Privacy Policy
Last updated: 2026-06-12
1. About this policy
wostoolkit.com and the WOS Toolkit app are operated by High Altitude Code, LLC (Colorado, USA). The WOS Toolkit is a fan project and is not affiliated with, endorsed by, or sponsored by Century Games, Elex, or the publishers of Whiteout Survival. This policy covers both the website and the iOS / Android app.
2. What we collect when you use the toolkit
Analytics (Google Analytics 4) — website. GA4 (gtag.js) runs only on wostoolkit.com pages (not on local development or preview deploys; the iOS / Android app uses the separate, opt-out app analytics described below). GA4 sets _ga / _ga_* cookies and reports a pseudonymous client ID, the page URL, the referrer, approximate geographic location from your IP, your user agent string, and anonymous interaction events (for example that a "Get Pro" button was clicked or a tool was opened — never the content you typed). See Google's privacy policy. You can opt out by enabling your browser's Do-Not-Track signal, using an ad-blocker, or installing Google's GA opt-out browser add-on.
Rally Sync share sessions. If you tap "Share" in Rally Sync, the rally state you typed (anchor time, gap, up to six player rows and their labels / ally names) is written to a Cloud Firestore document under an unguessable random ID. The document auto-deletes within 24 hours of its last update via a server-side TTL.
Alliance HQ schedules and membership. Publishing an alliance schedule writes the content you typed (alliance name, event titles, notes, and times) to a Cloud Firestore document under an unguessable random ID, associated with your signed-in account. Joining an alliance writes your chosen in-game username and role to that alliance's member roster, and adds the alliance to a "My Alliances" list under your account. These documents auto-delete via a server-side TTL roughly 70 days after they were last refreshed (opening or updating the alliance refreshes the timer). Leaving an alliance removes your roster entry and list entry immediately.
Push reminders (optional). If you turn on "Push reminders" for an alliance, we store a Firebase Cloud Messaging device token (and your device's language, so the reminder text is in your language) under your member entry, plus a list of upcoming reminder times computed from the schedule, so our server can notify you before each op even when the app is closed. These are written only for your own account, deleted when you turn the toggle off or leave the alliance, and the token is removed automatically if it stops working. The token is a device push identifier; it is not used to track you across apps.
AI announcement drafting (optional). If you tap "Draft with AI" in the Alliance HQ editor, the alliance name and the schedule's event titles, notes, and times are sent to Anthropic's Claude API to generate the announcement text. The request is tagged with a one-way hash of your account ID for abuse prevention; Anthropic does not receive your email address or raw account ID. To enforce a daily limit we record only token counts and a timestamp against your account — the schedule content itself is not stored by us beyond the request. This happens only when you tap the button; nothing is sent to Anthropic otherwise.
Anonymous app identity. Creating a share assigns you an anonymous Firebase Authentication UID so the database's security rules can verify only the sharer can update their own document. This anonymous identity carries no email, password, or real-world identity.
App usage analytics (iOS / Android app). The app uses Google Analytics for Firebase to collect anonymous usage data: screen views, sessions, feature events (for example that a rally was shared or reminders were armed — never the content you typed), device model, and approximate geographic location from your IP. We never attach your account identity to analytics and ad-personalization signals are disabled. You can turn this off at any time with the "Share usage analytics" toggle in the app's account sheet; analytics is also fully disabled in non-release builds.
Crash and diagnostic data (app only). The iOS / Android app uses Firebase Crashlytics in release builds to collect anonymous crash and diagnostic reports so we can fix stability problems. Crashlytics is not used on the website.
CDN / server logs. Cloudflare logs your request IP and user agent for security and abuse prevention.
3. Account data
You sign in with Sign in with Apple or Continue with Google (single sign-on); there is no email-and-password login. When you sign in, your chosen provider returns your email address (personal information) and a provider account identifier to Firebase Authentication (Google), which manages the sign-in. If you use Sign in with Apple, you may choose Apple's "Hide My Email" option, in which case we receive an anonymized Apple relay address instead of your real one. We do not collect a password. We use your account only to authenticate you, to associate the "WOS Toolkit Pro" subscription with your account, to keep your subscription entitlement available across your devices, and to attach alliance schedules you publish and alliances you join to your account. We do not use your account email for marketing.
