FarmOps

Privacy Policy

Last updated: January 11, 2026

Michael Ketzer ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our alliance tracking service at lastwar.farm. Personal data comprises all data that can be used to personally identify you.

1. Data Controller

The responsible party for data processing on this website is:

The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Name (optional)
  • Passkey credentials (if you choose to use passkey authentication)

2.2 Alliance and Game Data

When you use the Service, we collect and store:

  • Alliance name and configuration settings
  • Member names and statistics (power, kills, donations, etc.)
  • Storm event participation data
  • VS point and duel scores
  • Screenshots you upload for data extraction

2.3 Server Log Files

We automatically collect certain information when you use the Service:

  • Browser type and version
  • Operating system
  • Referrer URL
  • IP address (anonymized)
  • Date and time of access
  • Pages visited and features used

This data is collected to ensure the stable operation of the website and to improve our Service. The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest).

2.4 Payment Information

Payment processing is handled by Paddle. We do not store your full credit card details. Paddle may collect payment information in accordance with their privacy policy.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your screenshots using AI to extract game data
  • Send you important account and service notifications
  • Process payments and manage subscriptions
  • Respond to your inquiries and provide customer support
  • Improve and optimize the Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

The legal basis for processing is typically Article 6(1)(b) GDPR (contract performance), Article 6(1)(f) GDPR (legitimate interest), or Article 6(1)(a) GDPR (consent) where applicable.

4. AI Processing

We use OpenAI's services to process screenshots you upload. When you upload a screenshot:

  • The image is sent to OpenAI for text extraction
  • We cache the results to avoid reprocessing identical images
  • OpenAI processes data according to their API usage policies
  • We do not use your data to train AI models

5. Data Sharing

We do not sell your personal information. We may share your data with:

5.1 Service Providers

  • OpenAI: For AI-powered screenshot processing
  • Paddle: For payment processing
  • Resend: For email delivery
  • Vercel: For hosting and infrastructure
  • Neon: For database services

5.2 Other Alliance Officers

If you invite officers to your alliance, they will have access to the alliance data including member statistics and imported data.

5.3 Public Pages

If you enable the public stats page feature, selected alliance information will be publicly accessible at your alliance's subdomain. You control which data is visible through your settings.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

6. Cookies

Our website uses cookies. Cookies are small text files stored on your device that help us provide and improve the Service.

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remembering your preferences

We do not use third-party tracking or advertising cookies. You can configure your browser to refuse cookies, but this may limit your ability to use the Service.

7. Data Retention

We retain your data as follows:

  • Account data: Until you delete your account
  • Alliance data: Until the alliance is deleted or subscription lapses
  • Uploaded images: Temporarily processed, then deleted; only extracted data and image hashes are retained
  • Usage logs: Typically retained for 90 days

8. Data Security

We implement appropriate security measures including:

  • SSL/TLS encryption of data in transit (HTTPS)
  • Secure password hashing and session management
  • Regular security assessments
  • Access controls and authentication requirements

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

9.1 Right of Access

You have the right to request information about your stored personal data, its origin, recipients, and the purpose of processing.

9.2 Right to Rectification

You have the right to request the correction of inaccurate personal data or completion of incomplete data.

9.3 Right to Erasure

You have the right to request the deletion of your personal data, subject to legal retention requirements.

9.4 Right to Restriction of Processing

You have the right to request restriction of processing of your personal data under certain circumstances.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

9.6 Right to Object

You have the right to object to the processing of your personal data based on legitimate interests (Article 21 GDPR). If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds.

9.7 Right to Withdraw Consent

If processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

To exercise these rights, please contact us at support@lastwar.farm.

10. Children's Privacy

The Service is not intended for users under 13 years of age (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your data may be processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when changes were last made.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: