Privacy Policy
Last updated: June 1, 2026
SC2 Tools is a free, donation-supported analytics tool for StarCraft II players. This policy explains what data we collect, why, and how you can exercise your rights over it.
What we collect
- Account identity. Your Clerk user id, email, and (if you signed in with Google) your Google account name and avatar. We do not see your Google password.
- Replay metadata. Each .SC2Replay file you produce in your local Replays folder is parsed by the SC2 Tools agent running on your PC. We upload structured metadata: map name, race matchup, build orders, APM, MMR, opponent battle tag and SC2 pulse ID. We never upload the .SC2Replay file itself.
- Personal builds and notes. Anything you type into the build editor.
- Device fingerprints. When you pair an agent we store a hashed device token, the agent version, and the OS string.
- Operational telemetry. Standard request logs (IP, user-agent, timestamp), retained for 30 days for security and debugging. If Sentry crash reporting is enabled (opt-in via settings), unhandled exceptions are forwarded to Sentry with PII scrubbed.
- Usage analytics (opt-in). Only if you click "Accept" on the cookie banner, we load Google Analytics 4 to understand which pages and features get used. It records pseudonymous data such as pages viewed, approximate location (country/region, from a truncated IP), device type, and referring site. We enable IP anonymization and disable advertising signals. Nothing analytics-related loads until you opt in, and you can withdraw consent at any time by clicking "Reject" on the banner (clear the banner choice in your browser storage to see it again).
What we do NOT collect
- The contents of your replay files.
- Anything from outside your Replays folder.
- Voice or video.
- Payment information (we don't take payments).
Where the data lives
MongoDB Atlas (US-East), Render (US-East), Vercel (US/EU edge for the static site, US-East for server functions). All connections are TLS-encrypted. Database backups run nightly with 7-day retention.
Sharing
We do not sell or rent your data. We share it only with the subprocessors above (Clerk for auth, MongoDB Atlas for database hosting, Render for API hosting, Vercel for the website, Sentry for opt-in crash reporting, and Google Analytics for opt-in usage analytics).
Aggregated opponent data
When you publish a build to the community, or when we display aggregated opponent stats on a public profile, we strip names and apply k-anonymity (we never publish a row that fewer than 5 unique users have contributed to). Pulse IDs are public information from Blizzard's ladder.
Your rights
You can export every byte of your data as a JSON archive, or delete your account permanently, from Settings → Backups → Export / delete (GDPR). Deletion is hard — there is no recovery. If you live in the EU, UK, or California, you have additional rights under GDPR and CCPA; open a ticket at github.com/ReSpOnSeSC2/sc2tools/issues to exercise them.
Cookies
By default we use only strictly-necessary cookies: session login (Clerk) and CSRF protection. Your banner choice is stored in your browser's local storage, not a cookie.
If — and only if — you opt in via the banner, Google Analytics sets its own first-party analytics cookies (e.g. _ga) to measure usage. These are never set before you accept, and we do NOT use advertising or cross-site tracking cookies.
Children
SC2 Tools is not directed at children under 13. If you believe a child has signed up, open a ticket at github.com/ReSpOnSeSC2/sc2tools/issues and we will delete the account.
Changes to this policy
When we make material changes, we'll bump the "last updated" date and surface a banner on next sign-in.