Skip to main content

Privacy Policy

Effective Date: January 22, 2026 Last Updated: January 24, 2026 TeamBattles (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the “Service”). Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy. For users in the European Economic Area (EEA), United Kingdom (UK), or other jurisdictions requiring explicit consent, we will obtain your consent where required by applicable law.

1. Information We Collect

We collect information in several ways when you use TeamBattles. This section describes the categories of personal information we collect, organized by source.

1.1 Information You Provide Directly

Account Information:
  • Display name (1-50 characters)
  • Username (3-30 characters, letters, numbers, and underscores only)
  • Email address
  • Date of birth (used for age verification)
  • Bio (up to 500 characters)
  • Pronouns (up to 50 characters)
  • Country (2-letter country code)
  • Timezone
  • Preferred languages (up to 10)
Profile Media:
  • Profile avatar (up to 1 MB, replaces previous when updated)
  • Profile banner (up to 2 MB, replaces previous when updated)
Organization and Team Information:
  • Organization names (3-50 characters) and tags (2-6 characters, uppercase)
  • Team names and tags (2-5 characters, uppercase)
  • Organization and team avatars (up to 1 MB) and banners (up to 2 MB)
  • Social media links (Twitter, YouTube, Twitch, Discord, website)
  • Team type designation (Regular or League)
  • Platform preference and region settings
Match Information:
  • Match configurations (game mode, series length, map selection, scheduling)
  • Score submissions with optional screenshot evidence (up to 2 MB each, max 10 per match)
  • Match dispute descriptions and supporting evidence
  • Roster selections and attendance status (Attending, Not Attending, Tentative)
  • Lobby codes
  • Match objectives and bonus challenge completions
Communications:
  • Match chat messages (up to 255 characters per message)
  • Chat images (up to 2 MB each, max 10 per team per match)
  • Chat reactions (predefined emoji responses)
  • Support ticket messages (10-5,000 characters) and attachments (up to 5 images initially, 10 total)
Invite and Membership Data:
  • Invite links with associated metadata (maximum uses, expiration dates if set)
  • Join request submissions and their approval/denial status
  • Ban records (including duration and reason when applicable)
Payment Information:
  • Transaction history (token purchases, subscription purchases)
  • Subscription status and billing cycle
  • We do not store payment card details; these are processed by our payment provider, Xsolla

1.2 Information from Authentication Providers

When you log in using OAuth providers, we receive the following information. We use this information to create and maintain your account. Discord: Discord user ID, username, email address, avatar Twitch: Twitch user ID, username, email address, profile image GitHub: GitHub user ID, username, email address, avatar Battle.net: Battle.net ID, BattleTag, email address

1.3 Gaming Platform Connections

When you connect gaming platforms, we may receive: Activision: Activision ID and username (required for Call of Duty matches) Other Platforms (EA, Epic Games, PlayStation Network, Riot Games, Steam, Ubisoft, Xbox Live): Platform usernames and identifiers as needed for match verification and roster display. We only request the minimum information necessary to verify your gaming accounts and display your gaming identities to match participants. We do not access your gameplay data, friends lists, or purchase history from these platforms.

1.4 Statistics and Achievement Data

We automatically track and calculate: Performance Statistics:
  • Experience points (XP) earned from matches and objectives
  • Win/loss/draw records
  • Current and best win streaks
  • Match participation history
Achievement Data:
  • Achievement unlock dates and progress toward tiered achievements
  • Onboarding task completion status
  • Achievement rarity calculations (percentage of users who have unlocked each achievement)

1.5 API Key Data

If you create API keys in Developer Settings, we store:
  • Key labels (1-50 characters) for your identification
  • Permission configurations (matches access levels, connection authorizations)
  • Key creation timestamps
  • Associated preset selections (e.g., Battles Replay)
  • API usage logs (endpoints accessed, timestamps)
We do not store the full API key after initial creation. Keys are hashed for security and shown only once at creation.

