WWM Overlay
Mua ngay
🔒
Legal

Privacy Policy

Last updated: May 13, 2025 · We collect only what we need.

This Privacy Policy explains how WWM Overlay ("we", "our", "us") collects, uses, and protects information about you when you use our website (this site) and the WWM Overlay desktop software. We are committed to minimal data collection and transparency.

Table of Contents

  1. 1. Data Controller
  2. 2. Data We Collect
  3. 3. How We Use Your Data
  4. 4. Cookies & Local Storage
  5. 5. Third-Party Services
  6. 6. Data Retention
  7. 7. Your Rights
  8. 8. Children's Privacy
  9. 9. Changes to This Policy
  10. 10. Contact
1

Data Controller

WWM Overlay is the data controller responsible for your personal data. Contact details are provided in Section 10.

This policy applies to data processed through our website and desktop application. It does not apply to third-party services that have their own privacy policies (see Section 5).

2

Data We Collect

We collect different types of data depending on how you interact with us:

Account data — When you create an account:

  • Email address (required for email/password or magic-link sign-in)
  • Full name and profile picture (from OAuth providers, if you sign in via Google, Discord, or GitHub — only if your provider shares them)

License & order data — When you purchase a license:

  • Order details (plan, amount, payment method reference)
  • License key and activation status
  • Hardware ID (HWID) — a hash derived from your computer's hardware, used to bind your license to one device

App telemetry — When the desktop app runs:

  • HWID (for license validation)
  • App version
  • Public IP address (for license heartbeat — not stored permanently)
  • Hostname (for display in admin panel only, not shared)
  • License validity status and expiry

Analytics data (only with your consent):

  • Approximate geographic location: country, city, latitude/longitude (derived server-side from your IP — your raw IP is not stored)
  • Page visited
  • Visit timestamp

Technical data — automatically collected for security:

  • Browser user-agent string (to filter bots)
  • Cloudflare Turnstile challenge result (to verify you are human — no biometrics, no CAPTCHA image stored)
We do not collect: payment card numbers, bank account details, game account credentials, gameplay data, microphone/camera input, screen captures, or any data beyond what is described above.
3

How We Use Your Data

We use your data only for the following purposes:

  • Authentication & account management — To create and maintain your account, enable secure sign-in, and manage session tokens.
  • License management — To issue, validate, and renew software licenses. HWID is used exclusively to bind and verify license ownership.
  • Order processing — To record purchases, track payment status, and deliver license keys.
  • Software updates & heartbeat — The desktop app periodically contacts our server to verify license validity and check for updates. This contact sends HWID and version — no other data.
  • Analytics (consent required) — To display the "Players Around the World" globe on our homepage showing approximate geographic distribution of users. Data is aggregated and not linked to individual accounts.
  • Security & anti-abuse — To detect and prevent bot traffic, license fraud, and abuse of our systems.
  • Support — To assist you when you contact us with questions or issues.
  • Transactional email — To send account-related emails: welcome on signup, magic-link sign-in, password reset. We do not send marketing emails without explicit opt-in.

We do not use your data for advertising, profiling, behavioural tracking, or sale to third parties.

4

Cookies & Local Storage

We use a minimal set of cookies and browser storage. You can manage your preferences via the cookie banner or at any time through the cookie settings link in the footer.

Name / KeyTypePurposeDuration
sb-*-auth-tokenEssentialSupabase authentication session. Keeps you signed in.Session / 1 week
wwm_cookie_consentEssentialStores your cookie preference decision (localStorage). Required to remember your choice.Permanent (localStorage)
wwm_trackedAnalyticsPrevents duplicate visit tracking within one browser session (sessionStorage). Set only if analytics cookies are accepted.Browser session
cf-* (Cloudflare)EssentialCloudflare Turnstile bot-protection challenge token. Used to distinguish humans from automated bots.Session

We do not use advertising cookies, social media tracking pixels, or any cookies that follow you across other websites.

You can withdraw your analytics consent at any time by clicking "Cookie Settings" in the footer. Essential cookies cannot be disabled as the site cannot function without them.
5

Third-Party Services

We use the following third-party services, each of which has its own privacy policy:

  • Supabase — Our backend infrastructure (database, authentication, edge functions). Data is stored on Supabase servers in the ap-southeast-1 (Singapore) region. Supabase Privacy Policy
  • Cloudflare Turnstile — Bot detection on our website. Cloudflare processes your browser's challenge response but does not store your IP address on our behalf. Cloudflare Privacy Policy
  • Google OAuth — If you choose to sign in with Google, Google shares your email, name, and profile picture with us per your Google account settings. Google Privacy Policy
  • Discord OAuth — If you choose to sign in with Discord, Discord shares your username and email. Discord Privacy Policy
  • GitHub OAuth — If you choose to sign in with GitHub, GitHub shares your email and username. GitHub Privacy Policy
  • Hostinger (email delivery) — We use Hostinger's SMTP service to send transactional emails (welcome, password reset, magic link). Only your email address and name are transmitted. Hostinger Privacy Policy

We do not use Google Analytics, Meta Pixel, or any advertising networks.

6

Data Retention

We retain your data only as long as necessary:

  • Account data — Retained while your account is active. Deleted within 30 days of account deletion request.
  • License & order data — Retained for 5 years for financial record-keeping compliance, then deleted.
  • App heartbeat data — The last-seen timestamp and version are updated each heartbeat. Historical heartbeat data is not retained beyond 90 days.
  • Analytics visit data — Retained for 90 days, then automatically deleted.
  • Auth logs — Managed by Supabase. Retained per their policy.

When you delete your account, we delete your profile, login credentials, and associated personal data. License records may be retained for financial compliance purposes with personal identifiers removed.

7

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data. You can update your name in your dashboard.
  • Deletion — Request deletion of your account and associated personal data ("right to be forgotten").
  • Portability — Request your data in a machine-readable format.
  • Objection — Object to processing of your data where we rely on legitimate interests.
  • Withdraw consent — Withdraw analytics consent at any time via Cookie Settings in the footer. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us via Discord (see Section 10). We will respond within 30 days. We may need to verify your identity before processing your request.

If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection authority.

8

Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it promptly.

Users between 13 and 18 must have parental consent to use the Service.

9

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and announce the change on our Discord server.

We encourage you to review this Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Policy.

10

Contact

For privacy-related requests, questions, or concerns:

🔒

WWM Overlay — Data Privacy

Discord (preferred): ミ★ ムKim
Please include "Privacy Request" in your message subject. We aim to respond within 30 days.

© 2026 WWM Overlay. All rights reserved.Terms of Service →