Skip to content
FREE APPTrack your alts anywhere, VaultAlts is free on iOS & Android. Get the app →
VaultAltsVaultAlts
LEGAL

Privacy Policy

Last updated: May 19, 2026

VaultAlts is an unofficial fan-made companion app for World of Warcraft players. This Privacy Policy explains how we collect, use, and protect your data.

1. Information We Collect

When you use VaultAlts, we collect:

  • Email address (for account login)
  • Battle.net OAuth token (only with your consent, used to read your WoW character data)
  • Character data from Blizzard's public API (item level, vault progress, achievements, etc.)
  • Optional push notification token
  • Anonymous error reports (via Sentry) to fix bugs

2. How We Use Your Data

Your data is used solely to:

  • Display your character information in the app
  • Send notifications you've enabled (reset reminders, vault alerts)
  • Improve app stability via crash reports

We never sell your data to third parties.

3. Data Storage & Retention

Your data is stored on Supabase (EU region, hosted in Frankfurt, Germany). Battle.net OAuth tokens are kept on access-controlled servers and never shared with third parties.

  • Active accounts: data is retained as long as your account exists.
  • After deletion: all personal data is purged within 30 days. Anonymous aggregate analytics may be kept up to 90 days for service health monitoring and fraud prevention.
  • Backups: automated database backups are retained for 7 days, then deleted.
  • Push notification tokens: deleted immediately when you disable notifications, delete your account, or uninstall the app.
  • Crash reports (Sentry): retained for 30 days, then auto-deleted. Stack traces contain no personally identifiable information beyond an anonymous user ID.
  • Battle.net OAuth tokens: deleted immediately when you disconnect Battle.net or delete your account.

You can delete your account and all associated data at any time from Settings → Delete Account.

4. Third-Party Services

We use these services to operate the app. Each has its own privacy policy.

  • Blizzard / Battle.net API. Reads your WoW character data with your consent (privacy.blizzard.com)
  • Supabase. Database, authentication, file storage. Hosted in EU. (supabase.com/privacy)
  • Railway. Backend server hosting. (railway.app/legal/privacy)
  • Sentry. Anonymous error monitoring (no PII in stack traces). (sentry.io/privacy)
  • Expo Push. Push notification delivery (push token only). (expo.dev/privacy)
  • Google AdMob. Banner ad delivery to all users. May use device advertising ID for personalization (you control this via OS settings + first-launch prompt). (policies.google.com/privacy)

We do not sell, rent, or share your personal data with any other third parties.

5. Cookies & Local Storage

The mobile app uses on-device storage (AsyncStorage / SecureStore) to:

  • Remember your login session
  • Cache character data for offline viewing
  • Store your preferences (notifications, haptics)

No tracking cookies. No cross-app tracking.

6. Your Rights (GDPR, CCPA)

If you reside in the EU, UK, or California, you have the right to:

  • Access: view all data we hold (visible in-app, or use Settings → Export My Data for a JSON dump).
  • Rectification: correct inaccurate data (in Settings or by contacting support).
  • Erasure ("right to be forgotten"): Settings → Delete Account.
  • Portability: Export My Data returns a machine-readable JSON of your data.
  • Object to processing: Disconnect Battle.net, disable notifications, opt out of personalized ads.
  • Withdraw consent: any time, with the same effort as giving it.

To exercise these rights, contact support@vaultalts.com. We respond within 30 days.

7. Children's Privacy

VaultAlts is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from minors below those ages. If you believe a child has created an account, contact us at support@vaultalts.com and we will delete it immediately.

8. Security

We use HTTPS for all network traffic. Passwords are hashed with industry-standard algorithms (bcrypt via Supabase Auth). Battle.net OAuth tokens are kept on access-controlled servers, scoped read-only (wow.profile), and can be revoked at any time via account.battle.net → Connections. Despite our efforts, no online service is 100% secure, so please use a strong, unique password.

9. International Data Transfers

Your data may be processed in the EU (Supabase) and the US (AdMob, Sentry). Where data crosses borders, we rely on Standard Contractual Clauses approved by the European Commission to protect your data.

10. Changes to This Policy

We may update this policy occasionally. Material changes will be announced via in-app notification or email at least 14 days before taking effect.

11. Contact

For privacy questions, requests, or complaints: support@vaultalts.com. EU users may also lodge a complaint with their local data protection authority.

How to Delete Your VaultAlts Account

You can delete your VaultAlts account and all associated data at any time:

Option 1 · In-app (instant)

  • Open the VaultAlts app and sign in
  • Go to the Settings tab
  • Scroll to the bottom and tap "Delete Account"
  • Confirm. Your account and all data are immediately and permanently removed.

Option 2 · By email (7 days)

Email support@vaultalts.com from the address registered to your account, with subject "Delete my account". We process all deletion requests within 7 days.

What gets deleted

  • Email address and password hash
  • Linked WoW characters and their sync history
  • Weekly Great Vault progress, Mythic+ runs, raid lockouts
  • Push notification token
  • Battle.net OAuth token

What is retained

Aggregated, anonymized analytics events for 90 days, used solely for fraud prevention and service health monitoring. No personally identifiable information remains.

Trademark Notice

World of Warcraft® and Battle.net® are trademarks of Blizzard Entertainment, Inc. VaultAlts is an unofficial fan-made companion app and is not affiliated with, endorsed, sponsored, or specifically approved by Blizzard Entertainment.