Privacy Policy

Last updated: February 6, 2026

1. Introduction

LootList+ ("we," "us," or "our"), operated by the LootList+ Team, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our loot management service for World of Warcraft Classic.

By using LootList+, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use the Service.

2. Information We Collect

2.1 Information from Discord OAuth

When you log in via Discord, we request the minimum permissions needed to provide the Service. We collect:

  • Discord user ID

  • Discord username and display name

  • Discord avatar URL

  • List of Discord servers you belong to (to match guild memberships)

We do NOT request access to your email address from Discord. Email is optional and only collected if you choose to provide it directly within LootList+.

2.2 Information You Provide

When using the Service, you may provide:

  • Character information (name, realm, class, specialization, level)

  • Guild membership information

  • Loot priority lists and item preferences (up to 50 ranked items)

  • Equipped gear data imported from external tools like WowSims

  • Profile information (display name, bio)

  • Privacy and notification preferences

2.3 Information Collected Automatically

We automatically collect:

  • IP address (for rate limiting and security purposes)

  • Browser type and version

  • Device information

  • Usage data (pages visited, features used, timestamps)

  • Session information

2.4 Guild Activity Data

When participating in a guild, we track:

  • Raid attendance records

  • Loot submission history

  • Loot approval/rejection status

  • Guild membership dates and roles

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service

  • Authenticate your identity via Discord

  • Match you with your World of Warcraft guild

  • Process and manage your loot submissions

  • Track raid attendance for your guild

  • Display relevant information to your guild officers and members

  • Communicate with you about service updates (if you opt in)

  • Enforce our Terms of Service and prevent abuse

  • Improve and optimize the Service

  • Protect against security threats and unauthorized access

4. Information Sharing and Disclosure

4.1 With Your Guild Members

The following information may be visible to members of guilds you join:

  • Your character name, class, and specialization

  • Your loot submissions and priorities

  • Your attendance records (subject to your privacy settings)

  • Your profile information (subject to your privacy settings)

Guild officers have additional visibility into your loot history and attendance statistics to manage loot distribution fairly.

4.2 With Third-Party Service Providers

We share information with third-party services that help us operate:

  • Supabase - Database hosting and authentication

  • Vercel - Application hosting and deployment

  • Discord - Authentication provider

  • Upstash - Rate limiting services

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)

  • Requests from law enforcement

  • Protection of our rights, property, or safety

  • Investigation of potential Terms of Service violations

4.4 What We Do NOT Do

  • We do NOT sell your personal information to third parties

  • We do NOT share your data with advertisers

  • We do NOT use your data for targeted advertising

5. Data Storage and Security

Your data is stored on secure servers provided by Supabase, which uses industry-standard security measures including:

  • Encryption of data in transit (TLS/SSL)

  • Encryption of data at rest

  • Row-level security policies to isolate user data

  • Regular security audits and updates

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Your Privacy Controls

LootList+ provides privacy settings that allow you to control the visibility of your information:

  • Email visibility - Control whether your email is visible to guild members

  • Discord username visibility - Control whether your Discord username is displayed

  • Attendance stats visibility - Control whether your attendance statistics are visible

  • Loot history visibility - Control whether your loot history is visible to other members

You can adjust these settings at any time from your profile settings page.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access - Request a copy of the personal data we hold about you

  • Correction - Request correction of inaccurate personal data

  • Deletion - Request deletion of your personal data

  • Portability - Request a copy of your data in a portable format

  • Objection - Object to certain processing of your data

To exercise any of these rights, please contact us at info@lootlistplus.com.

8. Data Retention

We retain your information for as long as:

  • Your account is active

  • Necessary to provide you with the Service

  • Required to comply with legal obligations

  • Necessary to resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it or where it is necessary for legitimate business purposes (such as maintaining guild loot history records).

9. Children's Privacy

LootList+ is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at info@lootlistplus.com and we will take steps to delete that information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

By using LootList+, you consent to the transfer of your information to the United States and other countries where our service providers operate.

11. Third-Party Links

The Service may contain links to third-party websites, including Wowhead for item tooltips and Discord for authentication. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or through other reasonable means. The "Last updated" date at the top of this policy indicates when it was last revised.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

LootList+ Team
Email: info@lootlistplus.com

Summary of Key Points

  • We collect information you provide and data from Discord OAuth

  • Your loot lists and attendance are visible to your guild members

  • We use Supabase, Vercel, and Discord to provide the Service

  • We do NOT sell your data or use it for advertising

  • You can control visibility of your information via privacy settings

  • You can request deletion of your account and data at any time