Privacy Policy

Last updated: 2017-02-22

As with most online services, you trust us with your data when you use our website. This privacy policy is here to help you understand what information we collect, how we store it and what we do with it. If you have any questions or concerns about this policy or your data in general, email us at [email protected] and we'll get back to you as soon as possible.

We aim to be as transparent as possible. To that end, we made the website open source. We run an unmodified version of the code that is available on Github for everyone to see. accounts

Account data

There are two types of accounts on Anonymous and Regular.

Anonymous accounts consist of an autogenerated UUID we call an "Authentication Token" and that is it. They are a convenient way of sending us game replays semi-anonymously without creating an account beforehand.

Regular accounts are created when you first sign into the website, such as from the home page. We use the OAuth 2 API in order to delegate authentication to, and then automatically create a corresponding account for you. The only data sent by the API is your Battletag and your Account ID; both are stored in order to enable you to log in. does not receive any type of personally-identifiable information from such as passwords, names, emails, addresses or billing data. You may view and manage your social account connections from this page. will store your email address if you provide it to us. We may use it to contact you for account-related matters. We will not share your email with third parties without telling you about it first. One such exception is if you make a purchase on the website, which requires us to share your email address with our payment provider in order to send you billing emails. We invite you to read their privacy policy here.
You may view and manage your associated email addresses from this page.

Billing data

We use Stripe to allow for payments on Stripe is a secure payment provider, trusted by thousands of online businesses. When you input a credit card number on, you are directly communicating it to Stripe; does not ever see or store your full credit card number.

In order to provide you with billing management features, we store a backup of small amounts of data that Stripe gives us access to. This includes the last 4 digits of your credit card numbers as well as your payment history with the website. We do not store your real name nor any sensitive payment information as part of this process.

Account deletion

You may request to delete your account from the "Delete account" section of your account page. Upon doing so, your account will be marked for deletion and you will no longer be able to log into it. All account data will be irreversibly wiped within the following 7 days. Uploaded replays will be detached from the account and will only be reachable via links you may have previously shared. However, you can elect to to have them deleted as well.

Please note that deleting your account will not delete your associated payment history with us.

Hearthstone Deck Tracker

Hearthstone Deck Tracker (HDT) is our officially-supported client. Whenever you finish a game of Hearthstone with HDT running, the game's log is automatically uploaded to You can disable those uploads in HDT itself, in options > tracker > replays.

By default, HDT also sends some basic usage statistics to our servers upon starting the application and completing a game. We use this data only in aggregate to help us understand how our users use the software. To disable this from HDT, go to options > tracker > settings and check off Submit anonymous data.

Replay data

Whenever an upload is made to, the following data is sent to us and saved on our servers:

  • The uploader's IP address, for the purpose of curation (such as to ban badly-behaving clients)
  • Optionally, game metadata such as game and client IDs, game server IP, etc.
  • The Power.log file generated by the game.
The Power.log file contains only gameplay data. However, player definitions contain a unique Hearthstone account ID (this is different from the account ID), as well as a player name. The player name is usually the "name" portion of a Battletag. When playing against a RealID friend, that name is the player's real name. Due to a limitation in the log format, we have no way to tell which is which. Be mindful when sharing replays of games against your RealID friends, as this information is exposed to everyone who gets the replay.

Statistics and game analysis

Part of our goal for creating this service is to understand Hearthstone and its metagame. The strong diversity of backgrounds in the HearthSim community puts us in the unique position to be able to analyze the game as nobody has ever done before. Our intention is to contribute that data back to the community in various ways such as blog posts, APIs, and interactive features (some of which we may monetize, in order to help us keep this service free).

We will share more details on our analytical strategy as development on the website continues. Users can elect to globally opt their replays out of such analyses and archives.

Other information

Our servers are hosted on the Amazon Web Services infrastructure, in Northern Virginia in the United States. This is where replays are stored as well.

Our servers log requests across our web pages and APIs for the purposes of debugging only. None of those logs contain any personally-identifiable information and they are all destroyed once they become irrelevant within the first 60 days after they are written.

We use Google Analytics to understand how our users use the website. All data is anonymous. respects Do Not Track and will not serve Google Analytics to browsers sending this header. If you are concerned with usage tracking on the internet, we recommend the EFF's Privacy Badger extension.