Privacy Policy

Effective Date: 24 October 2025
Last Updated: 24 October 2025

Summary Overview

What we do	Operate D&D Beyond Website, Mobile app, marketplace, and associated Services
Who We Are	Wizards of the Coast LLC (a Hasbro, Inc. Subsidiary) is the controller for D&D Beyond Services
What Data We Collect	Identity, Contact, Payment, Gameplay, Preferences, Device, Technical and Marketing Data (What Information is Collected About Me)
Your Privacy Rights	Access, correction, deletion, portability, objection, marketing opt-outs, depending (Form)
Data Sharing	With Hasbro Inc. group companies, vendors, legal authorities or with consent (With Whom Does Wizards Share My Information)
Children’s Data	Parental consent required under applicable law; supported via k-ID, a third-party privacy solution platform (Children’s Information)
Transfers	Your data is transferred globally with appropriate safeguards (e.g. Standard Contractual Clauses) (International Transfers of Personal Data)
Contact Us	Email: DPO@hasbro.com {Full details at the end of this Privacy Notice} (Contact Us)

Wizards of the Coast, LLC, a subsidiary of Hasbro, Inc., is a global leader in publishing and developing iconic games along with related digital content, mobile applications and community platforms. We offer immersive gaming experiences and fan engagement across physical, digital and event-based channels. In this Privacy Notice, “Wizards,” “we,” “us,” or “our” refers to Wizards of the Coast LLC and, where applicable, its affiliated entities.

This privacy notice (“Privacy Notice”) covers the Dungeons &aDragons Beyond website, the Dungeons & Dragons Beyond Marketplace and the Dungeons &Dragons Beyond mobile app (these products and services, together with their content and functionality, and related online products and services, are referred to collectively as the “Services”). It explains how Wizards collects, uses and discloses your personal data when you:

access and use the website <dndbeyond.com> (the “Site”) and related digital platforms;
access and use the ecommerce site known as D&D Marketplace (“Marketplace”);
interact with content, features, or functionalities available on the Site, including character builders, digital compendiums, and virtual tabletops;
download or use our D&D Beyond mobile application (the “App”);
purchase or subscribe to products and services offered through the Site, such as digital sourcebooks, adventure modules or subscription plans;
participate in online forums, community discussions or other interactive features on the Site;
communicate with us through customer support channels or other means related to D&D Beyond Services;
interact with us offline regarding Services or interact with us at offline events (for example, at fan conventions and in-person events).

Wizards is the controller of any Personal Data collected and Processed (as defined below) from your use of the Services. This means Wizards is responsible for determining the means and processes for handling Personal Data and for complying with privacy and data protection laws.

We ask you to take the time to read this Privacy Notice carefully.

If we collect and/or share Personal Data in a manner that differs from what is described in this Privacy Notice, we will notify you of the purposes for which Personal Data will be collected and/or with whom such Personal Data will be shared, whether via just-in-time notification at the point of collection or via an alternate notice.

If you are a California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah or Virginia or any U.S. state with a comprehensive data privacy law in effect, please see the “Additional State-Specific Disclosures” section below.

If you are in the EEA or United Kingdom, please see the “EEA/UK Annex” below.

Our EU Representative is:

Hasbro European Trading B.V.
De entrée 240, 1101 EE Amsterdam, NETHERLANDS dataprivacy@hasbro.com

Our UK Representative is:

Hasbro UK Ltd. 4 The Square, Stockley Park, Uxbridge
Middlesex, UB11 1ET UNITED KINGDOM dataprivacy@hasbro.com

For privacy related matters and inquiries, please write to us at any of the addresses found in this Privacy Notice, or email us at DPO@hasbro.com

The Entertainment Software Rating Board’s Privacy Certified privacy compliance and certification program (“ESRB Privacy Certified”) is approved by the United States Federal Trade Commission (“FTC”) to serve as a Safe Harbor under the Children’s Online Privacy Protection Act (“COPPA”). It permits participating members to display their seals to demonstrate compliance with established online information, collection, use and disclosure practices under COPPA and other United States data privacy laws. This Privacy Notice and the ESRB certification seals shown on the Site confirm Wizards is a valid licensee and participating member of ESRB Privacy Certified. To protect your privacy, we have voluntarily undertaken this privacy initiative and have had the Services reviewed and certified by ESRB Privacy Certified to meet established online information, collection, use and disclosure practices. As a licensee of this privacy program, we are subject to frequent audits of the Services and other online products and services operated by us, and other enforcement and accountability mechanisms administered independently by the ESRB.

Background
Changes to this Privacy Notice
What Information is Collected About Me
With Whom Does Wizards Share My Information
International Transfers of Personal Data
How We Safeguard Your Personal Data
How Long Do We Keep Your Personal Data
Analytics and Advertising
What are My Information Choices?
Children’s Information
State Specific Disclosures and Rights
EEA/UK Annex
Contact Us

BACKGROUND

We respect the privacy of our customers, and we are committed to keeping all your Personal Data secure.

We collect and use certain Personal Data, and we are responsible for ensuring that we use that Personal Data in compliance with applicable privacy and data protection laws.