1.6 Information Collected Automatically

Usage Data:
  • Pages visited and features used
  • Match participation history
  • Login times and session duration (sessions last 7 days)
  • Device information (browser type, operating system, screen resolution)
  • IP address and approximate geographic location derived from IP
Performance Data:
  • Error logs
  • Load times and performance metrics
Anti-Cheat and Security Data:
  • Hardware identifiers for detecting ban evasion
  • Behavioral patterns for detecting automated activity or cheating
  • We do not disclose specific detection methods to preserve platform integrity

1.7 Local Storage

We use browser local storage and IndexedDB to:
  • Cache chat messages for faster loading (up to 50 messages per room)
  • Store chat window position and size preferences (desktop pinned chat feature)
  • Save notification and sound preferences
  • Maintain session state
  • Store unread message counts
  • Remember cookie consent preferences
This data remains on your device and is not transmitted to our servers. If you are located in the European Economic Area (EEA), United Kingdom (UK), Switzerland, or other jurisdictions that require a legal basis for processing personal data, we rely on the following legal bases: Contract Performance (Article 6(1)(b) GDPR):
  • Account creation and management
  • Match creation, participation, and scoring
  • Team and organization management
  • Processing payments and subscriptions
  • Providing support services
Legitimate Interests (Article 6(1)(f) GDPR):
  • Improving and optimizing the Service
  • Detecting and preventing fraud, cheating, and abuse
  • Ensuring platform security and integrity
  • Calculating statistics and leaderboards
  • Administering anti-cheat systems
Legal Obligation (Article 6(1)(c) GDPR):
  • Complying with applicable laws and regulations
  • Responding to lawful requests from public authorities
  • Tax reporting requirements
Consent (Article 6(1)(a) GDPR):
  • Marketing communications (where required)
  • Non-essential cookies and analytics (for EEA/UK users)
  • Processing of children’s data where parental consent is required
You may withdraw consent at any time by contacting us or using the preference controls in your account settings. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Maintain the Service

  • Create and manage your account
  • Enable match creation, acceptance, participation, and scoring
  • Facilitate team and organization management, including roster management and bench priority systems
  • Calculate and display statistics, leaderboards, and experience points (as XP for regular teams, points for league teams)
  • Track and award achievements
  • Process payments and manage subscriptions
  • Process support tickets
  • Enable real-time updates and notifications

3.2 Improve the Service

  • Analyze usage patterns to improve features
  • Debug and fix technical issues
  • Develop new features based on user behavior
  • Calculate achievement rarity percentages

3.3 Communicate With You

  • Send match notifications and updates (via email, push, or in-app based on your preferences)
  • Notify you of roster changes, attendance updates, and lobby codes
  • Respond to support inquiries
  • Notify you of policy changes
  • Send service-related announcements
  • Send subscription renewal reminders (as required by law)

3.4 Ensure Safety and Security

  • Detect and prevent fraud, cheating, and abuse through monitoring technology
  • Enforce our Terms of Service
  • Investigate violations and disputes
  • Protect users and the integrity of competitions
  • Process and adjudicate match disputes
  • Administer bans (temporary or permanent) when necessary

4. How We Share Your Information

4.1 Public Information

The following information may be visible to other users based on your privacy settings:
  • Public profiles: Display name, username, avatar, banner, bio, pronouns, country, teams, organizations, match statistics, experience/points, streaks, and achievements
  • Limited profiles: Display name, username, and avatar only; detailed statistics hidden
  • Private profiles: No information visible to other users

4.2 Leaderboard Data

If you participate in matches, your team’s statistics may appear on public leaderboards, including team name and tag, win/loss/draw records, experience (displayed as XP or points depending on team type), and win rate and streaks. Leaderboard visibility is tied to team participation, not individual profile settings.

4.3 Match Participants

When participating in matches, other participants can see your display name and avatar, your gaming platform usernames (e.g., Activision ID for CoD matches), your team affiliation and role, your attendance status, your chat messages in match chat, and your roster position (active or bench with priority).

4.4 Organization and Team Members

Members of your organizations and teams can see your membership status and role, your roster assignments and bench priority, your attendance for matches, and join request and invite activity (for admins).

4.5 Payment Processor

Payments are processed by Xsolla Inc. When you make a purchase, Xsolla receives your payment information, email address, and transaction details necessary to process your payment. Xsolla’s use of your information is governed by their Privacy Policy available at https://xsolla.com/privacypolicy. We receive transaction confirmations and subscription status from Xsolla but do not receive or store your payment card details.

