Privacy Policy

Last updated: May 23, 2026

Introduction

Digital Horizon Software LLC ("we", "us", or "our") operates mobile applications including SC Ship Database, Laneworks, Station Arkhon, and Open Verdict, as well as FinanceDash, a personal finance management application available as a desktop app and web app. This privacy policy explains how we handle information when you use our products.

Information Collection

The data we collect varies by app:

SC Ship Database does not collect, store, or transmit any personal information. It does not require user accounts or login credentials.

Laneworks collects the following when you choose to sign in with Google:

Display name, email address, and profile photo (via Google Sign-In and Firebase Authentication)
Purchase verification data when you make an in-app purchase (processed by Google Play; we do not store payment details)

Game progress and settings in Laneworks are stored locally on your device.

FinanceDash (Desktop App) stores all financial data locally on your device, encrypted with AES-256. We do not collect, transmit, or have access to your financial data. When you activate a Pro license, we store your license key and device identifier on our server (via Stripe) to manage your subscription.

FinanceDash (Web App) stores financial data in your browser's local storage on your device. No financial data is sent to our servers. The web app does not support bank account linking or local encryption.

If you use FinanceDash Pro features, the following may apply:

Bank Account Linking — processed through Plaid or Akoya. We store encrypted access tokens on our server to maintain your bank connection. We do not store your bank login credentials. Your use of these services is subject to their respective privacy policies.
AI-Powered Insights — if you enable AI features, transaction descriptions and amounts may be sent to a third-party AI provider (e.g., Anthropic, OpenAI) that you select. You provide your own API key, which is stored locally on your device. We do not store or have access to your AI API keys on our servers.
Stripe — subscription billing and license management is processed through Stripe. See: Stripe Privacy Policy

Station Arkhon collects the following when you sign in with Google:

Display name, email address, and profile photo (via Google Sign-In and Firebase Authentication)
Purchase verification data when you make an in-app purchase (processed by Google Play; we do not store payment details)
Game progress, which is stored in the cloud via Google Firebase Firestore and linked to your account

Open Verdict is an AI-driven detective fiction game. It collects the following when you use the game:

An anonymous device-linked identifier created automatically on first launch (used to bootstrap a guest account so you can play before signing in)
If you sign in: your display name and email address through Google Sign-In, Apple Sign In, or email/password authentication
Detective profile data — the detective name, pronouns, and portrait you choose during character creation
Game progress — cases you have started, accusations you have made (including which suspects you accused and which "tells" you selected), case outcomes and grades, and your current Assignment balance
Leaderboard data — your detective name and per-case accusation score are visible to other players on the in-game leaderboards
A device fingerprint (a stable per-device identifier such as iOS identifierForVendor or Android ID) used solely for fraud prevention and to rate-limit anonymous account creation per device
Purchase verification data when you make an in-app purchase (processed by Apple App Store, Google Play, and RevenueCat; we do not store payment details)
Interrogation messages — text you write to question suspects, Captain Reeves, the Coroner, and the Forensics specialist is sent to our backend and forwarded to Anthropic. Each in-game character is implemented as an AI agent with its own persona and role-locked behavior, all running on top of Anthropic's Claude. See the Third-Party Services section below for details.

Open Verdict's account data and game progress are stored on our backend servers (hosted by Railway on a PostgreSQL database) to enable cross-device sign-in. Some data may also be cached locally on your device for offline access and faster startup.

Open Verdict is offered as a free-to-play app with optional in-app purchases. The free tier consists of LLM-free scripted cases (no AI compute consumed during play). The paid Bureau Files catalog of AI-powered cases is unlocked through in-app purchase. Each paid purchase (Starter Pack, Detective's Edition, Bureau Premium subscription, or Bureau Insider pass) contributes an amount to a per-account fair-use AI compute budget. The amount each purchase contributes corresponds to the developer's net proceeds from that purchase after platform fees. The balance is stored as a single numeric counter in our database alongside each account's usage statistics. Each in-game LLM request in a Bureau Files case decrements this counter by the request's actual compute cost (computed from token counts returned by Anthropic). When the counter reaches zero, additional LLM requests are paused until a new purchase or renewal contributes to the budget. This is a transparency mechanism, not a profile-data point — the counter contains no personal information beyond a cents-of-compute number tied to your account.