We use the following definitions in this Privacy Notice:


User(s), You or Your:	means users of the Site, Marketplace, App and/or anyone whose Personal Data we collect and use in relation to the Services
Personal Data	means any information relating to an identified or identifiable living individual. An identifiable individual is one who can be identified, directly or indirectly by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.
Process, Processing, or Processed	means any operation or set of operations performed on Personal Data, whether by automated or manual means. This includes, for example: • Collecting, recording, organizing, structuring, storing, adapting or altering Personal Data • Retrieving, consulting, using or otherwise making Personal Data available • Transmitting, disclosing, disseminating, or sharing Personal Data • Aligning or combining Personal Data with other information; and • Restricting, Erasing, deleting or destroying Personal Data.

This Privacy Notice applies solely to Personal Data and other information collected through the Site and related digital Services that link to this Privacy Notice. It does not apply to any other data collection by Wizards, its parent company Hasbro, Inc., or other affiliates, whether offline or through other websites, mobile applications, or online services (e.g. social channels).

For clarity, this Privacy Notices does not apply to any websites, mobile applications, or online services offered by third parties, including those that may be linked from our Services. We encourage you to review the privacy notices of those third parties before providing them with your Personal Data or using their services.

CHANGES TO THIS PRIVACY NOTICE

We encourage you to review this Privacy Notice whenever you access the Site and/or use the Services to stay informed about how we collect, use and disclose Personal Data.

We may update this Privacy Notice from time to time. When we make changes, we will revise the “Last Updated” date the top of this Privacy Notice. If we make material changes to the Privacy Notice that significantly impact your rights or how we Process your Personal Data, we will provide you with additional notice—such as sending you an email at the last email address you provided to us or by prominently posting notice of the changes on the Site.

When required by applicable law, we will seek your affirmative consent to material changes before they take effect.

Your continued use of the Site and related Services after any changes become effective (and, where applicable, after providing consent) constitutes your acceptance of the updated Privacy Notice.

WHAT INFORMATION IS COLLECTED ABOUT ME

Information That You Provide

Many of the products and/or services offered by Wizards on the Site require us to obtain Personal Data to provide you with the requested functionality, content or support. We collect Personal Data when you:

a. Create an account or subscribe to the Services;
b. Make a purchase or initiate a transaction;
c. Participate in contests, events, or promotions;
d. Submit questions or feedback to us, or contact Wizards’ customer service;
e. Complete online surveys or feedback forms;
f. Sign up for marketing and other email alerts, such as product or content updates or releases;
g. Play in campaigns, including enabling or participating in content sharing within a campaign;
h. Create, save or modify character profiles or sheets;
i. Create, save or modify game campaigns and custom homebrew content;
j. Link or connect to social media accounts, or share content on social media;
k. Generate a link to your custom content to share outside of D&D Beyond; and
l. Otherwise communicate with us through the Services.

In the EU and UK, we process this Personal Data for our business and operational needs and, when required by applicable law under recognized legal bases, (e.g. to fulfill our contract with you, to pursue our legitimate interests, to comply with legal obligations, or, where required, based on your consent).

You may be unable to access the Services, or applicable parts of the Services, if you do not provide or permit the collection and use of Personal Data.

In relation to the Services and depending on how you choose to interact with the Services, we or our service providers, collect and process the following kinds of Personal Data about you:

Identity Data Includes first name, last name, username or other identifier, date of birth, country of residence and account credentials
Contact Data Includes billing address, delivery address, email address and telephone number
Financial Data Includes bank account details, payment card details or other payment information (collected and processed by our third-party payment processors)
Transaction Data Includes details about purchases, subscription activity, transaction history and fulfillment status
Basket Data Includes details about the items placed in your basket or cart and whether or not they were purchased
Technical Data Includes IP address, login data, browser type, time zone setting and location, browser plug-in types, operating system and platform, device ID
Usage Data Includes information about how you use and interact with our Site and our Services, product searches, browsing activity, character creation activity, campaign participation and gameplay-related interactions
Marketing and Communications Data Includes your preferences in receiving marketing from us and our third-party partners, your communication preferences, what marketing and communications have been sent to you, how you interacted with such marketing and communications, and unsubscribes and opt-outs
Profile Data Includes information about your interests, preferences, participation in the Services, survey response and feedback; your username and password, purchase or orders made by you, product preferences.
Social Media and Integration Data Includes information you choose to share with us via third-party platforms (such as when linking a social media account or sharing D&D Beyond content), which includes your social media handle, profile picture, or other associated identifiers

In some cases, we may receive Personal Data about you from other D&D Beyond users. For example, this may happen if:

Another user invites you to join a campaign or share content;
A user sends you a digital gift, such as a product code or subscription; or
A user otherwise provides your information to us in connection with features of the Services.

We use this information only to fulfill the user’s request (for example, to enable the campaign invitation or deliver the gift). We will not send you marketing or other unrelated communications unless you separately consent to receive them.

Information We Collect or Generate About Your Use of the Services

When you visit our Site or use our Services, we collect or generate information relating to your activity and interactions. This includes:

Information About Your Purchases and Use of the Services

We collect or generate Transaction, Usage, and Profile Data to maintain records of your purchases (such as digital books, subscriptions or other content), and to understand how you engage with features like character creation, campaign management, and digital tools. This helps us improve and personalize your experience.
Information About Your Support and Contact History

We collect or generate Contact, Usage, and Profile Data related to your communications with us (for example, when you contact Customer Support or submit feedback). This allows us to provide safe, efficient, and effective support and improve our Services.
Activity Data Relating to Campaigns, Characters and Published Content

We collect or generate Usage and Profile Data when you create or update characters, join or manage campaigns, share content within campaigns, or publish content on the Site (such as reviews, comments or forum posts). If you choose to upload or share images, profile details, or other content, this information may also include Personal Data.

