Datenschutzerklärung

Track your clan's chest collection progress

🏠 Ranking 🛡️ Stack-Calculator 📊 Research Costs 💬 Support this project
🔐 Admin Login

Privacy Policy (Datenschutzerklärung)

Last updated: January 2026

1. Data Controller & Contact

The data controller for this website is:

Michael Kliem
Email: info@clan-hq.com

Note: A complete postal address will be added soon.

2. General Information

This privacy policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding your data. We take data protection seriously and process your data in accordance with the European General Data Protection Regulation (GDPR).

3. What Data We Collect and Why

3.1 Account Registration Data

When you create an account on Clan-HQ, we collect:

  • Username (chosen by you)
  • Email address (for account verification and communication)
  • Password (hashed using bcrypt - never stored in plain text)
  • Clan ID (to associate you with your clan)

Purpose: Account creation, authentication, and clan membership management.

Legal Basis: Contract fulfillment (Art. 6(1)(b) GDPR) - necessary to provide our service.

Retention Period: Until you delete your account or request deletion.

3.2 Game Login Credentials (Automated Tracker)

This is optional. If you enable the automated chest tracker feature, we collect:

  • TotalBattle Login Email/Username
  • TotalBattle Password
  • Game Server User ID (SUID) (to identify your specific game instance)

Purpose: To automatically log into TotalBattle on your behalf and retrieve your clan's chest collection data for tracking and ranking purposes.

Legal Basis:

  • Your explicit consent (Art. 6(1)(a) GDPR) - you actively choose to enable this feature
  • Contract fulfillment (Art. 6(1)(b) GDPR) - necessary to provide the automated tracking service

Security Measures:

  • All credentials are encrypted using Fernet symmetric encryption (AES 128-bit) before storage
  • Passwords are never stored in plain text
  • Encryption keys are stored separately and securely on the server
  • Credentials are only used to authenticate with TotalBattle servers during scheduled tracker runs
  • Only you (the clan admin who entered them) can view or update these credentials
  • No administrator of Clan-HQ can decrypt or view your password

Data Retention:

  • Stored as long as your clan account is active and the tracker is enabled
  • You can delete your credentials at any time via the Admin Panel (Tracker Management → Credentials)
  • All credentials are automatically deleted when you delete your clan account

Withdrawal of Consent: You can disable the automated tracker and delete your credentials at any time without affecting your Clan-HQ account.

Third-Party Access:

  • Your credentials are only used to authenticate with TotalBattle's servers
  • We do not share your game credentials with any third parties
  • We are not affiliated with, endorsed by, or connected to TotalBattle or its developers

3.3 Game Statistics and Clan Data

We collect and store:

  • Player names (from TotalBattle)
  • Chest collection data (chest types, points, timestamps, sources)
  • Clan statistics (total points, rankings, targets, periods)
  • Historical data (past periods, trends)

Purpose: To display clan rankings, track progress, and provide statistics to clan members.

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) - necessary for the core functionality of the service.

Visibility: This data is visible to anyone who knows your clan ID. See section 3.6 below for details.

Retention Period: Stored indefinitely for historical tracking purposes. Deleted when the clan account is deleted.

3.4 Session Cookies

We use essential session cookies to keep you logged in.

Cookies stored:

  • user_id - Your user ID
  • username - Your username
  • clan_id - Your clan ID
  • is_master_admin - Admin status flag (if applicable)

Purpose: Authentication and session management.

Legal Basis: Technically necessary (Art. 6(1)(f) GDPR) - required for the website to function properly.

Duration: Session cookies expire when you close your browser or log out.

No tracking: We do not use any tracking, analytics, or advertising cookies.

3.5 Donation Information (PayPal)

If you choose to donate via PayPal:

  • We do not collect or store your payment information
  • PayPal processes the payment securely on their platform
  • We only receive a notification that a donation was made (no financial details)

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) - to receive and acknowledge donations.

Third-Party: PayPal - see PayPal's Privacy Policy

3.6 Public Clan Statistics

⚠️ Important: Your clan's statistics are publicly viewable by anyone who knows your clan ID.

