TibiaWatch
Privacy & Security

Your Data, Protected

Learn how we protect your information and respect your privacy with industry-leading security practices.

Our Privacy Principles

Transparency

We're clear about what data we collect, why we collect it, and how we use it. No hidden tracking or surprise data usage.

No Selling

Your data is yours. We never sell, rent, or share your personal information with third parties for marketing purposes.

Minimal Collection

We only collect data that's necessary to provide our service. No excessive tracking or invasive profiling.

Your Control

You have full control over your data. Export, delete, or modify your information anytime from your account settings.

What Information We Collect

Account Information

Email Address

Required for account creation, login, and sending alerts. We verify your email to ensure it's valid.

Password

Stored using industry-standard bcrypt hashing. We never see or store your plaintext password.

Profile Information

Optional display name and preferences. You control what information you provide.

Usage Data

Tracked Characters

Character names and worlds you choose to track. This data is private and never shared publicly.

Alert Settings

Your notification preferences, alert rules, and delivery channels. Used solely to send you the alerts you configured.

Lists & Organization

How you organize characters into lists. Completely private unless you explicitly share a list.

Technical Data

Device Information

Browser type, device type, operating system. Used to provide a better experience and troubleshoot issues.

IP Address

Logged temporarily for security and rate-limiting. Not used for tracking or profiling.

Analytics

Anonymized usage statistics to improve our service. We use privacy-respecting analytics (no Google Analytics).

What We DON'T Collect
  • Tibia Account Credentials: We never ask for your Tibia login or password
  • Payment Card Details: All payments are processed securely through Stripe. We never see your full card number.
  • Personal Messages: We don't have access to your Tibia in-game messages or private communications
  • Browsing History: We don't track what other websites you visit or your online behavior outside TibiaWatch

How We Protect Your Data

Encryption
  • In Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption (HTTPS)
  • At Rest: Database encryption using AES-256 for all stored data
  • Passwords: Hashed using bcrypt with per-user salts. Impossible to reverse-engineer
Infrastructure Security
  • AWS Infrastructure: Hosted on AWS with SOC 2 Type II compliance and regular security audits
  • DDoS Protection: CloudFlare protection against distributed denial-of-service attacks
  • Regular Backups: Automated daily backups with 30-day retention and point-in-time recovery
  • Network Isolation: Databases run in private subnets with no direct internet access
Access Controls
  • Principle of Least Privilege: Team members only have access to data necessary for their role
  • Multi-Factor Authentication: Required for all team members accessing production systems
  • Audit Logs: All administrative actions are logged and regularly reviewed

Cookies & Tracking

How We Use Cookies

Essential Cookies (Required)

  • • Session cookies to keep you logged in
  • • Security cookies to prevent fraud and protect your account
  • • Preference cookies to remember your theme and language settings

Analytics Cookies (Optional)

We use privacy-respecting analytics to understand how people use TibiaWatch and improve the experience. You can opt out in your account settings.

  • • No cross-site tracking
  • • No fingerprinting or invasive techniques
  • • Anonymized data that can't identify individual users

Note: We do NOT use advertising cookies or share data with ad networks. Your privacy is more important than ad revenue.

Your Privacy Rights

Access Your Data

Download a complete copy of all data we have about you in JSON or CSV format.

Settings → Privacy → Export Data

Delete Your Account

Permanently delete your account and all associated data. This action cannot be undone.

Settings → Account → Delete Account

Correct Inaccurate Data

Update any incorrect information in your profile or settings anytime.

Settings → Profile

Opt Out of Communications

Unsubscribe from marketing emails while keeping essential service notifications.

Settings → Notifications

Questions or Concerns?

If you have questions about our privacy practices or want to exercise your privacy rights, we're here to help.

Email Privacy TeamFull Privacy PolicyCookie Policy