4.6 Third-Party Applications via API

If you create API keys and authorize third-party applications, those applications can access data according to the permissions you grant (matches at user, team, or organization level; connection data). Access is limited to read-only or read-write based on your configuration. You can revoke access at any time by deleting the API key. We do not share your data with third-party applications without your explicit authorization through API key creation.

4.7 Service Providers

We may share information with third-party service providers who assist us in operating the Service:
  • Convex: Database and backend services (data storage and real-time functionality)
  • Cloud storage providers: For file uploads and media storage
  • Anti-cheat service providers: For maintaining competitive integrity
These providers are contractually obligated to protect your information and may only use it for the purposes we specify. We require all service providers to implement appropriate security measures and to process data only on our instructions. We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas), to protect the rights, property, or safety of TeamBattles, our users, or others, or to enforce our Terms of Service.

4.9 Business Transfers

If TeamBattles is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or uses of your personal information.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

5.1 Account Data

We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

5.2 Match Data

Match results, scores, and statistics are retained indefinitely to maintain competitive records and leaderboards. This data may be anonymized if you delete your account, but aggregate statistics may persist.

5.3 Chat Messages

Match chat messages are automatically deleted 48 hours after a match is completed. This includes all text messages, all uploaded images, all reactions, and all system messages. This automatic deletion is designed to protect your privacy and cannot be overridden.

5.4 Transaction Records

Payment and subscription records are retained for 7 years to comply with tax and accounting requirements. Invite link usage data is retained for audit purposes. Expired or revoked invite links are deleted within 30 days.

5.6 Ban Records

Ban records are retained for the duration of the ban plus 12 months after expiration to prevent abuse and maintain platform integrity.

5.7 Support Tickets

Support ticket conversations are retained for up to 2 years after the ticket is closed.

5.8 API Key Activity

API key usage logs are retained for 90 days for security monitoring and debugging purposes.

5.9 Logs and Analytics

Usage logs and analytics data are retained for up to 12 months for service improvement and security purposes. Records of your consent (including cookie consent) are retained for 3 years as required by California law.

6. Your Rights and Choices

6.1 Access and Portability

You can access your personal information at any time through your account settings. You may request a copy of your data in a structured, commonly used, machine-readable format (JSON or CSV) by contacting us at privacy@teambattles.gg. Response Timeline: We will respond to your request within 30 days (or 45 days for California residents, extendable to 90 days with notice). For EEA/UK residents, we will respond within one month, extendable by two additional months for complex requests.

6.2 Correction (Rectification)

You can update your profile information directly through your account settings. For other information, contact us and we will correct inaccurate data without undue delay.

6.3 Deletion (Erasure / “Right to be Forgotten”)

You can request deletion of your account and associated personal information by contacting support. Note that you must transfer ownership of any organizations you own before deletion, match history and statistics may be retained in anonymized form, and some information may be retained for legal compliance (e.g., transaction records for tax purposes).

6.4 Restriction of Processing

EEA/UK users may request that we restrict processing of your personal information while we verify accuracy, assess a legitimate interest claim, or if processing is unlawful but you oppose deletion.

6.5 Objection to Processing

EEA/UK users may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

6.6 Profile Visibility

You can control who sees your profile by setting your visibility to Public (anyone can view your full profile, statistics, and achievements), Limited (only basic information visible; achievements visible only to organization/team members), or Private (only you can view your profile and achievements).

6.7 Notification Preferences

You can manage your notification preferences in your account settings, including email notifications, push notifications (browser), in-app notifications, and chat sound notifications.

6.8 Gaming Platform Connections

You can disconnect gaming platform accounts at any time through your connections settings. Disconnecting required platforms (like Activision for CoD matches) will prevent you from participating in related matches.

6.9 API Key Management

You can view, edit permissions, and delete your API keys at any time through Developer Settings. Deleting a key immediately revokes all third-party access using that key. Where we rely on consent as the legal basis for processing, you may withdraw consent at any time through your account settings or by contacting us. This will not affect the lawfulness of processing before withdrawal.

7. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

7.1 Right to Know

You have the right to request that we disclose the categories of personal information we collected, the specific pieces of personal information we collected, the categories of sources from which we collected personal information, our business or commercial purpose for collecting personal information, the categories of third parties with whom we share personal information, and the categories of personal information disclosed for a business purpose.

7.2 Right to Delete

You have the right to request that we delete your personal information, subject to certain exceptions (such as completing a transaction, detecting security incidents, or complying with legal obligations).

7.3 Right to Correct

You have the right to request that we correct inaccurate personal information.

7.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

7.5 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:
CategoryExamplesCollectedSource
IdentifiersName, username, email, IP address, account ID, gaming platform IDsYesYou, OAuth providers, automatic
Personal Information (Cal. Civ. Code § 1798.80)Name, email, payment information (via Xsolla)YesYou, Xsolla
Protected Classification CharacteristicsAge (date of birth)YesYou
Commercial InformationPurchase history, subscription status, token balanceYesYou, Xsolla
Internet or Network ActivityBrowsing history on Service, search history, interaction dataYesAutomatic
Geolocation DataApproximate location from IP address, country selectionYesAutomatic, You
Audio, Electronic, Visual InformationProfile images, screenshots, chat imagesYesYou
Professional or Employment InformationNot collectedNoN/A
Education InformationNot collectedNoN/A
InferencesSkill level, preferences, statisticsYesDerived
Sensitive Personal InformationAccount login credentials (via OAuth)YesOAuth providers

7.6 “Do Not Sell or Share My Personal Information”

TeamBattles does not sell your personal information as defined by the CCPA. We do not exchange your data for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.

7.7 Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information associated with that browser.

7.8 Exercising Your Rights

To exercise your California privacy rights, contact us at privacy@teambattles.gg or submit a request through your account settings. Please include “California Privacy Request” in the subject line. We will verify your identity before processing your request by confirming account ownership through your linked OAuth provider. Authorized Agents: You may designate an authorized agent to make requests on your behalf. We will require the agent to provide proof of authorization and may still require you to verify your identity directly.

8. European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR.

8.1 Data Controller

TeamBattles is the data controller responsible for your personal information. You can contact us regarding data protection matters at privacy@teambattles.gg.

8.2 Data Protection Officer

While we are not required to appoint a Data Protection Officer under Article 37 of the GDPR, you may contact us with data protection inquiries at privacy@teambattles.gg.

8.3 Your Rights Under GDPR

In addition to the rights described in Section 6, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law. You can find your local supervisory authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

8.4 International Data Transfers

Your information may be transferred to and processed in the United States and other countries outside the EEA/UK. These countries may have different data protection laws. We protect your information during international transfers using the EU-US Data Privacy Framework (for transfers to certified US organizations), Standard Contractual Clauses approved by the European Commission, and binding corporate rules where applicable. You may request a copy of the safeguards we use by contacting privacy@teambattles.gg. The age at which individuals can consent to data processing varies by country. If you are located in Germany, Netherlands, or Portugal, parental consent is required if you are under 16. If you are located in Ireland, Spain, France, or the UK, parental consent is required if you are under 13. Other EEA countries have thresholds between 13 and 16; check your local law. If you are below the applicable age threshold, a parent or guardian must consent on your behalf.

9. UK Age-Appropriate Design Code (Children’s Code)

For users under 18 in the United Kingdom, we implement the following protections in compliance with the UK Age-Appropriate Design Code: Privacy Settings: Privacy settings default to the highest level for users identified as under 18. Geolocation: Location tracking is off by default for users under 18. Profiling: We do not use profiling that could result in automated decision-making with legal or similarly significant effects on users under 18. Nudge Techniques: We do not use design features that encourage users under 18 to weaken their privacy protections. Connected Toys and Devices: Not applicable to our Service. Transparency: This Privacy Policy uses clear language appropriate for younger users. A summary version is available on request.

10. Other International Privacy Laws

10.1 Canada (PIPEDA and Quebec Law 25)

If you are a Canadian resident, you have the right to access, correct, and request deletion of your personal information. For Quebec residents, parental consent is required for users under 14. Quebec residents may contact us at privacy@teambattles.gg to exercise rights or file complaints.

