Privacy & Cookie Policy

Effective Date: Jan 7th, 2026

Our commitment

Your privacy is our priority. This website is designed to function without third-party cookies, tracking, or data sharing, ensuring compliance with GDPR.

Cookies

We use only essential first-party cookies for functionality (e.g., login sessions, saved settings).

  • No third-party cookies: No ads or invasive tracking. Any third-party content (e.g., avatars) is proxied to protect your privacy.
  • Your control: You can disable cookies in your browser, though this may limit functionality.

Analytics

We use privacy-focused analytics (Umami) to understand how our service is used and improve it. This analytics:

  • No cookies: Does not use cookies or track you across websites
  • No personal data: Collects only anonymous, aggregated metrics (page views, referrers, device types)
  • GDPR compliant: Does not collect IP addresses or any personally identifiable information
  • No data sharing: Analytics data stays with us and is never sold or shared

You can opt out of analytics by enabling "Do Not Track" in your browser settings.

Third-party authentication

We offer sign-in through trusted third-party providers (Discord, Google, Facebook) to make account creation simple and secure. When you choose to sign in with one of these services, we request limited access to your account information.

What data we collect from OAuth providers

Google Sign-In

  • Email address
  • Profile name
  • Profile picture URL
  • Unique account identifier

Discord Sign-In

  • Username and display name
  • Email address (if available)
  • Avatar URL
  • Unique account identifier

Facebook Sign-In

  • First name
  • Email address
  • Profile picture URL
  • Unique account identifier

How we use OAuth data

We use this information to:

  • Create and maintain your account
  • Display your profile information (name, avatar)
  • Communicate with you about your account and our services

Your OAuth data is used exclusively for account functionality and is not shared with third parties.

How we store OAuth data

  • OAuth profile data is stored securely in our database
  • We store only the minimal information needed for account functionality
  • Your email and profile information remain associated with your account until deletion
  • We do not store OAuth access tokens long-term; they are used only during the initial sign-in process

Your control over OAuth data

  • Revoke access: You can disconnect any linked account from your account settings at any time
  • Account deletion: Contact support to permanently delete your account and all associated data
  • Multiple login methods: You can link multiple OAuth providers to maintain access if you disconnect one

Data collection and use

We collect and process different types of data to provide our services:

Account Information

  • Email address (from OAuth provider or direct registration)
  • Display name and avatar (from OAuth provider or user-set)
  • Account creation date
  • Login method preferences

Service Data

  • Guild Wars 2 API keys you choose to link to your account
  • Lists and favorites you create
  • Application preferences and settings

Technical Data

  • Session information (via essential cookies)
  • Anonymous usage analytics (via Umami, see Analytics section)

How we use this data

  • Account functionality: Create, maintain, and secure your account
  • Service delivery: Provide features you've enabled (trackers, lists, notifications)
  • Support: Respond to your questions and troubleshoot issues
  • Service improvement: Understand usage patterns to improve features (anonymized analytics only)

Your personal information is used solely to provide our services and is not sold, rented, or shared with third parties except as required by law.

Data retention

  • Account data is retained while your account is active
  • You can request account deletion at any time (see Account Deletion section)
  • After deletion, personal data is permanently removed within 30 days
  • Anonymous analytics data may be retained indefinitely (contains no personal information)

Account deletion and data access

Deleting your account

We do not yet support self-service account deletion, but you can exercise your right to deletion by contacting us at support [at] this website.

When you request account deletion:

  • Your personal information (email, name, avatar) is permanently removed
  • Your lists, preferences, and settings are deleted
  • OAuth provider connections are severed
  • The process is completed within 30 days of your request

Accessing your data

All data associated with your account is visible to you through the website interface. This includes your account information, saved lists, preferences, and linked authentication providers. No additional data is collected or stored beyond what you can view on the website.

Security

We apply industry-standard measures to protect your information.

The backend source code is available for security audits at gitlab.com/Yooone/gw2.app-mirror.

For questions, email us at: support [at] this website.