Privacy Policy Privacy Policy

As with most online services, you trust us with your data when you use our website. This privacy policy is here to help you understand what information we collect, how we store it and what we do with it. If you have any questions or concerns about this policy or your data in general, email us at and we'll get back to you as soon as possible.

We aim to be as transparent as possible. To that end, we made the website open source. We run an unmodified version of the code that is available on GitHub for everyone to see.

As of March 2017, the source document of this Privacy Policy is hosted on GitHub. You may find its edit history there.

The last update to this document (excluding formatting changes, typo fixes, etc) was on 2017-03-16. accounts

Account data

There are two types of accounts on Anonymous and Regular.

Anonymous accounts consist of an autogenerated UUID we call an "Authentication Token" and that is it. They are a convenient way of sending us game replays semi-anonymously without creating an account beforehand.

Regular accounts are created when you first sign into the website, such as from the home page. We use the OAuth2 API in order to delegate authentication to, and then automatically create a corresponding account for you. The only data sent by the API is your Battletag and your Account ID; both are stored in order to enable you to log in. does not receive any type of personally-identifiable information from such as passwords, names, emails, addresses or billing data. You may view and manage your social account connections from the Connections page. will store your email address if you provide it to us. We may use it to contact you for account-related matters, or occasionally for marketing purposes (eg. to announce new features). You may opt out of receiving such marketing emails by going to your email settings page.

Regardless of your settings, your email is never shared to third parties for non-essential purposes. In other words, we don't sell your email addresses. Your billing email may be shared with Stripe, our payment partner, so that you can receive invoices when you make payments on the website. Stripe is a well-known and trusted payment provider with an excellent reputation and track record, they do not spam their users nor do anything nefarious with the emails.

You may view and manage your associated email addresses from the email settings page.

Billing data

We use Stripe to allow for payments on Stripe is a secure payment provider, trusted by thousands of online businesses. When you input a credit card number on, you are directly communicating it to Stripe; does not ever see or store your full credit card number.

In order to provide you with billing management features, we store a backup of small amounts of data that Stripe gives us access to. This includes the last 4 digits of your credit card numbers as well as your payment history with the website. We do not store your name nor any sensitive payment information as part of this process.

Account deletion

You may request to delete your account from the "Delete account" section of your account page. Upon doing so, your account will be marked for deletion and you will no longer be able to log into it. All account data will be irreversibly wiped within the following 7 days. Uploaded replays will be detached from the account and will only be reachable via links you may have previously shared. However, you can elect to to have them deleted as well.

Please note that deleting your account will not delete your associated payment history with us.

Hearthstone Deck Tracker

Hearthstone Deck Tracker (HDT) is our official replay upload client. Whenever you finish a game of Hearthstone with HDT running, the game's log is automatically uploaded to You can disable those uploads in HDT itself, in options › tracker › replays.

By default, HDT also sends some basic usage statistics to our servers upon starting the application and completing a game. We use this data only in aggregate to help us understand how our users use the software. To disable this from HDT, go to options › tracker › settings and check off Submit anonymous data.

Replay data

Whenever an upload is made to, the following data is sent to us and saved on our servers:

  • The uploader's IP address, for the purpose of curation (such as to ban badly-behaving clients).
  • Optionally, game metadata such as game and client IDs, game server IP, etc.
  • The Power.log file generated by the game ("the log file").

The log file contains only gameplay data. However, player definitions contain a unique Hearthstone account ID (this is different from the account ID obtained during signup), as well as a player name. The player name is usually the "name" portion of a Battletag. As of March 2017, the player's real name is never included in the log file.

Statistics and game analysis

One of our goals in the creation of this service is to understand Hearthstone and its metagame. The strong diversity of backgrounds in the HearthSim Developer Community puts us in the unique position to be able to analyze the game as nobody has ever done before. Our intention is to contribute that data back to the community in various ways such as blog posts, APIs, and interactive features. Some of these features are monetized, in order to help us keep the replay service free and to ensure the continued development of the many free tools in the HearthSim community such as Hearthstone Deck Tracker.

You can elect to opt all your new uploads out of such analyses and any public archive from your account page, under the Statistics contributions section.

Other information

Our servers are hosted in Northern Virginia in the United States of America, on the Amazon Web Services infrastructure. All replays are stored on S3 in the same region.

Our servers log requests across our web pages and APIs for the purposes of debugging only. None of those logs contain any personally-identifiable information and they are all destroyed once they become irrelevant within the first 60 days after they are written.

We use Google Analytics to understand how our users use the website. All data is anonymous. respects the Do Not Track standard and does not serve Google Analytics to browsers sending this header. If you are concerned with usage tracking on the internet, we recommend the EFF's Privacy Badger browser extension.