Privacy Policy

Last updated: March 15, 2026

1. Introduction

LootList+ ("we," "us," or "our"), operated by the LootList+ Team, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our loot management service for World of Warcraft Classic.

By using LootList+, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use the Service.

2. Information We Collect

2.1 Information from Discord OAuth

When you log in via Discord, we request the minimum permissions needed to provide the Service. We collect:

  • Discord user ID

  • Discord username and display name

  • Discord avatar URL

  • List of Discord servers you belong to (to match guild memberships)

We do NOT request access to your email address from Discord. Email is optional and only collected if you choose to provide it directly within LootList+.

2.2 Information from Battle.net OAuth

You may optionally connect your Battle.net account to import your World of Warcraft characters. When you do, we collect:

  • Battle.net account ID

  • Character names, realms, classes, and specializations

  • Character level and faction

  • Active specialization data

Battle.net connection is optional. You can disconnect your Battle.net account at any time from your profile settings. We store a Battle.net access token to retrieve character data on your behalf, which is revoked when you disconnect.

2.3 Information You Provide

When using the Service, you may provide:

  • Character information (name, realm, class, specialization, level)

  • Guild membership information

  • Loot priority lists and item preferences (up to 50 ranked items)

  • Equipped gear data imported from external tools like WowSims

  • Profile information (display name, bio)

  • Privacy and notification preferences

2.4 Information Collected Automatically

We automatically collect:

  • IP address (for rate limiting and security purposes)

  • Browser type and version

  • Device information

  • Usage data (pages visited, features used, timestamps)

  • Session information

2.5 Guild Activity Data

When participating in a guild, we track:

  • Raid attendance records

  • Loot submission history

  • Loot approval/rejection status

  • Loot distribution and award history

  • Guild membership dates and roles

2.6 Data from the LootList+ Addon

If your guild uses the optional LootList+ World of Warcraft addon, data may be synced between the game client and the Service. This includes:

  • Loot scores and priority data exported to the addon

  • Raid attendance and loot award data imported from the addon

  • Roll-off results and loot distribution decisions

Addon sync is initiated by guild officers. The addon does not transmit data to our servers automatically. All syncs require manual action.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service

  • Authenticate your identity via Discord

  • Match you with your World of Warcraft guild

  • Process and manage your loot submissions

  • Track raid attendance for your guild

  • Display relevant information to your guild officers and members

  • Communicate with you about service updates (if you opt in)

  • Enforce our Terms of Service and prevent abuse

  • Improve and optimize the Service

  • Protect against security threats and unauthorized access

4. Information Sharing and Disclosure

4.1 With Your Guild Members

The following information may be visible to members of guilds you join:

  • Your character name, class, and specialization

  • Your loot submissions and priorities

  • Your attendance records (subject to your privacy settings)

  • Your profile information (subject to your privacy settings)

Guild officers have additional visibility into your loot history and attendance statistics to manage loot distribution fairly.

4.2 With Third-Party Service Providers

We share information with third-party services that help us operate:

  • Supabase - Database hosting and authentication

  • Vercel - Application hosting and deployment

  • Discord - Authentication provider

  • Upstash - Rate limiting services

  • PostHog - Product analytics and session recording

  • Battle.net (Blizzard) - Character data import

4.3 Analytics and Session Recording

We use PostHog for product analytics and session recording to understand how users interact with the Service and to improve the user experience. Session recordings may capture your clicks, mouse movements, scrolling, and page content visible during your session.

Session recording is used solely to diagnose issues and improve the Service. Recordings do not capture passwords, payment information, or content outside of LootList+. You can opt out of session recording by using a browser extension that blocks analytics scripts.

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)

  • Requests from law enforcement

  • Protection of our rights, property, or safety

  • Investigation of potential Terms of Service violations

4.5 What We Do NOT Do

  • We do NOT sell your personal information to third parties

  • We do NOT share your data with advertisers

  • We do NOT use your data for targeted advertising

5. Data Storage and Security

Your data is stored on secure servers provided by Supabase, which uses industry-standard security measures including:

  • Encryption of data in transit (TLS/SSL)

  • Encryption of data at rest

  • Row-level security policies to isolate user data

  • Regular security audits and updates

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Your Privacy Controls

LootList+ provides privacy settings that allow you to control the visibility of your information:

  • Email visibility - Control whether your email is visible to guild members

  • Discord username visibility - Control whether your Discord username is displayed

  • Attendance stats visibility - Control whether your attendance statistics are visible

  • Loot history visibility - Control whether your loot history is visible to other members

You can adjust these settings at any time from your profile settings page.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access - Request a copy of the personal data we hold about you

  • Correction - Request correction of inaccurate personal data

  • Deletion - Request deletion of your personal data

  • Portability - Request a copy of your data in a portable format

  • Objection - Object to certain processing of your data

To exercise any of these rights, please contact us at info@lootlistplus.com.

8. Data Retention

We retain your information for as long as:

  • Your account is active

  • Necessary to provide you with the Service

  • Required to comply with legal obligations

  • Necessary to resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it or where it is necessary for legitimate business purposes (such as maintaining guild loot history records).

9. Children's Privacy

LootList+ is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at info@lootlistplus.com and we will take steps to delete that information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

By using LootList+, you consent to the transfer of your information to the United States and other countries where our service providers operate.

11. Third-Party Links

The Service may contain links to third-party websites, including Wowhead for item tooltips and Discord for authentication. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or through other reasonable means. The "Last updated" date at the top of this policy indicates when it was last revised.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

LootList+ Team
Email: info@lootlistplus.com

Summary of Key Points

  • We collect information you provide and data from Discord and Battle.net OAuth

  • Your loot lists and attendance are visible to your guild members

  • We use Supabase, Vercel, Discord, Battle.net, and PostHog to provide the Service

  • We use session recording to improve the Service (no passwords or payment data captured)

  • We do NOT sell your data or use it for advertising

  • You can control visibility of your information via privacy settings

  • You can request deletion of your account and data at any time