Information We Collect Automatically

When you use the Site and Services, we and our service providers automatically collect certain information about your device and how you interact with the Services (collectively, “Online User Activity”). This includes:

Your IP address;
Device and browser details (such as operating system, browser type and version, device model, and language settings);
Access times and pages or features you use;
The URL of the website you visited before navigating to our Services;
If you use a mobile device, your mobile carrier, operating system version, and app interaction data;
Aggregated or statistical data about how the Services are accessed and used (for example, number of sessions, feature usage, and retention).

We collect this information to support the functionality, security and performance of the Services, and to help us better understand and improve the user experience.

Technologies We Use

We and our service providers, use a variety of technologies to collect Online User Activity, including

Cookies

Cookies are small text files stores on your device that help us and our partners remember your preferences, support security features, understand usage patterns, and provide personalized content and advertising. For more details, including how to manage your cookie choices, please see our separate Cookie Notice.

Clear GIFs (Web Beacons)

These are small electronic images embedded in web pages, emails or advertisements that help us track activity (such as whether an email has been opened), measure campaign effectiveness, and personalize content.

Log Files

Our servers automatically record log file information, which may include IP address, device format, device identifiers, browser type and usage data such as pages visited and interactions with the Services.

Analytics and Telemetry

We use analytics tools to understand how users interact with the Services in an anonymized or pseudonymized or aggregated way. This helps us troubleshoot issues, measure performance, and improve features.

Marketing Retargeting

If you opt-in to receive marketing communications, we use information about your interactions with the Services to deliver personalized offers and promotions related to D&D Beyond products and features.

We associate the information collected automatically with other information you provide to deliver the Services and for the purposes described in this Privacy Notice.

Information Collected from Other Sources

In addition to the information you provide directly or that We collect automatically, we may obtain Personal Data from you from other sources and combine it with information we already hold. These sources include:

Social Media and Platform Integrations

If you choose to link your D&D Beyond account with a social media account, or if you engage with our content on a social media platform (such as by “liking” or “sharing” content, or logging in with a third-party credential), we receive limited information from that platform in accordance with your privacy setting and the platform’s authorization procedures. This includes your name, username, profile information, friends or connections (if you permit sharing) and your engagement with our content.

Business Partners

We receive information from partners that offer co-branded services, run joint campaigns or provide marketing and advertising activities on our behalf.

Publicly Available Sources

Where permitted by law, we may collect limited Personal Data about you from publicly accessible sources. This may include information available on public forums, social media platforms or other online resources but only when reasonably necessary to help ensure the safety, integrity, and security of our players, communities and Services.

Service Providers

We receive information from third-party providers who support our Services, such as e-commerce platforms, payment processors, fraud-prevention partners, delivery providers, or technical service providers.

We use this information to help improve and personalize the Services, and for the purposes described in this Privacy Notice.

WITH WHOM DOES WIZARDS SHARE MY INFORMATION

We share your Personal Data with the following categories of recipients:

Our Group Companies

Other companies within the Wizards group that provide operational and data processing support (for example, to host the Services, provide functionality, enhance security, or deliver customer support)

Service Providers Acting on Our Behalf

We engage carefully selected third-party providers who process Personal Data as instructed by us and under strict contractual obligations. These include:

Payment providers, who process Identity, Contact and Financial Data to complete purchases and subscriptions
Data analytics providers, who process Transaction, Technical, and Usage Data to help us understand how the Services are used and how we can improve them
Marketing and advertising providers, who process Identity, Technical and Usage Data to help us deliver relevant offers and campaigns
Technical providers, who process Technical and Usage Data to provide secure hosting, maintenance, and support services.

Independent Partners

We share information with partners who act as independent controllers (meaning, they decide how to process the data). These include:

Delivery partners, who use Identity and Contact Data to deliver physical products
Third-party platforms or services, such as social media networks, when you choose to share your activity or content from D&D Beyond. In these cases, your data will also be subject to the third party’s privacy notice.

Legal and Regulatory Authorities

We disclose Personal Data to law enforcement, regulators, government agencies, courts, or other third parties when necessary to:

Comply with applicable laws, regulations, or legal processes;
Protect our rights, property and users (including enforcing our Terms of Use, Code of Conduct, and prevent fraud or misuse): or
Protect the safety of our users, employees or others

Corporate Transactions

In the event of a merger, acquisition, reorganization, or sale of assets, we may be required to share Personal Data with prospective or actual buyers, investors, or their advisers as part of that transaction. Any buyer receiving your Personal Data will be required to use your Personal Data only as described in this Privacy Notice.

With Your Consent

We may share your Personal Data with other parties if you have been notified or expressly consented to such sharing.

Social Sharing Features

The Services include social sharing tools or integrations (for example Discord, Twitch or similar widgets) that allow you to share your activity on the Site with other platforms, or to bring in content from those platforms. If you use these features, information can be shared with your friends, contacts, or the public, depending on the settings you establish with the third-party platform.

