Privacy Policy

Summary

• We access your Path of Exile data only with your explicit authorization, via official OAuth.
• We never see or store your Path of Exile password.
• OAuth tokens are stored encrypted in a managed secrets vault — not in our database, never in your browser.
• You can disconnect your account and request deletion at any time.

Data we collect

Account & identity: a ExileOS user record (internal id, display name from your PoE profile, timestamps) and OAuth linkage metadata (account name, realm, granted scopes, token expiry). The access/refresh tokens themselves live in AWS Secrets Manager, referenced by an opaque ARN — not in our application database.

Game data (only within scopes you grant): characters and their progression — class, ascendancy, level, experience, league, atlas and challenge progress — captured as immutable, time-stamped snapshots. Future, scope-gated features (stash contents, allocated atlas passives) are collected only if you grant the matching scope.

Operational data: standard server logs for security and debugging. We do not use advertising or behavioral trackers, and we do not sell your data.

How we use data

• To provide the service: import your characters, build your history, render your dashboard.
• To operate securely and within the Path of Exile API's rate limits.

Your rights

• Disconnect your PoE account anytime (revokes our access).
• Access / export the data we hold about you.
• Deletion — we hard-delete your records and snapshots and revoke stored tokens.

Exercise any right via privacy@exileos.gg.

Security

OAuth-only (no passwords), tokens in a managed vault with least-privilege access, encryption in transit and at rest, network isolation, and strict rate-limit compliance with the Path of Exile API.

Contact

privacy@exileos.gg