Privacy Policy

Personal data ("data") is any information relating to an identified or identifiable natural person (Art. 4 GDPR).

We process data only to the extent necessary to provide this website, the Notoq account and the Game Center. This policy applies to notoq.app and the associated services. Our Discord bot has its own privacy policy at notoq.xyz.

We do not sell your data and do not share it with uninvolved third parties.

The controller within the meaning of the GDPR is:

Notoq
Owner: Julian Maschke
Fährstraße 217
40221 Düsseldorf
Germany

Email: [email protected]

As a data subject you have the following rights:

• Access to your processed data (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure of your data (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)
• To lodge a complaint with a supervisory authority (Art. 77 GDPR)

You can exercise many of these rights directly in the account center, for example to view, change or delete your data.

For your Notoq account we process the data you provide and that is needed to run the account:

• Credentials: your email address and a password stored in encrypted form (hash).
• Profile: username, display name and optional details such as first/last name, date of birth, country/region, language, gender, bio and avatar.
• Security: optional two-factor authentication and active sessions (tokens).

If you sign in with Discord (OAuth2), we receive your Discord ID, username, avatar and, if shared, your email address from Discord. The legal basis is the performance of the user agreement (Art. 6(1)(b) GDPR).

When you use the Game Center, we process the data needed for its features, e.g. your game library, collections, wishlist, playtimes and settings. On request, save games are backed up to your account in encrypted form.

The Game Center connects to your own accounts on platforms such as Steam, Epic, Xbox or GOG in order to show your library. This data is processed solely to provide the service (Art. 6(1)(b) GDPR) and is not sold to third parties.

When you connect your Riot account to Notoq, we process data from the official Riot Games API to show you your Valorant statistics:

• Account: your Riot ID (Name#Tag) and the associated Riot player identifier (PUUID).
• Game data: your recent matches and the values derived from them, such as win rate, K/D, combat score, agents played and playtime.

Linking happens exclusively through Riot Sign-On (RSO), Riot's official login. We never see your Riot password. Linking is voluntary and based on your consent (Art. 6(1)(a) GDPR). You can revoke it at any time in your Notoq account, after which we delete the associated Riot data.

Your Valorant data is visible only to you unless you explicitly make your profile public. If you share your profile, other people can view the statistics above through Notoq; you can withdraw this at any time. Notoq is not affiliated with or endorsed by Riot Games, and Riot Games' privacy policy applies in addition.

• Website (Cloudflare): This website is served via Cloudflare (Cloudflare, Inc., USA). Technical data such as your IP address is processed to deliver the site quickly and securely (Art. 6(1)(f) GDPR).
• Account & Game Center (Railway): Our API and databases are hosted on Railway (Railway Corp., USA), where your account and Game Center data are stored.

The required data processing / data protection agreements are in place with all providers.

We only use technically necessary cookies and local storage, for example to keep you signed in. We do not use any third-party tracking or advertising cookies. The legal basis is Art. 6(1)(b) or (f) GDPR.

For paid premium services we use the payment provider Paddle (Paddle.com Market Ltd.). Paddle acts as "Merchant of Record" and is your contractual partner for payment and invoicing. We only transmit the data needed to activate your purchase and do not store your full payment details. The legal basis is performance of the contract (Art. 6(1)(b) GDPR).

We do not share your data with uninvolved third parties and we do not sell it. To provide our services we use carefully selected processors:

• Cloudflare – delivery & protection of the website (USA)
• Railway – hosting of the API & databases (USA)
• Paddle – payment processing (UK/EU)
• Discord – only for sign-in or support via Discord (USA)

Data is only transmitted where this is necessary to perform the contract or permitted by law.

We only store your data for as long as necessary for the respective purpose.

Your account and Game Center data remain stored for as long as your account exists. You can delete your account at any time in the account center, the associated data is then permanently removed. Statutory retention obligations (e.g. for invoices) remain unaffected.

We operate a support server on Discord. When you use it, Discord's privacy policy applies in addition. We only process the data there that is needed to answer your requests (Art. 6(1)(b) or (f) GDPR).

We update this privacy policy when the legal situation or our services change. You'll always find the current version on this page.