In addition, the Site allows you to share content within the platform itself—such as enabling content sharing in a campaign or distributing character sheets to other players. This type of sharing is controlled by you (or, where applicable, by the campaign organizer) and is limited to the players or participants you choose to share with.

For more information about how those platforms collect and process your Personal Data, please review the privacy notices of those third-parties that provide these features. Please note that once information is shared on Discord, Twitch or any third-party platform, Wizards does not control how that platform uses, stores, or further shares your information.

Links to External Sites and Services

The Services include links to, or integrations with, websites, applications, or online services not operated by Wizards (for example, Discord, Twitch or other partner services). If you choose to engage with these external services—such as logging in with a third-party account or posting your character sheet to a Discord server or streaming D&D Beyond content through Twitch—your Personal Data will be subject to that third-party’s terms and privacy practices.

We encourage you to review the privacy practices of any third-party site or service before providing them with your Personal Data.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

The Site is operated by Wizards, a Hasbro company headquartered in the United States, and our players and operations are located around the world. As a result, we collect and transfer Personal Data on a global basis. This means your Personal Data is transferred and processed in countries outside your country of residence. These countries may have data protection laws that differ from those in your country of residence.

Our primary services are located in the United States, and we also rely on group companies, service providers, and business partners that may process Personal Data in the United States and other countries. Whenever we transfer your Personal Data internationally, we do so in compliance with applicable data protection laws and ensure that your information is safeguarded appropriately.

For residents of the European Economic Area (EEA) and the United Kingdom, we implement appropriate safeguards for cross-border transfers, such as the use of Standard Contractual Clauses (SCCs), international data transfer agreements, or other lawful mechanisms approved under applicable law. Further information can be found in the EEA/UK Annex below.

You can request more information about the safeguards we use by contacting us using the details provided in the How to Contact Us section below.

HOW WE SECURE YOUR PERSONAL DATA

We use a combination of technical, organizational, and administrative safeguards to protect your Personal Data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. Measures we use include:

Encryption of data in line with industry standards.
Access controls that limit Personal Data access to employees or contractors with legitimate business need.
Identify verification procedures when you contact us about your account, transactions, or Personal Data, to help ensure that only you (or someone authorized by you) can access your information.
Periodic, at least annual, reviews of our security practices to take account of new technologies and evolving threats.

If you create an account with us, it is your responsibility to keep your login credentials secure and confidential. We recommend that you use a unique and strong password and update it regularly.

Please note that while we take reasonable steps to protect your Personal Data, no security system is completely secure. In the unlikely event of a data breach affecting your Personal Data, we will notify you when required under applicable law.

HOW LONG WE KEEP YOUR PERSONAL DATA

We keep your Personal Data only for as long as reasonably necessary to fulfill the specific purposes described in this Privacy Notice, unless a longer retention period is required or permitted by law.

In general, we keep your Personal Data while you have an active Wizards or D&D Beyond account or while we have an ongoing legitimate business need to do so. This may include:

providing you with Services you have requested;
meeting our legal, tax, or accounting obligations;
resolving disputes, troubleshooting issues, or responding to requests;

maintaining appropriate business and financial records;
protecting our rights, users and Services.

In some cases, we keep certain information even after your account has been deleted. Examples include:

complying with legal obligations (such as tax requirements or responding to lawful requests from authorities);
retaining records or contests, sweepstakes, or promotions as required by law;
defending or pursuing legal claims;
keeping a record of privacy requests (such as data access or deletion request) to demonstrate compliance with data protection laws; and
enforcing our Code of Conduct—if you are found to have violated our Code of Conduct, we retain identifying and enforcement-related information to ensure that you are not able to re-register or continue to use the Services.

When we no longer have a legitimate need or business obligation to process your Personal Data, we will delete or anonymize it. If immediate deletion is not possible (for example, because it is stored in backup systems), we will securely store the data and isolate it from further use until deletion is possible.

Retention Schedule

We retain Personal Data for different periods on the type of information and the purpose for which it is used. Our retention periods are:

Category of Personal Data	Examples	Retention Period
Account Data	Name, email address, login credentials	While account is active, and up to 2 years after deletion
Transaction & Payment Data	Purchase history, billing details, payment method (via payment processor)	As required by local tax/accounting law, but in no case, no longer than 7 years
Character & Campaign Data	Characters you create, campaign participation history, shared content	While account is active, and up to 2 years after deletion (unless earlier deletion is requested)
Customer Support Data	Requests, complaints, correspondence with support	3 years after resolution of request
Marketing & Communications Data	Marketing preferences, engagement with emails	Until you withdraw consent or opt out
Contest/Promotion Data	Sweepstakes entries, prize winner information	3–5 years (depending on jurisdictional requirements)
Legal/Regulatory Data	Records of data subject requests, legal claims, law enforcement inquiries	Duration of legal requirement or claim
Backup Archives	System backups that may include Personal Data	Retained securely until automatically overwritten (typically within 12–24 months)

ANALYTICS AND ADVERTISING

We use analytics and advertising tools to understand how players use the Site, improve our Services, and deliver more relevant content and offers. The specific tools we use are described in our Cookie Policy, which also provides more information about your rights and choices. You can manage your preferences at any time using our cookie management tool.

