Privacy Policy

Introduction

Raidstrats.gg ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website, including the raid planner, rosters, community strategy tools, and related features.

Information We Collect

Data You Provide

• Account Information: Username, email address, and password (encrypted)
• Raid Plans: Your raid plans, including player positions, animations, and strategies
• Custom URLs: Custom URLs you create for your raid plans (e.g., raidstrats.gg/planner/my-raid)
• Dynamic URLs: A single redirect URL that can point to any of your plans (Patreon feature)
• Roster Data: Player names, class information, and roster entries you create
• User Images: Personal images you upload to your image library (Patreon feature)
• Email Preferences: Your marketing consent preferences and newsletter email address
• Battle.net Data: If you connect your Battle.net account, we receive your Battle.net ID, character information, guild data, and guild rank
• Patreon Data: If you connect your Patreon account, we receive your Patreon ID, subscription tier, and access expiry date
• Guild Settings: If you are a guild master, we store your guild dashboard access settings and Discord integration preferences

Data We Collect Automatically

• Usage Data: How you interact with our application
• Technical Data: Browser type, device information, and connection fingerprints
• Audit Logs: We maintain security audit logs of user actions (e.g., login, account changes, content operations) for security and administrative purposes. Connection fingerprints are stored in these logs for security monitoring.
• Cookies: Session cookies to maintain your preferences

How We Use Your Information

• To provide and improve our raid planning services
• To save and sync your raid plans across devices
• To analyze usage patterns and improve user experience
• To send transactional emails (password resets, account notifications)
• To send marketing communications (only with your explicit consent)
• To authenticate your account and provide secure access

Email Communications

Transactional Emails

We send essential transactional emails that are necessary for your account security and functionality:

• Password Reset: When you request to reset your password, we send a secure reset link to your registered email address. Reset tokens expire after 1 hour for security.
• Account Notifications: Important updates about your account, security alerts, and service changes.

These emails are sent regardless of your marketing consent preferences, as they are essential for account security.

Marketing Emails

We may send marketing emails, newsletters, and promotional content only if you have explicitly consented to receive them. You can:

• Opt-in or opt-out at any time through your account settings
• Provide a separate email address for newsletters (especially if you use Battle.net login)
• Withdraw your consent at any time without affecting your account access

Battle.net Users

If you log in using Battle.net, your Battle.net email address (@battlenet.local) cannot receive emails. We will prompt you to provide an alternative email address if you wish to receive newsletters or password reset emails.

Data Storage and Security

We implement appropriate security measures to protect your data:

• Encrypted data transmission using HTTPS
• Secure server infrastructure
• Regular security audits and updates
• Limited access to personal data by authorized personnel only
• Passwords are hashed using bcrypt with 12 salt rounds
• Password reset tokens are time-limited (1 hour) and single-use
• Rate limiting on authentication endpoints to prevent abuse
• Connection fingerprints are stored in audit logs for security monitoring and can only be accessed by authorized administrators
• User action audit logs are maintained for security monitoring and can only be accessed by authorized administrators

Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data only in these circumstances:

• With your explicit consent
• To comply with legal obligations
• To protect our rights and prevent fraud
• With service providers who assist in our operations (under strict confidentiality agreements)

Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your data
• Export all your data (GDPR-compliant export including plans, rosters, images, custom URLs, audit logs, and account information)
• Opt out of marketing communications at any time
• Update your email preferences in your account dashboard
• Request a password reset if you forget your password
• Disconnect third-party accounts (Battle.net, Patreon) from your profile
• Request access to your audit logs (connection fingerprints are stored for security purposes)

Data Retention

We retain your data for as long as necessary to provide our services:

• Account Data: Retained while your account is active
• Raid Plans: Retained until you delete them or your account is deleted
• Custom URLs & Dynamic URLs: Retained until you delete them or your account is deleted
• Rosters: Retained until you delete them or your account is deleted
• User Images: Retained until you delete them or your account is deleted
• Audit Logs: Retained for security and administrative purposes. IP addresses are encrypted and stored securely.
• Password Reset Tokens: Automatically deleted after 1 hour (expiration) or immediately after use
• Email Preferences: Retained until you change or delete them
• Patreon Information: Retained while your Patreon account is connected, including access expiry dates

You can request deletion of your account and all associated data by contacting us directly.

Cookies and Tracking

We use cookies and similar technologies to:

• Remember your preferences and settings
• Maintain your session
• Record your consent choices for optional analytics and similar tools
• Analyze usage patterns where you have consented (see Third-Party Services below)

Consent for non-essential cookies is managed through Cookiebot; you can change your choices at any time via the consent banner or our Cookie Settings page.

You can disable cookies in your browser settings, but this may affect functionality.

Third-Party Services

We use or integrate third-party services as follows. Where a service sets cookies or collects data through our site, it is subject to your consent choices (managed via Cookiebot) where applicable.

• Consent management: Cookiebot (Usercentrics) for cookie consent and declaration
• Analytics: Google Analytics for usage statistics (loaded only with your consent where required)
• Product analytics / session replay: Hotjar, where enabled and consented
• Bot protection: Cloudflare Turnstile on certain forms and actions
• Content delivery: Content delivery networks for fast asset loading
• Email services: Microsoft for sending transactional and marketing emails
• Authentication: Battle.net OAuth for account login (if you choose to connect)
• Payments: Patreon for subscription management (if you subscribe)
• Game data: Raider.io API for race and progression-related displays where those features are offered
• Game reference content: Wowhead / ZAM Network embeds or links may load when you use in-site references (their terms and privacy policies apply to that content)

These providers have their own privacy policies, which we encourage you to review:

• Cookiebot / Usercentrics Privacy Policy
• Google Privacy Policy
• Hotjar Privacy Policy
• Cloudflare Privacy Policy
• Battle.net Privacy Policy
• Microsoft Privacy Statement
• Patreon Privacy Policy
• Raider.io Privacy Policy
• ZAM / Wowhead Privacy Policy

GDPR Compliance

Raidstrats.gg is committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Processing Location

Our servers are hosted in Amsterdam, Netherlands, within the European Union. Your personal data is processed and stored within the EU, ensuring compliance with GDPR requirements.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of Access: You can request access to all personal data we hold about you, including a comprehensive export of your data.
• Right to Rectification: You can correct any inaccurate or incomplete personal data through your account settings or by contacting us.
• Right to Erasure: You can request deletion of your personal data and account at any time.
• Right to Restrict Processing: You can request that we limit how we use your personal data in certain circumstances.
• Right to Data Portability: You can request a copy of your data in a structured, machine-readable format. Administrators can export comprehensive user data including all plans, rosters, images, and account information.
• Right to Object: You can object to processing of your personal data for certain purposes, such as marketing communications.
• Right to Withdraw Consent: You can withdraw your consent for data processing at any time, particularly for marketing emails.

Exercising Your Rights

To exercise any of your GDPR rights, you can:

• Use the account settings in your dashboard to manage your data and preferences
• Request a GDPR data export through our admin system (if you are an administrator) or by contacting us
• Contact us directly via Discord or email (see Contact Us section below)

Data Protection Officer

For GDPR-related inquiries, you can contact us through the methods listed in the "Contact Us" section below. We will respond to your request within 30 days as required by GDPR.

Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Discord: Raidstrats.gg Discord
• Email: info[at]diar.gg