Product analytics. To understand how Open Verdict is used and to improve the game, we record a small set of structural events in our database — for example, when a session starts, when a case is started or completed, when the paywall is viewed, when a purchase completes, and when a player runs out of Bureau credit. Each event records the event type, the time, your account id, the app version and platform (iOS, Android, or Web), and a small structured property bag containing only ids and enums relevant to that event (e.g. the case id, the suspect id, the product id, an accusation grade). We do not record interrogation message content, suspect dialogue, free-text typed input, IP addresses, precise location, contacts, or device sensor data in these events. Analytics are first-party only — events are written to our own PostgreSQL database (hosted by Railway) and are not sent to any third-party analytics vendor such as Google Analytics, Mixpanel, Amplitude, PostHog, or Segment. You can request deletion of your account, which deletes the associated analytics events along with the rest of your account data, by contacting us at the email address below.

If you purchase the Bureau Insider (BYOK) pass and choose to supply your own Anthropic API key, the key is stored locally on your device only — in the iOS Keychain on Apple devices and in EncryptedSharedPreferences (backed by the Android Keystore) on Android devices. We do not persist the key on our servers in any form: not in plaintext, not encrypted at rest, not hashed, and not in any backup. When you play a case with a Bureau Insider key on file, the key is transmitted to our backend with each in-game LLM request solely so that our backend can relay that request to Anthropic on your behalf using your key. The key is used for that single request and then discarded; it is excluded from all server logs by an explicit redaction rule, is never written to any database table or analytics event, and is never shared with any third party other than Anthropic itself. The interrogation message text itself is also sent to our backend and relayed to Anthropic (the same as for non-Bureau-Insider players); your Anthropic account, billed to your key, is what pays for the LLM tokens consumed by that request. If you remove your key in-app, the locally stored copy is deleted from your device; we have no copy to delete because we never had one.

To protect Bureau Insider users from runaway charges caused by a bug, an unattended device, or a shared key, we apply a rolling 24-hour safety cap on the amount that can be billed to your Anthropic account through Open Verdict. The cap is configurable in-app from a fixed set of options (currently $5, $10, $20, or $50 per day; the default for new users is $10). You cannot disable the cap entirely; this is by design — the cap exists to limit damage from outside-of-normal-play scenarios, not to throttle real engagement. For reference, a typical case (one investigation from briefing to accusation) consumes approximately $0.20 to $0.60 of Anthropic spend on Claude Sonnet 4.6, depending on how thoroughly the player interrogates suspects and how many in-game characters (Captain, Coroner, Forensics specialist, suspects) they engage. The default $10 cap therefore accommodates roughly 15 to 50 cases per 24-hour window; the $50 maximum allows considerably more. We track the spend consumed against this cap in our database as a numeric counter and a reset timestamp, plus a record of which cap option you have selected; we do not store the API key, the interrogation messages, or any other content from the request in this counter. The cap resets automatically every 24 hours. You can configure additional, lower spend limits directly on your Anthropic key in the Anthropic console for defense in depth. Cap option values may be adjusted from time to time; the in-app Bureau Insider screen always displays the current options alongside your usage so far in the window.

Third-Party Services

Our apps may use the following third-party services:

Google AdMob (SC Ship Database) — may collect device identifiers, IP address, general location data, and app usage data. See: Google Privacy Policy
Google Firebase Authentication (Laneworks, Station Arkhon) — processes sign-in data
Google Cloud Firestore (Station Arkhon) — stores game save data linked to your account
Google Cloud Functions (Station Arkhon) — processes purchase verification
Google Play Billing (Laneworks, Station Arkhon) — processes in-app purchases
Google Play Games Services (Station Arkhon) — achievements and leaderboards; may collect your Play Games profile and game activity
Stripe (FinanceDash) — processes subscription payments and license management. See: Stripe Privacy Policy
Plaid (FinanceDash Pro) — provides bank account linking. See: Plaid End User Privacy Policy
Akoya (FinanceDash Pro) — provides bank account linking via open finance APIs. See: Akoya Privacy Policy
Third-Party AI Providers (FinanceDash Pro) — if you enable AI features, data may be sent to providers such as Anthropic, OpenAI, Google, or others depending on your configuration. Their respective privacy policies apply.
Anthropic (Open Verdict) — the game uses multiple AI agents (each suspect, Captain Reeves, the Coroner, the Forensics specialist) which run on top of Anthropic's Claude API. Every interrogation message you send is forwarded to Anthropic together with the specific agent's persona prompt, your detective name, and case context (suspect identity, evidence collected, conversation history) so the agent can respond in character. See: Anthropic Privacy Policy. Bureau Insider (BYOK) users supply their own API key and their messages go directly from their device to Anthropic — see "Bureau Insider" above.
RevenueCat (Open Verdict) — handles in-app purchase verification, entitlement management, and subscription state across iOS and Android. See: RevenueCat Privacy Policy
Apple App Store / Google Play Billing (Open Verdict) — process in-app purchases on iOS and Android respectively
Apple Sign In and Google Sign-In (Open Verdict) — authentication providers for signed-in users
Google AdMob (Open Verdict) — displays interstitial advertisements between case sessions to free-tier players; when enabled, may collect device identifiers, IP address, general location, and app usage data. Players who hold the Remove Ads entitlement, the Starter Pack, the Detective's Edition, the Bureau Premium subscription, the Bureau Insider pass, or any other paid Open Verdict entitlement do not see ads (every paid purchase grants the Remove Ads entitlement as a side-effect). See: Google Privacy Policy
Railway (Open Verdict) — application and database hosting for our backend. See: Railway Privacy Policy
Cloudflare R2 (Open Verdict) — image and audio asset hosting for character portraits and music tracks. See: Cloudflare Privacy Policy

