wow.gg logo
wow.gg logo

Privacy Policy

Last updated: May 25, 2026

This Privacy Policy explains how wow.gg ("we", "the Site") collects, uses, stores and shares information when you visit our website and use our tools. We aim for radical clarity: every third-party service we use is named below, including what data leaves your browser and where it goes.

1. Who We Are and How to Contact Us

wow.gg is an independent World of Warcraft fan project, operated by a small team of enthusiasts. It is not affiliated with, endorsed by, or sponsored by Blizzard Entertainment, Inc.

For any privacy-related question, request, complaint or data-subject right described below, write to: support@wow.gg. We aim to respond within 30 days.

If you live in the EU/EEA, UK, Switzerland or any other jurisdiction with a supervisory data-protection authority, you have the right to lodge a complaint with them directly.

2. Information We Collect

We try to minimise what we collect. Depending on what you do on the Site, the following may be processed:

Automatically collected (every visitor):
  • IP address (truncated / anonymised before storage by Google Analytics; full IP visible to Cloudflare and PostHog briefly for fraud and abuse prevention)
  • Browser type, version, language, operating system, screen size, device type
  • Pages viewed, time spent, scroll depth, clicks, navigation path (PostHog autocapture, Yandex.Metrica clickmap)
  • Approximate country (from IP) to choose the correct consent banner
  • Referring URL or search query
  • Web Vitals performance metrics (LCP, CLS, INP, FCP, TTFB)
If you log in with Battle.net:
  • Your Battle.net account ID (BattleTag)
  • Public character data you ask us to read (region, realm, character name, class, spec, achievements, mounts, transmog) via the Blizzard Game Data API
If you sign in to the editorial interface:
  • Email address used to sign in (Supabase Auth)
  • Editorial activity (drafts, assignments, comments, timestamps)
If you use the AI assistant:
  • The messages you type, the context we attach (current page, locale, optional character info), and the model's replies
  • A pseudonymous session ID stored in your browser
If you submit feedback or write to support:
  • Whatever you choose to send us (free-text, optionally email)

3. Legal Basis (GDPR Art. 6)

If you are in the EU/EEA, UK, Switzerland or another GDPR-aligned jurisdiction, we process your data under the following legal bases:

  • Consent (Art. 6(1)(a)) — for analytics, behavioural tracking, heatmaps and session replay. You can withdraw at any time via the "Cookie preferences" button in the footer.
  • Performance of a contract (Art. 6(1)(b)) — when you sign in or use account-bound features (Battle.net link, editorial editing).
  • Legitimate interest (Art. 6(1)(f)) — for security, fraud prevention, abuse mitigation, and serving the website itself (Cloudflare bot management, error capture).
  • Legal obligation (Art. 6(1)(c)) — where applicable law requires us to retain or disclose data.

4. Third-Party Services We Use

We use the following processors. Each is named here so you know exactly where your data flows. Their own privacy policies are linked from the Cookie Policy.

PostHog (US)

Product analytics, autocapture of clicks, $pageview, $pageleave, $exception (uncaught errors). Heatmaps and session replay are loaded only if you grant marketing-consent. PostHog Cloud (US region).

Google Analytics 4 (US)

Anonymised aggregate audience analytics. We disable Google Signals and ad-personalization signals so GA does not feed Google's advertising graph.

Google Search Console (US)

Server-side. We see aggregated search-impression data; Google sees nothing more about you than what your browser sends to google.com when you search.

Yandex.Metrica (RU)

Aggregate visit analytics, clickmap and bounce-rate tracking. Webvisor (session replay) is enabled only with marketing-consent.

Cloudflare (Global)

DNS, CDN, TLS termination and bot management. Sets short-lived cookies (cf_clearance, __cf_bm) to distinguish humans from bots. Legitimate interest.

Supabase (US/EU regions)

Database and authentication for the editorial interface. Stores email + editorial activity for signed-in editors only.

Battle.net OAuth (Blizzard, US/EU)

OAuth provider when you click "Sign in with Battle.net". We receive your BattleTag and the API scopes you approve; we never see your Blizzard password.

OpenAI (US)

Powers the AI assistant. Your prompts and our system instructions are sent to OpenAI's API. OpenAI states that API data is not used to train their models by default and is retained up to 30 days for abuse monitoring before deletion.

Hosting & infrastructure

The Site is served from servers we operate (Russia and Europe) behind Cloudflare. Server access logs are kept for up to 30 days for security purposes.

5. International Data Transfers

Several of our processors are based in the United States (PostHog, Google, OpenAI, Battle.net). Where required by GDPR or UK GDPR, transfers rely on the EU Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework, which our processors publish on their websites.

Yandex processes data primarily in the Russian Federation under Federal Law 152-FZ.

By using the Site you accept that data may be transferred to and stored in countries outside your own.

6. How Long We Keep Data

We keep data only as long as needed for the purpose it was collected, then delete or anonymise it:

  • Cookie-consent record: 12 months from your last choice (then we ask again).
  • Analytics events (PostHog, GA, Yandex): up to 26 months at the processor; pseudonymous, never tied to your real-world identity.
  • Session-replay recordings (PostHog Webvisor, if you granted marketing-consent): up to 30 days.
  • Authenticated account data (Battle.net link, editorial interface): for as long as your account exists; deleted on request.
  • AI conversation history: stored locally in your browser; the API copy at OpenAI is retained up to 30 days for safety review.
  • Server access and error logs: up to 30 days.
  • Support email correspondence: up to 24 months.

7. Your Rights

Depending on where you live, you have the following rights. To exercise any of them, email support@wow.gg with enough information for us to identify the data we hold about you.

EU / EEA / UK / Switzerland (GDPR / UK GDPR / revised FADP)

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure / "right to be forgotten" (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3)) — use the "Cookie preferences" button in the footer
  • Right to lodge a complaint with your national supervisory authority

California (CCPA / CPRA)

  • Right to know what personal information we collect, share or sell
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt out of sale or sharing — we do not sell personal information; you may also signal opt-out via Global Privacy Control (GPC), which we honour automatically
  • Right to limit use of sensitive personal information
  • Right of non-discrimination for exercising these rights

Brazil (LGPD)

  • Confirmation of processing, access, correction, anonymisation, blocking, deletion, portability and revocation of consent, per LGPD Art. 18.

Russia (152-ФЗ)

  • Право доступа, уточнения, удаления и блокирования персональных данных. Запросы направляйте на support@wow.gg с подтверждением личности.

Other jurisdictions

  • If you live in another country with privacy legislation (PIPL — China, PIPA — South Korea, APPI — Japan, PDPA — Singapore/Thailand, DPDPA — India, Privacy Act — Australia, PIPEDA — Canada, Law 25 — Quebec), the equivalent rights apply. Contact us and we will help.

8. Cookies and Tracking Technologies

We explain every cookie and similar technology we set, and how to manage them, on a separate page: Cookie Policy →

9. Children

The Site is not directed at children under 13 (or 16 where local law requires a higher age). We do not knowingly collect personal data from children. If you believe a child has provided personal data, write to support@wow.gg and we will delete it promptly.

10. Links to Third-Party Websites

The Site contains links to external resources (game APIs, community tools, social networks). We do not control those sites and are not responsible for their privacy practices. Read their policies before sharing information with them.

11. Changes to This Policy

We may update this Policy as the Site evolves. Material changes will be marked by updating the "Last updated" date at the top of this page and, where appropriate, by re-requesting your cookie-consent.

If you continue using the Site after a change, you are deemed to accept the updated Policy.