Last updated: May 2026
VaultAlts is an unofficial fan-made companion app for World of Warcraft players. This Privacy Policy explains how we collect, use, and protect your data.
When you use VaultAlts, we collect: • Email address (for account login) • Battle.net OAuth token (only with your consent, used to read your WoW character data) • Character data from Blizzard's public API (item level, vault progress, achievements, etc.) • Optional push notification token • Anonymous error reports (via Sentry) to fix bugs
Your data is used solely to: • Display your character information in the app • Send notifications you've enabled (reset reminders, vault alerts) • Improve app stability via crash reports
We never sell your data to third parties.
Your data is stored on Supabase (EU region). Battle.net tokens are encrypted at rest. • Active accounts: data is retained as long as your account exists. • After deletion: all personal data is purged within 30 days. Anonymous aggregate analytics may be kept indefinitely. • Backups: automated DB backups are retained 7 days, then deleted.
You can delete your account and all associated data at any time from Settings → Delete Account.
We use these services to operate the app. Each has its own privacy policy linked below. • Blizzard / Battle.net API — reads your WoW character data with your consent (privacy.blizzard.com) • Supabase — database, authentication, file storage. Hosted in EU. (supabase.com/privacy) • Railway — backend server hosting. (railway.app/legal/privacy) • Sentry — anonymous error monitoring (no PII in stack traces). (sentry.io/privacy) • Expo Push — push notification delivery (push token only). (expo.dev/privacy) • Google AdMob — ad delivery to free-tier users. May use device advertising ID for personalization (you control this via OS settings + first-launch prompt). (policies.google.com/privacy) • RevenueCat — subscription receipt validation (Premium). (revenuecat.com/privacy)
We do not sell, rent, or share your personal data with any other third parties.
The mobile app uses on-device storage (AsyncStorage / SecureStore) to: • Remember your login session • Cache character data for offline viewing • Store your preferences (notifications, haptics)
No tracking cookies. No cross-app tracking.
If you reside in the EU, UK, or California, you have the right to: • Access: view all data we hold (visible in-app, or use Settings → Export My Data for a JSON dump). • Rectification: correct inaccurate data (in Settings or by contacting support). • Erasure ("right to be forgotten"): Settings → Delete Account. • Portability: Export My Data returns a machine-readable JSON of your data. • Object to processing: Disconnect Battle.net, disable notifications, opt out of personalized ads. • Withdraw consent: any time, with the same effort as giving it.
To exercise these rights, contact [email protected]. We respond within 30 days.