

Messaging, rooms, media, and moderation boundaries

URS uses server-side storage for messaging, room content, uploads, moderation, trust, billing, and audit workflows. URS does not currently claim end-to-end encryption, device-only storage, or server-blind message ownership.

  • Authorized staff may review messages, room content, media, and related records when moderation, reports, abuse response, billing disputes, security review, or legal obligations require it.
  • Project-scoped moderation and management tools may expose limited project or room records to the people who hold those permissions.
  • Private media is stored in provider-managed object storage and may be accessed through URS-controlled upload or read flows that use signed URLs or similar delivery controls.
  • Edited, blocked, removed, or deleted content may still remain in backups, evidence records, audit logs, moderation records, or billing and legal records.
07

Security and international transfers

URS uses technical and organizational measures intended to protect data, but no system is perfectly secure. Access is limited to providers and staff who need the information to operate, secure, or support the service.

  • URS and its providers may process or store information in the United States and other countries where those providers operate infrastructure or staff support functions.
  • By using the service, you understand that information may be transferred to and stored in jurisdictions with privacy laws that differ from those where you live.
  • If URS detects a fraud, abuse, or security incident, it may preserve, review, and disclose relevant records as reasonably needed to investigate, contain, notify, and comply with law.
08

Retention and deletion

URS keeps information for different periods depending on why it was collected, how the service is used, and whether legal, billing, trust, security, or safety reasons require continued retention.

  • Account, session, and settings records are generally kept while the account remains active and for a reasonable period afterward for recovery, fraud prevention, or compliance needs.
  • Billing, tax, refund, chargeback, and dispute records may be kept for the periods required by accounting, card-network, contractual, or legal obligations.
  • Moderation, trust, export, deletion, and security records may outlast the related content or account because they support audits, appeals, abuse prevention, and legal compliance.
  • Backups and processor-side deletion schedules run separately, so deletion requests do not guarantee immediate or universal hard deletion from every log, backup, processor, or evidence system.
09

Your choices and privacy requests

You can manage parts of your information through account settings and product controls where those controls exist. You can also contact URS to request help with access, correction, deletion, export, or other privacy questions.

  • Some information is required to operate the platform and cannot be opted out of while your account remains active.
  • URS may ask you to verify your identity before fulfilling a privacy request.
  • URS may refuse or limit a request when law allows, including when the request would violate another person's rights, expose security controls, or prevent URS from meeting fraud-prevention or legal obligations.
  • Depending on where you live, local law may provide additional rights. Send requests to administrative@ursrp.com.
10

Adults only and policy updates

URS is an adult-only service and is not intended for children. If URS learns that an account was created or used by someone under 18, URS may restrict or remove that account and related content.

URS may update this Privacy Policy as the service changes. Material updates will be published at this URL.