Privacy Policy
Last updated: May 29, 2026
This Privacy Policy explains what personal data TransmogHub collects, why we collect it, who we share it with, and what rights you have. We try to keep this short and readable rather than burying things in legalese.
Who we are
TransmogHub is operated by Qreedence, based in Sweden. For the purposes of the EU General Data Protection Regulation (GDPR), Qreedence is the data controller for the personal data described here.
Contact: dev@transmoghub.com
A quick summary
- We collect only what we need to run the service: your account details and the content you choose to upload.
- We don't use tracking or advertising cookies, and we don't use third-party cookies.
- We never sell your data to anyone.
- Our analytics are anonymous and don't use cookies.
- You can access, export, correct, or delete your data at any time.
What data we collect
Account data
- Email address
- Display name
- Password (stored only as a secure hash — we never see or store your actual password)
Battle.net account (optional)
- If you choose to link your Battle.net account via OAuth, we receive only your Battle.net account ID to confirm ownership. We do not receive your Battle.net password, and Blizzard does not receive your TransmogHub activity. Linking is entirely optional and can be removed at any time.
Content you create
- Uploaded images (screenshots)
- Metadata you add: titles, tags, gear items, armor type, and class
Social activity
- Likes, follows, bookmarks, and reports you make on the platform
Technical data
- IP address and basic browser information, recorded in server logs
- Anonymous, cookieless usage analytics
Why we collect it (legal bases under GDPR)
| Data | Purpose | Legal basis |
|---|---|---|
| Account data | You need an account to use the service | Performance of a contract |
| Content & metadata | To provide and display the service to you | Performance of a contract |
| Battle.net linking | Optional account verification | Consent |
| Server logs | Security, abuse prevention, and debugging | Legitimate interest |
| Anonymous analytics | Understanding usage to improve the service | Legitimate interest |
Where we rely on consent (Battle.net linking), you can withdraw it at any time without affecting the rest of your account. Where we rely on legitimate interest, we've weighed our needs against your privacy and limited what we collect accordingly.
Cookies
We use a single essential cookie: an httpOnly JWT cookie that keeps you logged in. It is strictly necessary for the service to function.
We do not use:
- Tracking or advertising cookies
- Third-party cookies
- Analytics cookies (our analytics are cookieless)
Because the only cookie we set is strictly necessary, no cookie consent banner is required for it.
Who we share data with
We don't sell or rent your data. We use a small number of infrastructure providers ("processors") who handle data strictly on our instructions:
| Provider | Role | Location |
|---|---|---|
| Hetzner | Server and database hosting | Helsinki, Finland (EU) |
| Cloudflare | Image storage (R2, encrypted at rest), DNS, and CDN | EU storage; see transfers below |
| Blizzard Entertainment | Battle.net OAuth — only if you link your account | — |
International transfers. Our primary hosting and image storage are located in the EU. However, Cloudflare is a US-headquartered company, so some processing (e.g. CDN and DNS routing) may involve transfers outside the EU/EEA. Such transfers are governed by appropriate safeguards (such as Standard Contractual Clauses) provided by the relevant processor.
How long we keep it (retention)
- Account data: until you delete your account
- Uploaded content: until you delete it, or until you delete your account
- Server logs: 90 days, then automatically deleted
- Analytics: retained indefinitely in aggregated, anonymous form (it cannot be tied back to you)
How we protect your data
- Passwords are stored only as secure hashes
- Uploaded images are encrypted at rest
- Authentication uses an
httpOnlycookie to reduce the risk of theft via scripts - Connections to the service are encrypted in transit (HTTPS)
No system is perfectly secure, but we take reasonable, proportionate measures for a service of this size.
Your rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten")
- Port your data to another service in a machine-readable format
- Restrict how we process your data
- Object to processing based on legitimate interest
- Withdraw consent at any time (e.g. unlink Battle.net)
To exercise any of these, email dev@transmoghub.com. Many actions (deleting content, deleting your account, unlinking Battle.net) can also be done directly in the app.
If you believe we've handled your data improperly, you have the right to lodge a complaint with the Swedish data protection authority:
Integritetsskyddsmyndigheten (IMY) Website: https://www.imy.se
Age requirement
TransmogHub is not intended for anyone under 16 years of age. By using the service you confirm you are at least 16. If we learn that we've collected data from someone under 16, we'll delete it.
Changes to this policy
If we update this policy, we'll post the new version on this page and update the "Last updated" date above. Significant changes will be communicated where reasonably possible.
Contact
Questions about your privacy? Email dev@transmoghub.com.