Privacy Policy

Last updated: 09.03.2026

1. Controller

lootguard.de – Raphael Fellenberg
Europaring 90
53757 Sankt Augustin, Germany
Email: support@lootguard.de

2. Data We Collect

2.1 Account Data

When signing in via an OAuth provider (Discord, Google, or Battle.net), we receive:

• Your email address
• Your display name or username
• Your profile picture (if provided by the provider)

2.2 Player Data

When you link your Battle.net account, we import:

• Your WoW characters (name, realm, class, level)

2.3 Usage Data

Through platform usage, the following data is created:

• Team memberships and roles
• Prio run participation and item selections
• Loot distribution logs

2.4 Technical Data

Each access automatically records:

• IP address (not stored permanently)
• Browser type and version
• Date and time of access

3. Purpose of Processing

• Providing and operating the platform
• Authentication and account management
• Conducting prio runs and loot distribution
• Importing WoW characters via the Battle.net API

4. Legal Basis

• Art. 6(1)(b) GDPR – Processing for contract performance (platform usage)
• Art. 6(1)(a) GDPR – Consent (Battle.net linking, optional features)
• Art. 6(1)(f) GDPR – Legitimate interest (technical operations, security)

5. Third-Party Services

5.1 Supabase

We use Supabase for database, authentication, and real-time features. Data is processed on servers within the EU.

5.2 OAuth Providers

For authentication, we use:

• Discord (Discord Inc., USA) – Email, username
• Google (Google LLC, USA) – Email, name
• Battle.net (Blizzard Entertainment, USA) – Email, BattleTag, characters

Data transfers to the USA are based on the EU-US Data Privacy Framework or Standard Contractual Clauses (Art. 46(2)(c) GDPR).

5.3 Netlify

Hosting is provided by Netlify (Netlify Inc., USA). IP addresses may be recorded in server logs.

6. Cookies & Local Storage

We only use technically necessary cookies for authentication (Supabase Auth Session). Additionally, we use localStorage for:

• Cookie notice status
• UI preferences (e.g., sidebar state)

No tracking, analytics, or advertising cookies are used. See our Cookie Policy for details.

7. Storage Duration

Your data is stored as long as your account exists. Upon account deletion, all personal data is irreversibly deleted within 30 days.

8. Your Rights

Under the GDPR, you have the following rights:

• Access (Art. 15) – What data we store about you
• Rectification (Art. 16) – Correction of inaccurate data
• Erasure (Art. 17) – Deletion of your data
• Restriction (Art. 18) – Restriction of processing
• Data Portability (Art. 20) – Export of your data
• Objection (Art. 21) – Objection to processing

You can export your data or delete your account at any time in the settings.

9. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR.

10. Changes

We reserve the right to update this privacy policy as needed. The current version is always available on this page.