Privacy Policy
Last updated: June 2026
1. Data Controller
The data controller is the publisher of the Jungle Clear service, a non-professional private individual identified in the Legal Notice. For any question about your personal data or to exercise your rights, write to contact@jungleclear.com. No data protection officer has been designated — such designation is not mandatory for this processing — and requests are handled directly by the data controller.
2. Data We Collect
The service collects the data needed for its operation: account data (username, email address, hashed password or, when signing in through Google, Discord or Twitch, the technical identifier provided by that service, preferences, two-factor authentication secret if enabled); declared Riot account (Riot ID, PUUID identifier, region); match data retrieved through the Riot Games API; analysis-token movements; messages sent to support; consent history (with IP address and timestamp); login and security logs (IP address, browser). Username and email are required to create an account; declaring a Riot ID is optional but is a condition for free analyses. No sensitive data within the meaning of article 9 GDPR is collected; banking details are neither collected nor stored by our servers.
3. Purposes and Legal Bases
Each processing operation relies on a legal basis (article 6 GDPR): account creation and management, delivery of analyses and transactional emails — performance of the contract (art. 6.1.b); platform security, abuse prevention and technical logs — legitimate interest (art. 6.1.f); compliance with our legal obligations, in particular accounting — legal obligation (art. 6.1.c); marketing communications — only with your consent (art. 6.1.a), withdrawable at any time from your profile. Usage data may be processed in aggregated, anonymized form to improve the algorithm. No data is sold or transferred to third parties for commercial purposes.
4. Other Players' Data (Article 14 GDPR)
Analyzing a match requires the public data of all its participants: the service retrieves, through the official Riot Games API, the Riot nicknames and game statistics of the other players present in analyzed matches, including players who are not registered on the service. This processing relies on the legitimate interest (art. 6.1.f) of the publisher and the user: a match cannot be analyzed without the data of its ten participants, which is publicly accessible through Riot Games. As informing each player individually is impossible, this policy serves as the information required under article 14(5)(b) GDPR. Any player concerned may exercise their right to object or to erasure by writing to contact@jungleclear.com.
5. Profiling and Automated Decisions
The service automatically computes personalized performance indicators (statistics, scores, trends) from match data: this analysis constitutes profiling within the meaning of article 4(4) GDPR, based on the performance of the contract. It produces no legal effect nor any similarly significant effect on the persons concerned and therefore does not fall under article 22 GDPR. The service makes no automated decision of that nature.
6. Recipients and Processors
Data is processed by the publisher and by the processors strictly necessary to the service: OVH SAS (hosting, France/European Union) and Resend (transactional email delivery). Riot Games and, if you choose that sign-in method, Google, Discord or Twitch act as separate data controllers under their own privacy policies. No data is shared with any other third party.
7. Transfers Outside the European Union
Data is hosted within the European Union (OVH, France). Only transactional email delivery involves a transfer to the United States: Resend (Plus Five Five, Inc.) is certified under the EU–US Data Privacy Framework (European Commission adequacy decision of July 10, 2023) and its data processing agreement additionally incorporates the European Commission's standard contractual clauses (decision 2021/914) as a complementary safeguard.
8. Retention Periods
Your account data is kept for as long as the account exists. If you request deletion, the account is deactivated immediately and anonymized after a fourteen-day grace period: email, username, password, two-factor authentication, declared Riot account and consent history are deleted or anonymized; analyses already produced are kept but permanently dissociated from your identity; token movements are archived to meet accounting obligations (ten years). In addition: login logs are kept for twelve months; sessions are deleted seven days after expiry or revocation; GDPR export files are removed from storage seven days after being made available (download link valid 48 hours); match data not linked to an analysis is purged about nine weeks after the match date.
9. Your Rights
You have the rights of access, rectification, erasure, restriction of processing, objection (in particular to processing based on legitimate interest) and portability of your data, as well as the right to withdraw consent at any time. Exporting your data (JSON format) and deleting your account are available self-service from your privacy area; for any other request, write to contact@jungleclear.com. You may also lodge a complaint with the CNIL, the French supervisory authority (www.cnil.fr — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France).
10. Minors
The service is intended for users aged fifteen or older; below that age, registration requires the joint consent of the minor and of a holder of parental authority (article 45 of the French Data Protection Act). Holders of parental authority may exercise the rights of access, rectification and erasure on behalf of the minor by writing to contact@jungleclear.com; the minor may also exercise them directly. In accordance with article 40 of the same law, data collected while the person was a minor benefits from a reinforced right to erasure, handled as promptly as possible.
11. What Happens to Data After Death
In accordance with article 85 of the French Data Protection Act, you may send us directives regarding the retention, erasure and communication of your data after your death, and modify or revoke them at any time (contact@jungleclear.com). In the absence of directives, your heirs may exercise the rights provided by law.
12. Cookies and Local Storage
The service only uses trackers strictly necessary for authentication and security: a session cookie (httpOnly) carrying the sign-in refresh token, and the browser's memory for the access token. These trackers are exempt from consent (article 82 of the French Data Protection Act); no advertising cookie, third-party audience-measurement tool or non-essential tracker is used — which is why no consent banner is displayed. Your consent preferences (notably marketing communications) remain manageable at any time from your profile.
13. Security
Proportionate technical and organizational measures protect your data: hashed passwords (bcrypt), encrypted connections (TLS), hosting within the European Union, optional two-factor authentication, security logging, regular backups and restricted access to data.
14. Changes to This Policy
This policy may evolve, in particular when the service moves to its commercial version. Any substantial change will be announced as provided in the Terms of Service; the date of the last update appears at the top of this page.