AI-Generated Content Disclosure (EU AI Act)

In compliance with the EU AI Act and analogous content-transparency requirements in other jurisdictions, we explicitly identify which content surfaces in Open Verdict are produced or assisted by artificial intelligence:

AI-generated, real-time: suspect dialogue and Captain / Coroner / Forensics specialist responses inside Bureau Files (paid) cases are produced by Anthropic's Claude in response to questions you type. These responses are generated fresh each play and are not pre-recorded.
Authored, not AI-generated: all dialogue and responses in free-tier scripted cases are written by the developer in advance. No AI is invoked when you play a free case.
AI-generated voice acting: all voice acting throughout the app (Captain narration, suspect alibi readouts, victim background, accusation reveal, era NPC introductions) is synthesized using ElevenLabs Voice Design from authored scripts. The voice characters' timbre and delivery are AI-generated; the words they speak are written by the developer.
AI-assisted artwork: character portraits, victim portraits, hero scene art, and decorative UI assets are produced using fal.ai's Flux 1.1 Pro image-generation model, guided by hand-curated prompts and composited by the developer.
Authored game design and structure: case design, suspect personalities, motives, evidence, killer identity, accusation tells, and storyline are written by the developer. The AI does not invent crimes or pick killers — it role-plays a pre-authored character within the bounds of a pre-authored case.

This disclosure is also presented inside the app's About screen.

Data Sharing

We do not sell or share your personal data with third parties beyond the services listed above.

Data Retention

Authentication data in Laneworks and Station Arkhon is retained in Firebase for as long as your account exists. Game save data in Station Arkhon is stored in Firebase Firestore and retained as long as your account exists. You may request deletion by contacting us. Local app data remains on your device and can be cleared by uninstalling the app.

FinanceDash financial data is stored locally on your device and is never transmitted to our servers. You can delete all local data at any time through the app's Data Management settings or by uninstalling the app. If you cancel your Pro subscription, your license key and device identifiers are retained by Stripe for billing record purposes. Encrypted bank tokens stored on our server are deleted when you disconnect a bank account.

Open Verdict account data, detective profile, game progress, and accusation history are retained on our backend for as long as your account exists. Interrogation message history is retained server-side per active case session, and for up to ninety (90) days after a case is closed (solved, wrong, or abandoned) to support resuming case play across devices and rendering accusation reveals; older session data is purged on a rolling basis. Analytics events (described above) are retained for eighteen (18) months. Upon a confirmed account-deletion request, your account record, detective profile, game progress, accusation history, analytics events, and any remaining case session data are deleted from our database within thirty (30) days. Anthropic's retention of forwarded message content is governed by their privacy policy linked above. You may request deletion of your Open Verdict account and associated data by contacting us at the address below.

Data Storage

Our apps may store data locally on your device for offline access and improved performance. Station Arkhon additionally stores game save data in the cloud via Google Firebase Firestore to enable cross-device access and data persistence. Open Verdict stores account data, detective profile, game progress, and active case session state in our PostgreSQL database hosted on Railway; player-facing character portraits and music tracks are stored on Cloudflare R2.

FinanceDash Desktop stores all financial data in an AES-256 encrypted file on your local device. The encryption key is managed by your operating system's secure credential store (macOS Keychain, Windows Credential Manager, or Linux Secret Service). FinanceDash Web stores data in your browser's localStorage, which is not encrypted — we recommend the desktop app for sensitive financial data.

Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal data. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion. If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, and data portability. To exercise any of these rights, please contact us at admin@digitalhorizonsoftware.com.

Because FinanceDash stores financial data locally on your device, we do not have access to it and cannot retrieve or delete it on your behalf. You can export or delete your data directly within the app.

Children's Privacy

Our apps are not directed at children under 13. We do not knowingly collect personal information from children under 13 years of age.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact Us

If you have questions about this privacy policy, or to exercise any of the data rights described above, please contact us at admin@digitalhorizonsoftware.com or by post:

Digital Horizon Software LLC
176 Mine Lake Ct
Raleigh, NC 27613
United States of America