Last updated: May 11, 2025
Overview
Artifex Arcanum is a free, browser-based tool for creating custom Dungeons & Dragons magic item cards. It is hosted as a static site on GitHub Pages and has no backend servers of its own. All of your card data lives in your browser.
Data We Store (In Your Browser)
All application data is saved exclusively in your browser's localStorage. This data never leaves your device except
when you explicitly choose to upload cards to Google Drive or Dropbox (described below).
The following categories of data are stored locally:
- App preferences — theme (light/dark), export quality, card scale, font defaults, and other UI settings.
- Card history — up to 50 card objects (or unlimited if you opt in), each containing the card's name, stats, description, and any images you add (stored as base64-encoded data).
- Collections — groupings of cards you create to organize your items.
- OAuth tokens — if you connect Google Drive or Dropbox, your access token and refresh token are stored locally so you stay connected between sessions. These tokens are never sent anywhere except back to the respective provider's API.
- Share cache — a local record of recently generated share links to avoid re-uploading unchanged content.
You can clear all locally stored data at any time via your browser's "Clear site data" setting, or by using the Clear All Data option in the app's Settings tab.
Google Drive Integration
Artifex Arcanum optionally integrates with Google Drive so you can upload card collections and generate shareable links. This integration is entirely opt-in — you must explicitly click "Connect Google Drive" to enable it.
OAuth scope used: https://www.googleapis.com/auth/drive.file
drive.file scope is the most restrictive scope available. It grants Artifex Arcanum access
only to files that the app itself creates. The app cannot read, modify, or delete any pre-existing
files or folders in your Google Drive.
What the app does with this access:
- Creates a folder named "Artifex Arcanum" in your Google Drive (only on first use).
- Uploads card JSON files to that folder when you use the Share feature.
- Sets uploaded files to be publicly readable so a share link can be generated.
The OAuth authorization flow uses PKCE (Proof Key for Code Exchange), which is the most secure flow for browser-based apps. Your Google credentials are never seen by Artifex Arcanum — you authorize directly with Google. A Cloudflare Worker acts as a stateless proxy solely to exchange the authorization code for tokens on your behalf (since Google requires a server-side client secret for this step). The Worker does not log or store any data.
Your access token and refresh token are stored only in your browser's localStorage under the key
dnd_share_token / dnd_share_refresh_token.
To revoke access: Visit Google Account → Security → Third-party apps with account access and remove "Artifex Arcanum". You can also disconnect from within the app's Settings tab.
Artifex Arcanum's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Dropbox Integration
Artifex Arcanum also optionally integrates with Dropbox for the same share-link feature. This too is fully opt-in.
What the app does with Dropbox access:
- Creates a folder named "Artifex Arcanum Cards" in your Dropbox.
- Uploads card JSON files to that folder when you use the Share feature.
- Creates shared links for uploaded files.
The same PKCE OAuth flow and Cloudflare Worker proxy are used. Tokens are stored only in your browser's
localStorage.
To revoke access: Visit Dropbox → Settings → Connected apps and remove Artifex Arcanum. You can also disconnect from within the app's Settings tab.
Third-Party Services
The app makes requests to the following external services:
- Google Drive API — only when you use the Google Drive share feature.
- Dropbox API — only when you use the Dropbox share feature.
- Cloudflare Workers (
artifex-arcanum.joefahey87.workers.dev) — a stateless proxy for OAuth token exchange and Dropbox CORS workarounds. No user data is logged or retained. - Google Fonts (
fonts.googleapis.com) — to load decorative fonts used in the UI. Google may log your IP address as part of a standard CDN request; see Google's Privacy Policy. - jsDelivr CDN — to load open-source JavaScript libraries (marked.js, html2canvas). jsDelivr may log standard CDN request metadata; see jsDelivr's Privacy Policy.
No data is ever sold to or shared with any third party beyond what is described above.
Images You Upload
Images you add to cards (background art, item art, card back art) are converted to base64 and stored locally in your browser alongside the card data. They are never uploaded to any server unless you explicitly use the Share feature, in which case they are included in the JSON file uploaded to your chosen cloud provider.
Data Retention & Deletion
Because all data is stored in your browser, you are in complete control. To delete your data:
- Clear all app data: Open the Settings tab → scroll to "Danger Zone" → click Clear All Data.
- Clear browser storage: Use your browser's built-in "Clear site data" or "Clear cookies and site data" for
www.artifexarcanum.ie. - Revoke cloud access: Disconnect Google Drive or Dropbox in the Settings tab, or revoke directly via your provider's account settings (links above).
Children's Privacy
Artifex Arcanum is not directed at children under the age of 13. We do not knowingly collect any information from children under 13. If you believe a child under 13 has used the app with a connected cloud account, please revoke that access via the provider's account settings.
Changes to This Policy
If this privacy policy changes, the updated version will be published at this URL and the "Last updated" date at the top of this page will reflect the revision date. Significant changes affecting data practices will also be noted in the app's changelog on GitHub.
Contact
Questions or concerns about this privacy policy can be sent to artifexarcanuminfo@gmail.com.