Website and Mobile Analytics

We use services such as Google Analytics and advertising tags to help us analyze how users access and interact with the Site. These tools use cookies, pixels, and similar technologies to collect data such as:

your IP address, device type, and browser details;
the pages and features you use;
time spent on pages, links clicked, and ads viewed; and
general information about how you navigated to the Services.

We use this data to:

improve performance and usability of D&D Beyond;
understand which features are most popular;
measure and report on overall usage trends; and
improve your player experience.

Internet-Based Advertising

We work with advertising networks, agencies, and technology partners to show you ads for D&D Beyond and related products and other websites and mobile applications. These third-parties may use cookies, pixels and similar tools to collect information about your browsing activity over time and across different sites and Services. This may include:

pages you view, time spent on pages, and links you click;
your IP address, browser, and device details; and
Whether you purchased an advertised product.

This information helps us (and our partners) deliver ads tailored to your interests and sometimes link your activity across different devices.

Matched Ads

We also deliver “matched ads” on other platforms (for example, through Facebook Custom Audiences or similar services). This works by uploading a customer list (such as hashed email addresses) to a partner platform or by using a tracking pixel on D&D Beyond. The platform then compares our data with its own to identify users (or users with similar interests) who may see our ads.

We also work with partners to deliver matched ads using data in their databases, combined with ours. These partners process the data in accordance with their own privacy practices.

WHAT ARE YOUR INFORMATION CHOICES

You’re in control. You can update your account details, delete your account, decide whether to get promotional emails, manage cookies, and even limit how we use data for analytics and ads. We may need to keep some information for legal or security reasons, but otherwise you get to decide.

Managing Your Account

If you have created an account with Wizards or D&D Beyond, you may review or update the contact details and other information we hold about you by signing into your account or by contacting us through the methods listed in the Contact Us section below.

If you wish to permanently delete your account and associated information, you may submit a request through our Account Deletion Form. Please note that access, deletion, and other privacy rights may vary depending on your jurisdiction. If a right you believe should apply to you is not available through our tools, please contact us using the details in the Contact Us section and we will review your request.

When contacting us by email, please include the name of the service (D&D Beyond) and the email address you used to register, so that we can verify your request. Please note that, in some cases, we may need to retain certain information after account deletion, as described in the section How Long Do We Keep Your Personal Data.

Promotional Communications

We may send you promotional emails or notifications if you have signed up to receive them. You can opt out of promotional communications at any time by:

selecting the “unsubscribe” link in a promotional email,
adjusting your communication preferences in your account settings, or
contacting us through the methods listed in the Contact Us section.

Even if you opt out of promotional communications, you may still receive transactional or service-related messages, such as updates about your account, purchases, or campaign activity.

Cookies

You may manage your cookie preferences at any time through our Cookie Settings tool. Please note that disabling certain cookies may affect the functionality or availability of features within the Services. For more information, please review our Cookie Notice.

Analytics and Interest-Based Advertising

Google Analytics: You may opt out of Google Analytics data collection by installing the browser add-on available at tools.google.com/dlpage/gaoptout.
argeted Advertising: Some of our advertising partners participate in industry opt-out programs. To learn more or opt out, you can visit:
- www.aboutads.info/choices (DAA opt-out)
- www.networkadvertising.org/choices (NAI opt-out)\
  
  Please note that opting out limits ads served by those participants but does not mean you will stop receiving ads altogether.
Matched Ads: To opt out of matched ads, please contact us using the details in the Contact Us section and specify that you wish to opt out. You may also directly contact the third-party platform (such as Facebook) to manage your ad preferences.
Mobile Devices: You may limit the use of information collected from your mobile device for advertising purposes by adjusting your device settings:
- “Limit Ad Tracking” (iOS)
- “Opt out of Ads Personalization” (Android)

Please note that opt-outs apply only to the specific browser or device you use. Wizards is not responsible for the effectiveness of third-party opt-out tools or programs.

Global Privacy Control (GPC) and Do Not Track (DNT)

Your browser may allow you to enable signals such as “Do Not Track” (DNT) or Global Privacy Control (GPC). While our Services do not currently respond to DNT signals, if we detect a GPC signal, we will interpret it as a request to opt out of the sale or sharing of your Personal Data for targeted advertising, in accordance with applicable law.

CHILDREN’S INFORMATION

A Note to Parents

This Site and its Services are designed for a wide range of players but are not intended for use by individuals under 13 (“Children” or “Child”). In general, Children may only access the Services if we have obtained verifiable parental consent in compliance with the U.S. Children’s Online Privacy Protection Act (“COPPA”) and other applicable children’s privacy laws.

If you are a parent or guardian, we encourage you to review this Privacy Notice with your Child so they understand how the Services work and what information may be requested. If you have questions about how we handle Children’s information, or about our compliance with COPPA, please contact us using the details in the Contact Us section.

Verifiable Parental Consent with k-ID

To help us manage parental consent, Wizards partners with k-ID, a third-party parental consent platform.

When a Child attempts to create an account with us:

They will be asked to provide their full date of birth and their country of residence;
If their date of birth shows the Child is under the applicable age of digital consent in their jurisdiction, they will be prompted to provide a parent’s email address;
The parent will then receive an email from k-ID with instructions to log in and complete the consent process through k-ID’s secure platform;
Any information the parent provides during this process is collected, processed and stored by k-ID, in accordance with k-ID’s own privacy policy and practices;
Once the parent has provided consent through k-ID, We will be notified that the parent has consented to the Child’s account creation and only then shall the Child be able to access the Services offered to our account holders.