What is publicly accessible:

  • Clan rankings (player names, points, chest counts)
  • Individual player details (chest history, collection times)
  • Historical data for past periods

How to access: Anyone with your clan ID can view your clan's statistics at https://clan-hq.com/clan/YOUR_CLAN_ID

Purpose: To allow you to share your clan's progress with friends, clan members, or the wider TotalBattle community without requiring them to create an account.

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) - providing transparency and sharing functionality for game statistics.

What is NOT publicly accessible:

  • Your Clan-HQ account details (email, password)
  • Your TotalBattle game credentials
  • Admin functions and settings
  • Tracker configuration

Privacy Control: If you do not want your clan's statistics to be publicly viewable, do not share your clan ID. The data is not indexed by search engines and can only be accessed by someone who knows the specific clan ID URL.

4. Data Sharing and Third Parties

We do not sell, rent, or share your personal data with third parties, except:

  • TotalBattle Servers: When you enable the automated tracker, we authenticate with TotalBattle's servers using your provided credentials to retrieve game data.
  • PayPal: If you donate, payment processing is handled by PayPal according to their privacy policy.

We do not use any third-party analytics, tracking, or advertising services.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Game credentials encrypted using AES 128-bit (Fernet)
  • Password Hashing: Account passwords hashed using bcrypt
  • Secure Server: Hosted on secure European servers
  • Access Control: Only authenticated users can access admin functions and manage their clan
  • Limited Public Access: Clan rankings and player statistics are publicly viewable if someone knows your clan ID. This allows you to share your clan's progress with others without requiring them to create an account. However, sensitive data (account credentials, admin functions, tracker settings) remains protected and requires authentication.

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights Under GDPR

You have the following rights:

Right to Access (Art. 15 GDPR)

You can request a copy of the personal data we hold about you.

Right to Rectification (Art. 16 GDPR)

You can correct inaccurate or incomplete data via your account settings.

Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

You can request deletion of your personal data by:

  • Deleting your tracker credentials via Admin Panel
  • Deleting your entire clan account via Admin Panel
  • Contacting us at info@clan-hq.com

Right to Restriction of Processing (Art. 18 GDPR)

You can request that we limit how we use your data.

Right to Data Portability (Art. 20 GDPR)

You can request your data in a machine-readable format (JSON export available).

Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interest.

Right to Withdraw Consent (Art. 7(3) GDPR)

You can withdraw consent for the automated tracker at any time without affecting your account.

How to exercise your rights: Contact us at info@clan-hq.com or use the self-service options in the Admin Panel.

7. Data Retention

Data Type Retention Period
Account Data Until account deletion
Game Credentials Until manually deleted or account deletion
Clan Statistics Indefinitely (for historical tracking) - deleted with account
Session Cookies Until browser close or logout

You can delete your data at any time via the Admin Panel or by contacting us.

8. Children's Privacy

Our service is not directed to children under 16. We do not knowingly collect data from children. If you are a parent and believe your child has provided us with personal data, please contact us.

9. International Data Transfers

Your data is stored on servers located in Europe (Germany). We do not transfer data outside the European Economic Area (EEA).

When you enable the automated tracker, your credentials are used to authenticate with TotalBattle's servers, which may be located outside the EEA. This is necessary for the service to function.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. The "Last updated" date at the top will reflect changes. Significant changes will be communicated via email or a notice on the website.

11. Legal Disclaimer

ℹ️ This website is an unofficial fan project for TotalBattle players.

We are not affiliated with, endorsed by, or connected to TotalBattle or its developers. This is a community-run service created by players, for players.

TotalBattle is a trademark of its respective owners. All game data and content belong to their creators.

12. Contact & Complaints

Data Protection Inquiries:
Email: info@clan-hq.com

Right to Lodge a Complaint:
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.

For Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

By using Clan-HQ, you acknowledge that you have read and understood this Privacy Policy.

© 2025 Clan-HQ | Made with ❤️ for your clan

📋 Imprint | 🔒 Privacy Policy | ⚖️ Terms of Service