Signing in with Apple or Google means that provider also processes the sign-in under its own privacy policy (Apple, Google).
Retention: we keep your account data for as long as your account exists, and delete it within a reasonable period after you delete your account, except where we must retain it to comply with law.
4. Subscription and purchase data
The app offers a "WOS Toolkit Pro" subscription. When you subscribe, the purchase is processed by the platform billing system — Apple App Store billing on iOS, Google Play Billing on Android, and Stripe (via RevenueCat Web Billing) on the website — and managed through RevenueCat, a third-party subscription processor. RevenueCat receives your purchase history, an app-user identifier, diagnostic data, and — once you sign in — your account email address, to validate your subscription, unlock Pro features, and let us locate your subscription record when you contact support or we apply a promotion to your account. Until you sign in, RevenueCat sees only an app-generated anonymous identifier. We never receive or store your full payment-card details; those stay with Apple, Google, or Stripe.
Subscription pricing, billing terms, and any free-trial details are shown at the point of purchase and in the Terms of Service.
Retention: we retain subscription and purchase records for as long as needed to provide the service and to meet our legal, tax, and accounting obligations.
5. What we don't do
- No third-party advertising networks.
- No sale of personal data.
- No cross-site or cross-app tracking.
- No marketing email list.
- No storage of your full payment-card details (handled by Apple / Google / Stripe).
6. Cookies and local storage
_ga / _ga_* cookies are set by Google Analytics 4 on the website only. Firebase persists an authentication token to your browser's IndexedDB (website) or local app storage (app) so your anonymous or account session survives a reload. None of these are used for advertising.
7. Purposes of processing
- Operate and secure the website and app (CDN logs, anonymous auth, security rules).
- Provide the Rally Sync share feature (ephemeral Firestore documents).
- Provide the Alliance HQ schedule-sharing and membership features (Firestore documents with a ~70-day refreshed TTL).
- Generate optional AI-drafted announcements when you tap "Draft with AI" (Anthropic Claude).
- Authenticate optional accounts and sync subscription entitlement (Firebase Auth).
- Process and validate the "WOS Toolkit Pro" subscription (RevenueCat, Apple, Google).
- Diagnose crashes and improve stability (Crashlytics, app only).
- Understand aggregate website usage (Google Analytics 4, website only).
- Understand aggregate app usage (Google Analytics for Firebase, app only, anonymous, with an in-app opt-out toggle).
8. Third parties and sub-processors
We rely on the following service providers, which receive the data described above for the stated purpose:
- Google / Firebase — Firebase Authentication (including Sign in with Apple / Continue with Google single sign-on), Cloud Firestore, Firebase Crashlytics, Firebase Cloud Messaging (push reminders, opt-in per alliance), Google Analytics for Firebase (app, anonymous, opt-out in app), and (website only) Google Analytics 4.
- RevenueCat — subscription management: purchase history, app-user identifier, account email (when signed in), diagnostics.
- Apple — Sign in with Apple (identity) and App Store billing for iOS subscriptions.
- Google Play — Play Billing for Android subscriptions.
- Stripe — payment processing for website subscriptions (via RevenueCat Web Billing).
- Anthropic — AI announcement drafting: alliance schedule content you submit via "Draft with AI", tagged with a one-way hash of your account ID.
- Cloudflare — CDN, DNS, TLS.
9. Your rights
Access. You can request a copy of the personal data tied to your account or to a share session you created by emailing [email protected].
Erasure / deletion. If you hold an account, you can delete it — and the personal data associated with it — from within the app; you can also email [email protected] to request deletion of account, subscription, share-session, or alliance data. You can leave an alliance (removing your roster entry) from the alliance page in the app. For accounts created with Sign in with Apple, deleting your account also asks Apple to revoke the sign-in token. For Rally Sync share sessions specifically, the 24-hour Firestore TTL typically deletes the data before we can act on a request.
10. Children
The toolkit is not directed at children under 13; we do not knowingly collect data from them.
11. Changes
Material changes will be posted on this page with a refreshed "Last updated" date.
12. Contact
Questions: [email protected].