Privacy Policy

This Privacy Policy explains how Booty Bay Broker collects, uses, stores, and protects your information when you use our service. By using Booty Bay Broker, you consent to the practices described in this policy.

Version 1.0 Effective: Last Updated:

Information We Collect

Account Information

When you create a Booty Bay Broker account, we collect the following information:

  • Email Address -- Used for account creation, password recovery, and important service communications.
  • Username -- A display name you choose during registration, visible to other users in certain contexts.
  • Password -- Securely hashed using industry-standard bcrypt. Your password is never stored in plaintext and cannot be recovered or viewed by anyone, including administrators.

Battle.net Account Link

If you choose to link your Blizzard Battle.net account, we store a Battle.net identifier and basic profile information provided through Blizzard's official OAuth2 flow. We never receive or store your Battle.net password.

Usage Data

We automatically collect certain information when you use the Service, including:

  • Pages visited and features used
  • General interaction patterns and navigation behavior
  • Browser type, operating system, and device information
  • Referring URLs and search terms that led you to the site
  • IP addresses (hashed and anonymized for security auditing purposes only)

How We Use Your Information

We use the information we collect for the following purposes:

  • Account Management -- To create, maintain, and secure your account, including login authentication, password recovery, and session management.
  • Service Delivery -- To provide personalized features such as favorites, price alerts, watchlists, and custom dashboards.
  • Service Improvement -- To analyze usage patterns, identify bugs, optimize performance, and develop new features based on how the Service is used.
  • Communications -- To send important service-related notifications such as password reset emails, security alerts, and major feature announcements. We do not send marketing emails.
  • Security -- To detect and prevent fraud, abuse, automated scraping, and other activities that threaten the integrity of the Service.

Cookies and Tracking Technologies

Booty Bay Broker and its third-party partners use cookies and similar technologies to provide, secure, and improve the Service. Below is a detailed breakdown of the cookies and tracking technologies in use.

Essential Cookies (First-Party)

These cookies are strictly necessary for the Service to function. They cannot be disabled.

  • Session Cookie -- Maintains your login state and CSRF protection while you are signed in. This cookie expires when your session ends or after a period of inactivity.
  • Preference Cookies -- Store your selected region, realm, and display preferences so the Service remembers your choices across page loads.

Advertising Cookies (Third-Party -- Google AdSense)

This site displays advertisements served by Google AdSense (publisher ID: ca-pub-6448200357413737). Google uses cookies to serve ads based on your prior visits to this site and other websites. Specifically:

  • DoubleClick DART Cookie -- Google's DoubleClick uses a DART cookie to serve ads to you based on your visits to this site and other sites on the Internet. This cookie enables interest-based (personalized) advertising.
  • Personalized Ads -- Google may use information about your browsing habits to show you ads that are more relevant to your interests. This includes data collected across websites that partner with Google.
  • Third-Party Vendor Cookies -- Google's advertising partners may also place cookies on your browser to measure ad performance and deliver targeted content.
Opt out of personalized advertising: You can opt out of Google's use of cookies for personalized advertising by visiting Google Ads Settings. You can also opt out of third-party vendor cookies for personalized advertising by visiting aboutads.info or the Network Advertising Initiative opt-out page. Opting out does not remove ads entirely -- Google will serve non-personalized ads instead.

Analytics (Third-Party -- Cloudflare Web Analytics)

We use Cloudflare Web Analytics to collect anonymized, aggregated usage statistics. Cloudflare Web Analytics is a privacy-first analytics tool that:

  • Does not use cookies or track individual users
  • Does not collect personally identifiable information
  • Collects only aggregated metrics such as page views, visit counts, and referrer data
  • Complies with GDPR, CCPA, and other privacy regulations by design

Third-Party Services

The Service integrates with the following third-party services. Each operates under its own privacy policy, which we encourage you to review:

  • Google AdSense -- Provides display advertisements on the Service. Google may collect and use data as described in the Google Privacy Policy.
  • Cloudflare Web Analytics -- Provides anonymized, aggregated website analytics. See the Cloudflare Privacy Policy.
  • Blizzard Battle.net API -- Used to retrieve World of Warcraft game data (item prices, auction house listings) and for optional account linking via OAuth2. See the Blizzard Privacy Policy.
  • Resend -- Used for transactional email delivery (password resets, security notifications). See the Resend Privacy Policy.

Data Sharing

Booty Bay Broker is committed to protecting your privacy. Here is exactly how your data may be shared:

  • Google AdSense -- Anonymized and aggregated data (such as browsing patterns and ad interaction metrics) is shared with Google for the purpose of serving and optimizing advertisements. Google does not receive your Booty Bay Broker username, email address, or password.
  • Cloudflare -- Aggregated, non-identifiable analytics data is processed by Cloudflare. No personal information is shared.
  • Blizzard -- If you link your Battle.net account, authentication tokens are exchanged with Blizzard's OAuth2 service. We do not share any other account data with Blizzard.
  • Email Provider -- Your email address is shared with our transactional email provider (Resend) solely for the purpose of delivering account-related emails.
We do NOT sell your personal data. We do not sell, rent, trade, or otherwise distribute your personal information to third parties for their marketing or commercial purposes. Ever.

Data Retention

  • Account Data -- Your email, username, and hashed password are retained for as long as your account is active. If you delete your account, this data is permanently removed from our systems.
  • Battle.net Link -- Battle.net identifiers are retained while the link is active. Unlinking or deleting your account removes this data.
  • User Preferences -- Favorites, price alerts, watchlists, and display preferences are retained while your account is active and deleted upon account deletion.
  • Usage and Analytics Data -- Anonymized, aggregated analytics data may be retained indefinitely as it cannot be traced back to individual users.
  • Security Logs -- Hashed IP addresses and security audit logs are retained for up to 90 days to detect and investigate abuse, after which they are automatically purged.
  • Game Data -- Auction House price data, item metadata, and market statistics are retained for up to 365 days for historical analysis purposes. This data is sourced from public APIs and does not contain personal information.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access -- You may request a copy of the personal data we hold about you. Contact us using the details in Section 10.
  • Right to Rectification -- You can update your email address, username, and password at any time through your account settings.
  • Right to Deletion -- You can delete your account at any time through your account settings or by contacting us. Account deletion permanently removes all personal data associated with your account.
  • Right to Opt Out of Personalized Ads -- You can opt out of Google's personalized advertising at any time by visiting Google Ads Settings. You may also configure your browser to reject third-party cookies.
  • Right to Data Portability -- You may request an export of your personal data in a machine-readable format. Contact us using the details in Section 10.
  • Right to Withdraw Consent -- Where we rely on your consent for data processing (such as optional Battle.net linking), you may withdraw that consent at any time by unlinking your Battle.net account or deleting your account.

To exercise any of these rights, please contact us at [email protected] or open an issue on our GitHub repository. We will respond to all requests within 30 days.

Children's Privacy

Booty Bay Broker is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA).

If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information from our systems. If you believe that a child under 13 has provided us with personal information, please contact us at [email protected] so we can investigate and take appropriate action.

Users between the ages of 13 and 18 may use the Service with the consent of a parent or legal guardian, as outlined in our Terms of Service.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make changes:

  • The "Last Updated" date at the top of this page will be revised.
  • The version number will be incremented.
  • For material changes that significantly affect how we collect, use, or share your data, we will make reasonable efforts to notify registered users via email or through a prominent notice on the Service.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the revised policy, you must stop using the Service and may delete your account.

Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, you can reach us through:

We aim to respond to all privacy-related inquiries within 30 days of receipt.