Parents using k-ID will also:

Be notified if there are any material changes to the Services that affect their Child’s use;
Have the ability to review, modify or revoke consent at any time by logging into their k-ID account; and
Manage their Child’s account access and permissions securely through the k-ID platform.

For clarity, this consent process not only applies to Children under the U.S. COPPA rule, but also in other jurisdictions where local rules require parental authorization for Children under the age of digital majority or other minors to use online services.

Collection, Use and Sharing of Children’s Information

Only with verifiable parental consent will we collect, use and disclose Children’s Personal Data, or when a parent or guardian provides the Personal Data directly.

During account registration, users must provide their date of birth. Users identified as Children under the age of digital majority or as minors requiring parental consent under applicable law are taken through the parental consent process described above.
Parents may consent to our internal use of their Child’s information while prohibiting disclosure to third parties (except where necessary to operate the Services).
In some cases, we collect limited information without parental consent, but only where permitted by law and solely for purposes that support the internal operations of our Services. This includes the collection and use of persistent identifiers, such as IP addresses, device identifiers, or essential cookies that are necessary to:
- Authenticate and maintain user sessions, ensuring that players remain securely logged in;
- Enable core Site functionality, such as character creation, campaign management and saving progress;
- Protect network and system security, including detecting fraud, abuse or attempts to violate our Code of Conduct;
- Measure service performance and reliability, such as load times, crash reports and basic usage analytics;
- Support payment processing and fraud prevention, where applicable; and
- Comply with legal and regulatory requirements, including security and retention obligations.

These essential technologies do not collect Personal Data beyond what is necessary for these internal functions and are not used to track activity across websites or for advertising, marketing or user profiling.

If we discover that we have collected Children’s Personal Data in violation of applicable law, we will promptly delete it.

Parental Access and Control

If you are a parent or guardian who has given consent, you may, at any time:

Review, correct or delete your Child’s Personal Data; and/or
Withdraw consent and request that we stop collecting, using or sharing your Child’s Personal Data.

To exercise these rights, you may log into your K-ID account to manage your Child’s access or contact us through the Contact Us section. To help verify your request, please include your Child’s name and email address, your own name and email address, and the area of the Services your Child registered with.

U.S. STATE SPECIFIC DISCLOSURES AND RIGHTS

This section describes the additional privacy rights and disclosures that apply to residents of certain U.S. states. Currently, these include (but are not necessarily limited to) California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Jersey, Oregon, Texas, Utah and Virginia. (We anticipate adding more states over time.

Under state privacy laws (such as California’s California Consumer Privacy Act (CCPA) and the privacy laws of the states listed above), residents have enhanced rights over their Personal Data – including the rights to access, correct, delete, or opt-out of certain processing (such as targeted advertising or sharing).

Notice of Collection

We or our service providers have collected the categories of Personal Data described in this Privacy Notice in connection with your use of the Site and its Services. These categories include:

Identifiers: such as name, address, email address, IP address, and account identifiers
Customer records: billing information, contact data
Commercial Information: purchase history, subscriptions, engagement with content
Internet activity: interactions with the Site, pages viewed, browser and device data
Geolocation data
Inferences: preferences, interests or product affinity

When required by law, we will provide this information covering at least the 12-month period prior to your request. In some cases, we will provide a longer period of information where required or permitted by applicable law.

For more about what information we collect and where we get it, see the “What Information We Collect” section above.

We do not engage in “cross-context behavioral advertising” as defined under the CCPA.

Some state laws give you the right to opt out of certain advertising or data sharing. Please see “Right to Opt-Out” section below for details.

Right to Opt-Out

Under certain state privacy laws, you have the right to opt-out of:

• The sales or sharing of your Personal Data to third parties for advertising purposes,

• Targeting advertising (or combining your data across services for ad purposes), or

• Certain profiling or automated decision-making for marketing.

If applicable, you may submit a request to opt-out via our online-opt out Form. Once you opt-out we will cease sharing your data with relevant advertising partners for those purposes.

If you are an account holder, you may navigate to dndbeyond.com, sign into your account, navigate to “preferences” and check the appropriate box.

Right to Access, Correct, or Delete Your Information

As a resident of a state with applicable privacy law, you have the right to request:

The categories of Personal Data we have collected about you;
The sources from which we collected that information;
The categories of Personal Data disclosed for a business purpose;
The third-parties to which we disclosed Personal Data;
The purposes for which we collected or disclosed such information; and
The specific pieces of Personal Data we hold about you.

You may also request that we correct inaccuracies, or delete your Personal Data (subject to certain legal exceptions).

To submit a request, please use our toll-free number (if applicable), our online Form, or email us at dpo@hasbro.com. In your request, please specify which right you are exercising and provide sufficient information to help us verify your identity. We aim to acknowledge receipt within 10 business days and respond within 45 days (with possible extension of another 45 days in certain cases).

In jurisdictions with different or shorter legal timelines, we will meet the response deadlines under applicable local law.

If we cannot verify your identity or the request does not meet legal criteria, we reserve the right to deny the request.

