Privacy Policy
Last updated: 18 June 2026
This Privacy Policy explains how Alliance Ops ("the Service", "we") handles the personal data of users ("you") when you use the website and app at alliance-ops.com. Alliance Ops is a fan-made tool for managing alliances in the game "Last War: Survival Game" and is not affiliated with or endorsed by its creators.
1. Data controller
Controller: Alliance Ops. For any privacy matter or to exercise your rights, contact us at privacy@alliance-ops.com.
2. Data we process
- Account data: your email address and password (managed and stored encrypted by our authentication provider). If you enable two-factor authentication (2FA), the TOTP factor configuration is stored, not your codes.
- In-alliance profile data: your in-game name, your role (owner/admin/editor/viewer) and the alliance you belong to.
- Content you enter: member roster, building progress, map layouts, Desert/Canyon Storm and hive plans, weekly history and other data you create or upload.
- OCR images: the screenshots you upload for the Train reader or roster import are transmitted to vision-AI providers to extract the text (see section 5). We do not keep the images once processed; we do record a monthly usage counter (without the image).
- Subscription and payment data: your plan (Free/Plus/Pro) and the customer and subscription identifiers provided by our payment processor. We do not store your card details: payment is processed entirely by the payment provider.
- Integrations: if an admin configures Discord publishing, we store that channel's webhook URL.
- Feedback and support: if you send feedback, its content may be recorded as an issue in our tracking repository.
- Technical data: server logs, aggregated usage and performance metrics, and the strictly necessary information stored in your browser (session, active alliance, language).
3. Purposes and legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide the Service, manage your account and alliance | Performance of a contract (Art. 6(1)(b)) |
| Process payments and subscriptions | Performance of a contract (Art. 6(1)(b)) |
| OCR reading of screenshots at your request | Contract / consent (Art. 6(1)(b)/(a)) |
| Security, abuse prevention and aggregated metrics | Legitimate interest (Art. 6(1)(f)) |
| Service-related communications | Contract / legitimate interest |
4. Retention
We keep your data while your account is active and necessary to provide the Service. If you delete your account or alliance, we delete or anonymise the associated data, except what we must retain for legal obligations (e.g. billing records). OCR usage counters are kept in aggregated monthly form.
5. Processors and third parties (sub-processors)
To provide the Service we rely on providers that process data on our behalf. Each only processes the data necessary for its function:
| Provider | Function | Policy |
|---|---|---|
| Supabase | Authentication, database and storage | supabase.com/privacy |
| Google (Gemini API) | Vision OCR on screenshots | policies.google.com/privacy |
| Anthropic (Claude) | Vision OCR (fallback) | anthropic.com/legal/privacy |
| Creem | Payment and subscription processing | creem.io |
| Discord | Delivery of messages to the webhook you configure | discord.com/privacy |
| Vercel | Hosting and usage/performance metrics | vercel.com/legal/privacy-policy |
| GitHub | Recording of feedback/issues | GitHub Privacy Statement |
6. International transfers
Some of the providers above are located outside the European Economic Area (mainly in the United States). Where an international transfer takes place, it relies on the safeguards provided by the GDPR, such as the European Commission's Standard Contractual Clauses or the EU–US Data Privacy Framework, depending on the provider.
7. Your rights
You may at any time exercise your rights of access, rectification, erasure, objection, restriction of processing and portability, and withdraw any consent given. To do so, write to privacy@alliance-ops.com. You also have the right to lodge a complaint with the competent supervisory authority; in Spain, the Spanish Data Protection Agency (aepd.es).
8. Cookies and local storage
The Service uses browser storage (localStorage) strictly necessary to keep your session and remember your active alliance and language. We use aggregated usage and performance analytics, with no advertising profiling or data sale. We do not use third-party marketing cookies.
9. Minors
The Service is not directed at children under 14 and we do not knowingly collect their data. If you believe a minor has provided us data without appropriate consent, contact us and we will delete it.
10. Security
We apply reasonable technical and organisational measures to protect your data (encryption in transit, role-based access control, per-alliance data isolation and optional strengthened authentication). No system is completely foolproof, but we work to minimise risks.
11. Changes to this policy
We may update this Privacy Policy to reflect legal or Service changes. We will publish the current version on this page and indicate the last-updated date.
12. Contact
For any question about this policy or your data: privacy@alliance-ops.com.