Privacy Policy

Last updated: May 5, 2026  ·  Built with you in mind

The short version

I built this extension to make managing your mods easier. I'm not interested in tracking you, selling your data, or building profiles. I keep only what's essential to make the app work. That's it.

What I actually store

Here's what gets saved, and where:

  • Your username - stored on my server so I know which mod list is yours. Also saved in your browser locally so you don't have to log in every time.
  • Your password - stored on the server as a hashed value (encrypted one-way). I can't see what it is. You control how strong it is when you set it.
  • Your mod list - stored on my server as your source of truth. The extension also caches a copy in your browser locally so it loads faster without hitting the server every time.
  • A session token - when you log in, you get a temporary token that proves who you are. It lives in your browser and expires after 30 days.
  • Your email address - completely optional, only stored if you decide to add one to your account. It's there so you can reset your password yourself if you forget it, and so I can send you the occasional account-related message (like a heads-up if something important changes). You can add, change or remove it any time from your account settings.
  • Email verification status - if you confirm your address by clicking the link I send, the server stores a yes/no flag next to your email. Just that, nothing else.
  • Sign-in security logs - one row per register / log-in / Microsoft Store purchase verify / account delete with the time, your IP address and your User-Agent. Used to spot abuse, auto-deleted after 90 days. Full reasoning in its own section below.

What I don't collect

Here's what the extension and server never touch:

  • Your browsing history - the extension can't see what other sites you visit. It only runs on wgmods.net.
  • Personal information - your real name, address, age. None of that is needed or requested. Email is optional and only stored if you choose to add one (see above).
  • Usage analytics or tracking - I don't log what mods you view, how often you use the extension, or what you're interested in. No tracking pixels, no third-party analytics services.
  • Precise location - no GPS, no postal code, nothing like that. Your IP can give a rough city-level guess (that's just how the internet works), but I never look it up or store anything beyond the IP itself.
  • Your keystrokes or web page content - the extension isn't monitoring what you type or reading page content beyond what it needs to function.

Why I need this data

Your username and token exist for one reason: to pull your mod list from the server and let you add/remove mods without logging in every time. That's literally the entire purpose.

If you add an email, it's there for two things only: letting you reset your password yourself, and letting me reach you about your account if something needs your attention. Not for newsletters, not for promotions, not for anything else.

I'm not selling this data. I'm not sharing it with anyone. I'm not using it to build profiles or target you with ads. I built this for myself first, and I'm sharing it because I think it's useful. That mindset hasn't changed.

Sign-in security logs

On register, log in, Microsoft Store purchase verify and account delete the server saves one row with the time, your IP and your User-Agent. That row exists to catch abuse (mass invite redemption, brute-force log-in) and to power the per-IP rate limit on auth.

Nothing else. The IP isn't geolocated, the User-Agent isn't cross-referenced, none of it leaves the server. Rows auto-delete after 90 days, or sooner if you delete your account.

How I keep your data safe

When you log in, your password goes directly over HTTPS (encrypted) to the server. The extension never sees or stores it. The server hashes it using BCrypt so even I can't read what you set. Whether that password is strong or weak is entirely up to you.

After login, you get a session token that acts as proof you're you. It expires every 30 days. Your browser stores it in a private area that other extensions and websites can't access.

Your mod list is stored on the server and also cached in your browser's private storage so the extension doesn't need to ask the server constantly.

Third-party stuff

The extension only talks to the Wot Mod Manager server. No Google Analytics. No Sentry. No ad networks. No tracking libraries.

The one exception is email delivery. If you opt in by adding an email address to your account, the server uses Resend to actually send you messages (password resets, verification links, occasional account notices). Resend is an email delivery service with servers in Ireland (EU) and only sees your address when there's a mail going out to you. They process it on my behalf and don't use it for anything else. If you never add an email, Resend never sees you.

What you can do

Log out anytime - click the extension popup and log out. Everything stored locally gets deleted immediately.

Manage your email - if you've added one, you can change it or remove it any time from your account settings. Removing it stops all email-based features like self-service password reset.

Delete your account - you can request account deletion yourself, no need to contact anyone. In the Chrome extension open the Account tab and click "Delete account". In the desktop app use the account settings. Your login is disabled immediately and all your data is permanently removed after 7 days.

If this changes

If I ever need to change how I handle data, I'll update the date at the top of this page. If it's a big change, I'd probably mention it in release notes too. But honestly, my philosophy isn't going to shift. I'm still just one person trying to make a useful tool.