Appeals Process

If we deny your request in whole or in part, you may have the right to appeal our decision under state privacy laws (e.g. Colorado, Connecticut, Virigina) by emailing us at DPO@hasbro.com. To the extent possible, please describe the basis for your appeal. We will endeavor to provide a prompt response. If we deny your appeal or you remain unsatisfied, you also have the right to contact your state’s Attorney General.

Authorized Agent

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly with you.

Minor’s Data

Wizards is committed to protecting the privacy of younger users.

We do not knowingly sell or share the Personal Data of children under 13 years of age (or the age of digital consent in their jurisdiction) without obtaining verifiable parental consent, as required under COPPA and other applicable laws.

For teen users between the ages of 13 and 18, D&D Beyond applies a global affirmative opt-in standard. Regardless of where the user resides, teens must actively provide consent through our consent banner or other clear mechanism before we use their Personal Data for activities such as targeted advertising, personalization, or marketing.

This global approach is designed to meet requirements under U.S. state laws (including those in California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Oregon and others) that grant minors aged 13-17 additional control over their information. It ensures that no teen’s Personal Data is shared or used for targeted advertising unless they have affirmatively opted in.

Teens – or their parents or guardians—may withdraw consent or update data preferences at any time through account settings or by contacting us directly. If we learn we have collected or shared Personal Data without the required consent, we will promptly delete the information and correct our records.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment by us for the exercise of any of your rights, and we do not discriminate against anyone for exercising such rights.

California Residents – SHINE THE LIGHT

Since 2005, California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding Our disclosure of personal information to third-parties for their direct marketing purposes. If you have any questions regarding our disclosure policy, however, please contact us at:

Hasbro, Inc.
Attn: App Administrator
1027 Newport Ave., Mailstop A906
Pawtucket, RI 02861

(800) 255-5516

Wizards of the Coast
Attn: Customer Support
P.O. Box 707
Renton, WA 98057-0707

(800) 324-6496

EEA/UK/SWISS ANNEX

This annex provides additional disclosures for individuals who reside in the European Economic Area (EEA), Switzerland (Swiss) or the United Kingdom (UK).

Your Rights

If you are located in the EU, Switzerland or the UK, you have the following rights in relation to your Personal Data:

Right of access: to request information about how we process your Personal Data and obtain a copy of the data we hold about you.
Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before consent was withdrawn or processing carried out on other lawful bases.
Right to data portability: in some circumstances, to receive certain Personal Data you provided in a structured, commonly used, and machine-readable format, and/or request that we transmit it to another controller (where technically feasible).
Right to rectification: to request correction of inaccurate or incomplete Personal Data.
Right to erasure: to request deletion of your Personal Data in certain circumstances. Please note that in some cases we may be legally entitled to retain it.
Right to restrict processing: to request that we limit our processing in certain circumstances.
Right to object: to object to processing in certain circumstances, including for direct marketing purposes (you may opt out of marketing at any time).
Right to lodge a complaint: to complain to your local supervisory authority if you are unhappy with how we process your Personal Data.

To exercise any of these rights, please use our Form or contact us using the details in the Contact Us section.

Our Legal Bases for Processing

We only process your Personal Data where we have a valid legal basis under the GDPR/UK GDPR. Depending on the activity, the legal basis may be:

Performance of a contract: where processing is necessary to deliver the Services you request (e.g., creating an account, processing purchases, or enabling campaigns).
Consent: for activities such as marketing communications, cookie-based tracking, or personalized advertising, where required by law.
Legitimate interests: where processing is necessary for our business operations in a way that does not override your rights and freedoms (e.g., fraud prevention, service improvements, analytics).
Legal obligation: where processing is necessary to comply with laws (e.g., tax, anti-fraud, or data security requirements).
Vital interests: in rare cases, to protect life, health, or safety.

A detailed table mapping purposes, types of data, and lawful bases is included below to ensure transparency.

