Our Privacy Policy

As with most online services, you trust us (HearthSim, LLC) with your data when you use our websites: HSReplay.net and Untapped.gg (individually referred to as a “Site”, and collectively, “Sites”) and related apps such as the Untapped.gg Companion, Hearthstone Deck Tracker, HSTracker, Arcane Tracker and Lotus Tracker (the Sites and any apps individually/collectively referred to as a “Service” or “Services”). This Privacy Policy is here to help you understand what information we collect, how we collect it, how we store it and what we do with it. If you have any questions or concerns about this policy or your data in general, email us at privacy@hearthsim.net and we’ll get back to you as soon as possible.

We do not collect any special or sensitive categories of personal data, including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning health or concerning a natural person’s sex life or sexual orientation, unless one of the exceptions of Article 9 GDPR apply. If at any time, you feel that this type of information has been requested of you, or been collected from you, by the Service please notify us immediately.

As described in our Terms of Service, you may not use our Services if you are under the age of 13; or, if you are between the ages of 13 and 16, you are below the age of consent in your legal jurisdiction and you do not have the consent of the holder of your parental responsibility. We do not intend to collect or process data from minors falling into these categories.

The last substantive update to this document (excluding formatting changes, typo fixes, etc.) was on 2019-09-30.

Your Data

Account creation

If you create an account at Untapped.gg, the account that you create will be a master account that you will use for future games that we support. In the future, we might migrate HSReplay.net to also use this master account, however initially there will be two account management pages: one for HSReplay.net users (https://hsreplay.net/account/); and, a second one for Untapped.gg users (https://accounts.untapped.gg/settings). Account creation and/or registration for and/or use of any of HeathSim’s Sites or Services is subject to this Privacy Policy and our Terms of Service. Additional information about your privacy and your data can be found in the following sections.

Data that we share with Third-Parties and why

One of our goals in the creation of this service is to understand the games we support and their metagames. We consider it in our legitimate interests to collect and process your data, for example to: provide you with game analysis and statistics tools; and, to contribute that data back to the community in various ways such as blog posts, APIs, and interactive features. Some of these features are monetized in order to help us keep some services free and to ensure the continued development of the many free tools we provide to the gaming community.

As part of our operations and in order to provide you with our services, we sometimes need to share data with third-parties. The list of third-parties we may share data with, why we share data with them, how they use the data, as well as resources on their own privacy policies and compliance information, is available here (we do not endorse nor take any responsibility for the content on or information contained within the third parties’ resources):


Upon signing up with our Service, we ask that you share your email address with us. We will verify that you own this email address by first sending you a verification email.

This address may be used for account and billing related notifications. Furthermore, the billing email is automatically shared with Stripe, our Payment gateway. Your email may be deleted from Stripe by deleting your account with us.

Upon signup or during your usage of the Service, you will also be asked whether you consent, or opt-in, to our collection and processing of your personal data for providing the Service and/or marketing emails and other push notifications (you may opt in or out of any of these marketing choices at any time from the Email section of the relevant Account Settings page). It should be understood that consenting to our collection and processing of your personal data may include transmission of the personal data across international borders, profiling and/or user behavior prediction using the personal data (especially where it involves deck construction, play strategies, and other Gameplay Related Data, as defined in the Terms of Service, analysis).

Regardless of policy, we respect your inbox and we will take great care not to send you unnecessary or unsolicited emails.

Billing data

When opting to make a purchase with us, you implicitly share some information with us that we may store indefinitely for legal and tax compliance purposes.

The type of data received and stored depends on the Payment Provider you use. However, in no case does our Service ever get access to or store any data considered sensitive by The Payment Card Industry Data Security Standard (“PCI-DSS” or “PCI”), such as full payment card number. See below for more information about PCI-DSS. Furthermore, at no point during payment is your information transferred over an insecure connection. As of May 2018, all connections to our Service are encrypted and require TLS version 1.2 or higher.

For PayPal users

Upon making a purchase with PayPal, the following personal information is shared with us from the PayPal account used:

For Stripe users

For all payment methods except PayPal, we use Stripe, a secure payment provider, trusted by thousands of online businesses. When you input payment information on our Service, you are sending it directly to Stripe; our Service does not ever see or store your full credit card number or any information considered sensitive by PCI-DSS.

PCI Compliance

Thanks to the help of our payment gateways, our Service complies with PCI-DSS. For more information on PCI Compliance, please see the following resources:

Hearthstone Deck Tracker & Untapped.gg Companion

The Untapped.gg Companion, Hearthstone Deck Tracker, HSTracker, Arcane Tracker and Lotus Tracker are our official upload clients. Whenever you play a game with one of these products running, the game’s log and other Gameplay Related Data is automatically uploaded to us. You may opt-out of this data collection and processing by uninstalling these Services.

Usage tracking and telemetry

Our servers log requests across our web pages and APIs for security, auditing and debugging purposes. All server logs are destroyed within 14 days, unless exceptional circumstances (such as legal or security reasons) require us to keep them longer.

