Privacy Policy

Last Updated: September 29th, 2025

1. Introduction

This Privacy Policy explains how Heatmapper ("we," "our," "the Service") collects, uses, protects, and shares information. BY USING THE SERVICE, YOU ACKNOWLEDGE AND AGREE TO THIS PRIVACY POLICY.

2. Information We Collect

2.1 Account Data

Via Riot Sign On authentication:

  • Riot ID (username#tag)
  • Player UUID (PUUID)
  • Region/shard information
  • Account creation date

2.2 Game Data

  • Match history and statistics
  • Death coordinates and circumstances
  • Performance metrics by agent/map
  • Competitive rank and rating
  • Match timelines and events

2.3 Usage Data

Automatically collected:

  • IP address (anonymized after processing)
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Session duration and frequency
  • Referral sources

2.4 Communications Data

If you contact us:

  • Email correspondence

3. Legal Basis for Processing

  • Consent: For account creation and data collection
  • Legitimate Interests: For service improvement and security
  • Legal Obligations: When required by law

4. How We Use Information

We use collected data to:

  • Generate personalized heatmaps and analytics
  • Provide and improve the Service
  • Communicate service updates (if opted in)
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Analyze usage patterns and optimize performance

5. Data Sharing and Disclosure

We DO NOT sell your personal data. We may share data with:

  • Service providers (under confidentiality agreements)
  • Law enforcement (when legally required)
  • Business transfers (in case of merger/acquisition)
  • With your explicit consent

6. Cookies and Tracking Technologies

6.1 Essential Cookies

Required for authentication and core functionality

6.2 Analytics Cookies

Help us understand usage patterns (can be disabled)

6.3 Managing Cookies

You can control cookies through browser settings, though this may limit functionality

7. Data Security

7.1 Security Measures

  • TLS/SSL encryption in transit
  • Encrypted database storage
  • Regular security audits
  • Limited access controls
  • Secure authentication via Riot OAuth

7.2 Incident Response

We'll notify affected users within 72 hours of discovering a data breach

8. Data Retention

  • Active accounts: Data retained while account is active
  • Inactive accounts: May be deleted after 12 months
  • Aggregated data: May be retained indefinitely in anonymized form
  • Legal holds: Data retained as required by law

9. Your Rights and Choices

  • Access Rights: Request a copy of your data in machine-readable format
  • Correction Rights: Request corrections to inaccurate information
  • Deletion Rights: Request account and data deletion (some data may be retained for legal purposes)
  • Portability Rights: Receive your data in a structured, commonly used format
  • Objection Rights: Object to certain processing activities
  • Restriction Rights: Request processing restrictions in certain circumstances

10. Regional Privacy Rights

10.1 California Residents (CCPA)

  • Right to know categories of data collected
  • Right to know data sale/disclosure practices
  • Right to opt-out of data sales (we don't sell data)
  • Right to non-discrimination

10.2 EU/EEA Residents (GDPR)

  • Right to lodge complaints with supervisory authorities
  • Right to withdraw consent
  • Rights related to automated decision-making

10.3 Nevada Residents

Right to opt-out of sale of personal information (we don't sell data)

11. Children's Privacy

We don't knowingly collect data from users under 13. If discovered, such data will be promptly deleted.

12. International Data Transfers

Your data may be processed in United States of America. We ensure appropriate safeguards for international transfers.

13. Third-Party Services

  • Riot Games API: Subject to Riot's Privacy Policy
  • Overwolf (if applicable): Subject to Overwolf's Privacy Policy
  • Payment Processors (if applicable): We don't store payment info; processors handle this under their policies

14. Do Not Track Signals

We currently don't respond to browser Do Not Track signals.

15. Updates to Privacy Policy

We'll notify you of material changes via:

  • Prominent website notice
  • Update to "Last Updated" date

16. Data Protection Officer

For privacy inquiries:

Email: support@heatmapper.online
Subject Line: "Privacy Inquiry"

17. Complaints

You may lodge complaints with your local data protection authority if you believe we've violated your privacy rights.

18. Contact Information

General Inquiries: support@heatmapper.online