Privacy Policy

1. Basic Policy and Data Controller

AutoTier (the “Service”) treats user privacy as a top priority and collects only the information strictly required to operate the Service. The data controller responsible for the Service is the AutoTier Operations Team (the “Operator”).

2. Age Restriction

The Service is available only to users 13 years of age or older. If you are under 13, please do not use the Service. Minors (under 18) must obtain consent from a parent or legal guardian before using the Service. Accounts found to belong to anyone under 13 may be deleted at the operator’s discretion.

3. Information We Collect

  • Information provided by SSO providers (Google, GitHub): provider account identifier, display name, profile image. Email is used only for legacy account matching during the migration window and is never used as an identifier.
  • Email address you enter in the contact form (used only to reply).
  • Content you submit to the Service: tier list titles, content (text, image URLs, tags), and public/private settings.
  • Usage data: access logs, action history, device and browser information, referrer URLs.
  • Voting records (Good / Bad) for public tier lists.

We do not collect highly identifying information such as legal name, address, phone number, or payment details.

4. Purpose of Use

  • Providing, improving, and developing features of the Service.
  • Authenticating users and managing user-scoped content.
  • Detecting and addressing abuse or spam.
  • Aggregated statistical analysis of Service usage.
  • Serving ads and measuring ad effectiveness.
  • Important announcements about this policy or the terms.

5. Third Parties and Processors

We do not disclose personal information to third parties without user consent, except as required by law. The Service relies on the following external providers:

  • NextAuth.js (federated authentication with Google and GitHub).
  • Turso (libsql cloud database for storing accounts and tier list content).
  • Cloudflare (Workers application runtime, R2 for uploaded image storage, Turnstile for abuse prevention, and Cloudflare Insights for usage analytics).
  • OpenAI (automated moderation of submitted content and AI tier list drafting).
  • Wikimedia Foundation (search and retrieval of license-compatible images from Wikimedia Commons).
  • Google AdSense (advertising delivery and ad performance measurement).
  • Google Analytics (aggregated usage analytics used to improve the Service).

6. Information Transmitted to External Services

For advertising and analytics, the Service transmits user information such as cookies, identifiers, and device information to the following providers. Their handling of this information is governed by their own privacy policies.

  • Google LLC (Google AdSense / Funding Choices / DoubleClick / Google Ad Manager): cookies, advertising IDs, IP address, referrer URL, and interaction events are transmitted for ad delivery and consent management.Google advertising policies
  • Google LLC (Google Analytics 4): cookies, client ID, IP address, referrer URL, page-view and event data are transmitted for usage analytics. IP addresses are anonymised by Google and not retained long-term.Google privacy policy
  • Cloudflare, Inc. (Cloudflare Insights / Turnstile): IP address, user agent, navigation events, and bot-detection signals are transmitted.Cloudflare privacy policy
  • Google LLC (Google Fonts): IP address and user agent are sent for font delivery.Google privacy policy

When the Service is accessed from the EU/EEA, the United Kingdom, or Switzerland, Google’s consent management platform (Funding Choices) will display a consent banner on first visit, allowing the user to make choices about cookie use and ad personalisation.

7. Cookies

The Service uses cookies to maintain authenticated sessions, prevent abuse, observe usage, and for the advertising and analytics purposes described in Section 6. Disabling cookies may prevent some features of the Service from functioning.

8. Security

Collected information is protected with reasonable technical and organizational safeguards. Authentication is delegated to NextAuth.js; the Service never receives or stores SSO passwords.

9. Your Rights

  • You may edit or delete your tier lists at any time.
  • You can switch the public/private setting of a tier list freely.
  • You may request access, correction, deletion, restriction of processing, objection to processing, or data portability via the Contact page. After identity verification, we will respond within 30 days (consistent with Article 12 of the GDPR).
  • To delete your entire account or related data in bulk, please use the same Contact page.
  • Users residing in the EU/EEA or the UK have the right to lodge a complaint with their data-protection supervisory authority.

10. Updates

This policy may be updated to reflect legal changes or product updates. Material changes will be announced on the Service. Continued use after a revision constitutes acceptance of the revised policy.

11. Contact

For questions about this policy, please use the Contact page.

Back to home