We use Google Analytics to understand how our users use the website. All data is anonymous. We also use our own internal tracking tooling. Data tracked using our own tools is not sent to a third party, as we process that data ourselves. Further information regarding Google Analytics is available here: https://hearthsim.net/legal/third-parties.html

If you are concerned with usage tracking on the internet, we recommend the EFF’s Privacy Badger browser extension.

The apps we provide as part of the Service also send usage tracking telemetry data to our own servers. Such telemetry helps us understand how our users use the software.


We use third party advertisements to support our sites. Some of these advertisements may be served from our third party advertiser, you can view their privacy policy and cookie policy here. You can manage your cookies using the “Manage Cookie Settings” button at the bottom of our pages.


We and our service providers use cookies, and in some cases pixel tags, to collect information about visitors on our Sites. Cookies may be stored on your computer when you visit our Sites. Unlike cookies, pixel tags are not saved on your computer.

Pixel tags are invisible tags placed on certain pages of our Sites. A pixel tag triggers a cookie when you visit a Site. A cookie is a small piece of data sent from the Site to your web browser and may be stored on your computer’s hard drive. Cookies allow us to recognize your computer while you are on our Sites and it helps us customize your online experience with us and make it more convenient for you. Cookies have many uses, including allowing more efficient log-ins, auto-completing information, tracking interest, traffic or hits, tracking transaction histories and preserving information between your sessions with us. The information collected from cookies may also be used by us to improve the functionality of our Sites to provide better service to you.

There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date. You are entitled to choose whether or not you would like to use cookies. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Blocking all cookies will have a negative impact upon the usability of many websites, including ours.

If you block cookies, you will not be able to use all the features on our Sites.

We use Google Analytics and Comscore to analyze the use of our Sites. Google Analytics and Comscore gather information about website use by means of cookies. The information gathered relating to our Sites are used to create reports about the use of our Sites. Google’s privacy policy is available at: https://www.google.com/policies/privacy/. Comscore’s privacy policy is available at https://www.comscore.com/About-comScore/Privacy-Policy.

We publish Google AdSense interest-based advertisements on our Sites. These are tailored by Google to reflect your interests. To determine your interests, Google will track your behavior on our Sites and on other websites across the web using cookies. You can view, delete or add interest categories associated with your browser by visiting: https://adssettings.google.com. You can also opt out of the AdSense partner network cookie using those settings or using the Network Advertising Initiative’s multi-cookie opt-out mechanism at: http://optout.networkadvertising.org. However, these opt-out mechanisms themselves use cookies, and if you clear the cookies from your browser your opt-out will not be maintained. To ensure that an opt-out is maintained in respect of a particular browser, you may wish to consider using the Google browser plug-ins available at: https://support.google.com/ads/answer/7395996.

Data that Third-Parties share with us and why

We offer solutions to sign in and/or authenticate using third party services. This is colloquially known as “social authentication” or “OAuth login”.

You may elect to connect certain third parties to your HSReplay.net, Untapped.gg, or HearthSim account. Upon doing so, you authorize the third party to share some of your account data with us. This type of authentication is secure and we never gain access to the corresponding account’s password.

You may manage those connections and subsequently delete any data that the third party in question shared with us by removing the account connection from the Connected Accounts section of the Account settings dashboard for the relevant Site.

For detailed information, please refer to the Privacy Policy of the third party in question. Below is a list of the data third parties share with us and their corresponding Privacy Policy. This list is not guaranteed to be exhaustive and we do not endorse nor take any responsibility for the content or information contained therein. We do not share any of your data that these third parties share with us.

Blizzard (“Battle.net”)



How you can verify or view your information

Pursuant to the Right of Access under Article 15 GDPR, you can ask to review any of the information that we have retained, how we have used it, and to whom we have disclosed it at any time by contacting us as indicated in the first paragraph of this Privacy Policy. Subject to certain exceptions prescribed by law, and provided we can authenticate your identity, you will be given reasonable access to your personal information, and will be entitled to challenge the accuracy and completeness of the information and to have it amended as appropriate. You may also ask us to change your preferences regarding how we use or disclose your information, or let us know that you do not wish to receive any further communication from us.

Pursuant to the Right of Rectification under Article 16 GDPR, you may check your information to verify, update, or correct it, and to have any obsolete information removed. If you created an account with our Service or with one of our Sites, you can access and change your online account profile yourself by accessing your Account Management page specified in the Account creation section above.

Account and data deletion

You may delete your account from the Delete account section of the Account settings dashboard for the relevant Site, or by contacting customer support. Deleting your Account according to this section ensures your Right to Erasure under Article 17 GDPR.

Upon doing so, your account will be immediately deleted and you will no longer be able to log into it. Logging back into the relevant Site will require creating a new account.

Except as noted below, all account data is irreversibly wiped once the account is deleted. Gameplay Related Data (card collections or other data related to gameplay) are detached from the account and will only be reachable via their URLs or any page listing them. 

Deleting your account or Gameplay Related Data DOES NOT remove or reset the following data:


Again, if you have any questions regarding this Privacy Policy, please contact us at privacy@hearthsim.net. Thank you.