Skip to main content

Privacy Policy

Last updated: February 20, 2026

1. Introduction

LootStash ("we", "us", "our") operates the lootstash.io platform (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform. By using LootStash, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, username, and password when you create an account.
  • Profile Information: Display name, Battle.net tag, and any other information you add to your profile.
  • Listing Content: Item descriptions, images, trade preferences, and other content you post.
  • Messages: Chat messages exchanged with other users through the Platform's trade chat feature.
  • Payment Information: When you subscribe to Premium, payment details are collected and processed directly by Stripe. We do not store your full credit card number.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, search queries, and interactions with listings.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Cookies: We use cookies and similar technologies as described in Section 7 below.

2.3 Third-Party Information

If you sign in via Battle.net OAuth, we receive your Battle.net tag and account identifier from Blizzard Entertainment. We do not receive your Battle.net password.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Platform and its features.
  • Process your Premium subscription and manage billing.
  • Facilitate trades and communication between users.
  • Send transactional notifications (trade offers, messages, listing updates).
  • Send service announcements and updates about the Platform.
  • Detect and prevent fraud, abuse, and violations of our Terms of Service.
  • Analyze usage patterns to improve user experience.
  • Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your information for targeted advertising.

4. How We Share Your Information

We may share your information in the following circumstances:

  • With Other Users: Your username, profile information, listings, and ratings are visible to other users of the Platform. Chat messages are visible to the other party in a trade.
  • Service Providers: We use third-party services to operate the Platform, including:
    • Supabase (authentication and database)
    • Stripe (payment processing)
    • Vercel (hosting and analytics)
  • Legal Requirements: We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of LootStash, our users, or others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Platform. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or legitimate business purposes (such as resolving disputes or enforcing our Terms). Trade history and ratings may be retained in anonymized form.

6. Data Security

We implement industry-standard security measures to protect your information, including encrypted connections (HTTPS/TLS), secure password hashing, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

7. Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication, security, and core Platform functionality. These cannot be disabled.
  • Analytics Cookies: We use Vercel Analytics to understand how users interact with the Platform. This data is aggregated and does not identify individual users.

We do not use third-party advertising cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent the Platform from functioning properly.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Portability: Request a copy of your data in a portable format.
  • Opt-Out: Opt out of non-essential communications at any time.

To exercise any of these rights, contact us at support@lootstash.io. We will respond to your request within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Platform, you consent to the transfer of your information to these countries. We take steps to ensure your information receives an adequate level of protection wherever it is processed.

10. Children's Privacy

The Platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@lootstash.io.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right not to be discriminated against for exercising your privacy rights. We do not sell personal information as defined by the CCPA.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR). Our legal bases for processing your information include: your consent, performance of our contract with you (the Terms of Service), our legitimate interests in operating the Platform, and compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a notice on the Platform or by email. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@lootstash.io

View our Terms of Service