arrow_back Settings

Privacy Policy

Last updated: March 02, 2026

1. Introduction

OSRS Tracker ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

  • Email Address: Required for account creation and authentication
  • Password: Stored securely using industry-standard encryption (bcrypt)
  • RuneScape Name (RSN): Optional, used to identify you within the service

Game Data (via RuneLite Plugin)

  • Skill Levels: Level-up events including skill name and new level
  • Quest Completions: Completed quest names
  • Loot Drops: Item names, quantities, and values from monster drops
  • Collection Log: New collection log unlocks
  • Clue Scroll Rewards: Clue tier and reward items
  • Death Events: When your character dies in-game
  • Screenshots: Captured at the moment of events
  • Video Clips: Short recordings around event moments (MJPEG format, converted to MP4)

Player Statistics

When you import stats, we fetch publicly available data from the Old School RuneScape Hiscores API using your RSN. This includes skill levels and rankings.

Device Information (Mobile App)

  • Push Notification Tokens: Firebase Cloud Messaging tokens for sending notifications
  • Device Type: iOS or Android identifier for push notifications

3. How We Use Your Information

  • To provide and maintain the service
  • To display your game progress in your personal feed and group feeds
  • To send push notifications about events (when enabled)
  • To enable group features and social interactions
  • To improve and optimize the service
  • To communicate with you about service updates

4. Third-Party Services

Cloudflare R2

Screenshots and video clips are stored on Cloudflare R2 cloud storage. Files are stored securely and accessed via authenticated URLs.

Paddle (Payment Processing)

We use Paddle as our merchant of record to process payments and subscriptions. We do not store your credit card information. Paddle handles all payment data in accordance with PCI-DSS standards. See Paddle's Privacy Policy.

Push Notifications

We use Firebase Cloud Messaging (Android) and Apple Push Notification Service (iOS) to deliver push notifications. These services may collect device identifiers. See Firebase's Privacy Policy and Apple's Privacy Policy.

Resend (Email)

We use Resend to send transactional emails (account verification, password resets, notifications). See Resend's Privacy Policy.

Old School RuneScape Hiscores

We query Jagex's public Hiscores API to fetch player statistics. We do not send any personal data to Jagex beyond your RSN.

5. Data Retention

  • Account Data: Retained until you delete your account
  • Game Events: Retained indefinitely unless you delete them or your account
  • Videos/Screenshots: Retention varies by subscription tier:
    • Free: 7 days, then automatically archived
    • Premium: 1 year, then automatically archived
  • Push Tokens: Deleted when you sign out or unregister the device
  • Analytics Data: Deleted when you delete your account

6. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Right to Access: You can request a copy of your personal data
  • Right to Rectification: You can update your account information in Settings
  • Right to Erasure: You can delete your account and all associated data
  • Right to Data Portability: You can export your data in a machine-readable format
  • Right to Object: You can opt out of non-essential data processing

To exercise these rights, visit your Settings page or contact us.

7. Cookies & Analytics

We use cookies and similar technologies to provide and improve our service:

  • Essential Cookies: Required for authentication and session management. These cannot be disabled.
  • Analytics Cookies: We use self-hosted analytics (Ahoy) to understand how the service is used. IP addresses are anonymized and no data is shared with third parties. You can opt out of analytics in your Settings.

We do not use third-party advertising cookies or tracking pixels. See our Cookie Policy for more details.

8. Data Security

We implement appropriate security measures to protect your data:

  • HTTPS encryption for all data transmission
  • Bcrypt password hashing
  • Secure token-based API authentication
  • Regular security updates

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Email: privacy@osrs-tracker.com