Privacy Policy

Last updated: March 21, 2026

1. What We Collect

Email address

Used for account creation, login, and verification. Not shared with third parties.

SWGrinder account password

Hashed with PBKDF2-HMAC-SHA256 (200,000 iterations) using a unique random salt. We cannot recover or read your password. Ever.

Game credentials

Your game username and password are encrypted at rest using a server-side key. They are decrypted only when the grinder needs to log in on your behalf. They are never displayed, logged in plaintext, or shared with anyone.

Game identity

Game username, character ID, character name, and level. Derived from the game server during account linking. Used for entitlement tracking and abuse prevention.

Service telemetry and session records

Runtime seconds, XP earned, gold earned, mission counts, event counts, error counts, checkpoint timestamps, IP address, and user-agent used for security, entitlement enforcement, support, and dispute evidence.

Billing and dispute records

Order identifiers, payment processor references, order timestamps, entitlement delivery records, and dispute evidence packets. We do not store full payment card numbers.

2. What We Do NOT Collect

  • No analytics or tracking scripts
  • No advertising cookies or third-party trackers
  • No personal information beyond email
  • No location data, device fingerprints, or browsing history
  • No data shared with or sold to third parties

3. How We Store Data

We store account and operational data on our servers. Sensitive secrets are protected differently based on purpose: SWGrinder account passwords are hashed, game passwords are encrypted at rest, verification codes are stored as hashes, and grinder runtime state is signed to detect tampering. Access is restricted to functional and administrative needs only.

4. Security Logs

We maintain security audit logs of authentication events (login, registration, verification), game account linking, grinder session start/stop, rate-limit triggers, origin rejections, and abuse-detection events. These logs contain your user ID, IP address, user-agent, and timestamp. Logs are retained for security operations, fraud review, and support. They are not used for marketing or analytics.

5. Data Retention

Account data is retained for as long as your account exists. If you wish to delete your account and associated stored credentials, contact us. Deletion is permanent and irreversible. Security logs, session checkpoints, billing references, and dispute evidence may be retained after account deletion for fraud prevention, accounting, tax, and legal compliance purposes where permitted or required by law.

6. Your Rights

  • Request a copy of all data we hold about you.
  • Request deletion of your account and all associated data.
  • Request correction of inaccurate data.

7. Children

The Service is not intended for users under 18 years of age. We do not knowingly collect data from minors.

8. Changes to This Policy

We may update this policy at any time. Significant changes will be communicated through the Service. Continued use after changes constitutes acceptance.

9. Contact

For privacy inquiries, contact us through the Service's support channels.