Purpose/Activity	Types of Data	Lawful Basis for Processing Including Basis of Legitimate Interest
Provide access to D&D Beyond, including registering a new account and enabling use of digital tools (e.g. character sheets, campaign management)	(a) Identity (b) Contact	(a) Performance of a contract with you (b) Otherwise (where we do not have a relevant contract with you), it is necessary for our legitimate interests in providing you access to the Site and related functionality to site visitors
Process and deliver purchases (digital content, subscriptions or other products), including payment and order confirmations	(a) Identity (b) Contact (c) Financial (d) Transaction (e) Basket (f) Marketing and Communications	Performance of a contract with you.
Collect and recover money owed to us	(a) Identity (b) Contact (c Financial (d) Transaction (e) Marketing and Communications	Necessary for our legitimate interests (to recover debts due to us)
Manage our relationship with you, which includes: (a) Notifying you about changes to our terms or Privacy Notice (b) Sending you technical notices, updates, security alerts, and support and administrative messages (c) Responding to your comments, questions, request, and providing customer service	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communication	(a) Performance of a contract with you; (b) Legal obligation (e.g. GDPR breach notice duties)
Study how customers use D&D Beyond and related services and understand feedback on products/services	(a) Identity (b) Contact (c) Profile (d) Usage (e) Transaction (f) Basket (g) Marketing and Communications	Legitimate Interests (to study usage, develop and improve services, and grow our business)
Enable participation in promotions, contests or sweepstakes	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Transaction (g) Basket	Performance of a contract with you
Administer and protect our Services (troubleshooting, fraud prevention, data security, maintenance, hosting	(a) Identity (b) Contact (c) Technical (d) Transaction (e) Basket	(a) Legitimate interests (for IT, security, fraud prevention, business reorganization); (b) Legal obligation (e.g. anti-fraud, GDPR security measures)
Operate and improve the Services, including by linking or combining your Personal Daa with other information we get from our service providers or other parties, or information related to your interaction with other Wizards or Hasbro sites or online services	(a) Identity (b) Contact (c) Profile (d) Usage (e) Technical (f) Transaction (g) Basket	(a) Performance of a contract with you; (b) Legitimate interests (to ensure services operate effectively); (c) Consent (where required)
Personalize your experience with the Services, including through Site features such as product search results and product recommendations	(a) Identity (b) Profile (c) Usage (d) Technical (e) Transaction (f) Basket	(a) Consent (for targeted ads/cookies) (b) Legitimate interests (to inform marketing strategy and understand interests)
Deliver advertising and measure effectiveness	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical (g) Transaction (h) Basket	(a) Consent (for targeted ads/cookies) (b) Legitimate interests (to inform marketing strategy and understand interests)
Monitor Site performance, usage and retention (e.g. feature use, campaign activity, bug tracking)	(a) Technical(b) Usage(c) Basket	(a) Consent (cookies/telemetry);(b) Legitimate interests (to analyze performance and inform development)
Internal business purposes, including tracking and measuring product sales and information, management and administration of our business, and administration of databases storing Personal Data	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical (g) Transaction (h) Basket	Legitimate interests (for running our business)
Share information with law enforcement and others, in circumstances where someone’s vital interests require protection, such as in the case of emergencies. These vital interests include protection of your (or in exceptional circumstances, someone else’s) life, physical or mental health or integrity or that of others.	(a) Identity (b) Profile (c) Contact (d) Communications (e) Usage (f) Technical (g) Transaction	Necessary to protect vital interests (life, safety, health)
Share information with law enforcement and public authorities where necessary to protect against fraudulent, abusive, inappropriate, or unlawful use of the Services; and to protect the safety of Wizards, Hasbro or any person or entity	(a) Identity (b) Profile (c) Contact (d) Communications (e) Usage (f) Technical (g) Transaction	(a) Legal obligation (e.g. fraud laws, regulatory requirements) (b) Legitimate interests (to protect safety, integrity, and prevent fraud)
Provide suggestions and recommendations to you about aspects of the Services and products that may be of interest to you	(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications (g) Transaction (h) Basket	Legitimate interests (to develop products and grow our business, where consent is otherwise not required)
Send promotional communications (e.g. newsletters product updates, offers, event notices)	(a) Identity (b) Contact (c) Profile (d) Marketing and Communications (e) Transaction (f) Basket	(a) Consent (where required by law); (b) Legitimate interests (marketing our services where consent is not required)
Collect content via device-based settings (e.g. photos, media you choose to share)	(a) User Content (photos, media, if enabled)	Consent
Comply with applicable laws, regulations and internal policies	(a) Identity(b) Contact(c) Technical(d) Usage(e) Profile(f) Marketing and Communications(g) Financial(h) Transaction	Legal obligation
Enforce Code of Conduct and investigate misconduct (e.g. cheating, harassment, violations)	(a) Identity (b) Profile (c) Contact (d) Usage (e) Technical (f) Transaction	Legitimate interest (to maintain platform integrity and safety)

International Transfers

As a global service, D&D Beyond may transfer your Personal Data outside the EU/UK, including to the United States where our primary servers are located.

We rely on the following safeguards for such transfers:

Adequacy decisions: where the destination country has been formally recognized by the European Commission or the UK government as providing an adequate level of protection.
Standard Contractual Clauses (SCCs): where no adequacy decision exists, we use SCCs approved by the European Commission or UK Secretary of State to ensure your Personal Data remains protected.

You may request further information about these safeguards (including a copy of the SCCs) by contacting us as described in Contact Us.

CONTACT US

For gameplay or product-related support, please visit the D&D Beyond Help Center and submit a request at: https://dndbeyond-support.wizards.com.

For any other issues, please contact Customer Service by submitting a question or support request via the Site, visit us at: https://support.wizards.com.

If you have a privacy-related inquiry—including questions about this Privacy Notice, how Wizards processes your Personal Data, how to exercise your rights, or if you require this Privacy Notice in an alternative format due to disability—you can contact us using these details below.

As aforementioned, Wizards is a licensee of the ESRB’s Privacy Certified Program. If you believe we have not responded to your privacy related inquiry or your inquiry has not been satisfactorily addressed, please contact the ESRB at https://www.esrb.org/privacy/contact or privacy@esrb.org.

Residents of the United States and Canada

Mailing Address

Wizards of the Coast LLC
Attn: Privacy Legal
P.O. Box 707
Renton, WA 98057-0707

Hasbro, Inc.
Attn: Privacy Legal
1027 Newport Ave, Mailstop A906
Pawtucket, RI 02861

Email Address: DPO@hasbro.com

Telephone: (800) 324-6496

Residents of the United Kingdom