10.2 Brazil (LGPD)

If you are a Brazilian resident, you have rights similar to GDPR including access, correction, anonymization, portability, and deletion. Processing of children’s data requires specific, highlighted parental consent. We do not transfer children’s data to third parties without explicit parental consent.

10.3 Australia (Privacy Act)

Australian residents have the right to access personal information we hold about you, request correction of inaccurate information, and complain to the Office of the Australian Information Commissioner (OAIC).

10.4 South Korea

For South Korean users, we comply with the Personal Information Protection Act (PIPA). Special protections apply to collection and use of data from minors.

11. Cookies and Tracking Technologies

11.1 Essential Cookies

We use essential cookies to maintain your session and authentication state (7-day session duration), remember your preferences (theme, language, navigation layout), and ensure the Service functions correctly. These cookies are necessary for the Service to function and cannot be disabled.

11.2 Analytics and Performance Cookies

For users outside the EEA/UK, we may use analytics cookies to understand how the Service is used. For EEA/UK users, we obtain consent before placing non-essential cookies. EEA and UK users will see a cookie consent banner upon first visit. You may accept all cookies, reject non-essential cookies, or manage preferences. Consent is recorded and can be changed at any time in your account settings. We refresh consent requests every 12 months.

11.4 Local Storage

We use browser local storage and IndexedDB to cache data for faster loading, store user preferences, and enable offline functionality. Local storage is not transmitted to our servers.

11.5 No Third-Party Tracking

TeamBattles does not use third-party advertising trackers or sell data to advertisers. We do not share your browsing activity with ad networks.

12. Children’s Privacy

TeamBattles requires users to be at least 13 years of age. We use a neutral date-of-birth entry during registration to verify age. Users who indicate they are under 13 are not permitted to create accounts.

12.1 COPPA Compliance (United States)

We do not knowingly collect personal information from children under 13 in the United States. If we learn that we have collected personal information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@teambattles.gg. If we have actual knowledge that a user is under 13 (for example, if they disclose their age in chat), we will suspend the account and delete associated personal information within 24 hours.

12.2 Users Ages 13-17

If you are between 13 and 18, you should use the Service only with the involvement of a parent or guardian. We recommend parents review this Privacy Policy with their children. For California residents under 16, we do not sell or share personal information without opt-in consent. Users ages 13-15 may provide this consent themselves under CCPA; users under 13 cannot create accounts.

12.3 Default Privacy for Minors

For users we identify as under 18, we apply privacy-protective defaults including higher default profile visibility restrictions, limitations on public leaderboard display, and default-off browser notifications.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256), secure authentication using OAuth 2.0, role-based access controls limiting who can view your data, regular security assessments and penetration testing, session management with 7-day expiration, API key hashing (keys are not stored in plaintext), and rate limiting on sensitive operations.

13.1 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach (as required by GDPR), notify the relevant supervisory authority where required, and provide information about the nature of the breach and steps you can take.

13.2 Security Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. The Service may contain links to third-party websites or services (such as Discord servers, Twitch channels, or game platforms). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies. TeamBattles Tools: We may offer browser extensions or companion applications (such as Battles Replay). These tools have their own privacy policies, which are linked from the Tools page. Generally, our tools process data locally on your device and do not transmit personal information to our servers unless explicitly stated. OAuth Providers: When you connect accounts through Discord, Twitch, GitHub, or Battle.net, those providers may collect data according to their own privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the “Last Updated” date, sending you an email notification (for significant changes), and providing in-app notice for substantial changes. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy. For changes requiring consent under applicable law, we will obtain your consent before implementing the changes.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: Email: privacy@teambattles.gg For Data Subject Requests: Please include “Privacy Request” in your email subject line along with your account username and the specific right you wish to exercise. For California Residents: Please include “California Privacy Request” in your email subject line. For EEA/UK Residents: Please include “GDPR Request” in your email subject line. You may also lodge a complaint with your local supervisory authority.
By using TeamBattles, you acknowledge that you have read and understood this Privacy Policy. For EEA/UK users, your continued use constitutes acceptance of data processing for purposes based on contract or legitimate interests; for processing based on consent, we will obtain your explicit consent.