privacy · v1

Privacy Policy

Last modified · 2026-05-10

1. About this Policy

This Privacy Policy describes what "Personal Data" we collect about you when you use our League of Legends post-game review services or website (the "Services"), where it comes from, why we collect it, and how it is handled.

If you do not agree with this Policy, please do not use the Services or visit the Website.

Defined terms used here have the same meaning as in our Terms of Service. Where a Section is referenced, it means a numbered chapter of this Policy.

2. Who Controls Your Data

The data controller for the Personal Data described in this Policy is the natural person based in Brazil who operates the lolguidedreview.com website and the related Services. The operator's full legal identification is not published on this page but is available on request to data subjects, regulators, or other parties with a legitimate need, through the contact addresses in Section 15. We act as the controller ("Controller" under the General Data Protection Regulation ("GDPR") and "Controlador" under the Brazilian Lei Geral de Proteção de Dados ("LGPD", Lei nº 13.709/2018).

Our Data Protection Officer / Encarregado de Dados is reachable at privacy@lolguidedreview.com for any privacy-related question or request.

For privacy aspects of League of Legends and the Riot Games API, please consult Riot Games' Privacy Notice. We are not affiliated with Riot Games and do not control how Riot Games processes your data on their side.

3. What Data We Collect

We collect Personal Data in five categories:

A. Account Data

When you register an Account, we collect:

  • Your email address.
  • A password chosen by you, stored only in salted-and-hashed form (we never store the plain text).
  • First and last name, if you choose to provide them.
  • Your preferred display language.

B. Riot Games Identifiers and Match Data

When you connect a summoner to your Account, we collect:

  • The Riot ID (game name + tagline) you provide.
  • The PUUID (Riot's persistent unique identifier) returned by the Riot API.
  • Match summaries and timeline events for the matches we ingest, retrieved from the Riot API. This includes events such as kills, deaths, objectives, gold, vision and item builds at one-minute granularity.
  • Derived metrics we compute from those matches, such as fundamentals scores and per-death context windows.

C. Journal and AI Review Content

When you write self-review notes, journal entries or death tags in the Services, we store that text. We also send it, together with the relevant match data, to our AI provider for the purpose of generating an automated review (see Section 6).

The AI-generated review itself is also stored and linked to your Account.

D. Communications

If you contact us by email or other means, we collect the email address you contact us from and the contents of the message, for the purpose of handling your request.

E. Technical and Operational Data

Like any web service, we automatically collect technical data when you interact with the Services:

  • IP address (from your network connection).
  • User-Agent string (browser and device type).
  • Pages visited, timestamps and request method (server access logs).
  • Error and diagnostic logs, when something fails.
  • Session cookie value (see Section 9).

4. Where We Get the Data

Most of your Personal Data comes directly from you: when you fill in the registration form, add a summoner, or write in the journal.

Match data comes from the Riot Games API, after you provide a Riot ID and authorize us to fetch your matches on your behalf.

Technical and operational data is generated automatically by your device and our servers when you interact with the Services.

We do not buy Personal Data from data brokers, do not scrape third-party sources, and do not enrich your profile with third-party datasets.

5. Why We Process It

Under the LGPD and GDPR, every act of processing requires a legal basis. Ours are:

  • Performance of a contract (LGPD Art. 7, V; GDPR Art. 6(1)(b)): account creation and login, fetching match data, generating the AI self-review, displaying your match list, storing your journal. These are the core functions of the Services and we cannot provide them without this processing.
  • Legitimate interests (LGPD Art. 7, IX; GDPR Art. 6(1)(f)): preventing abuse and fraud, monitoring service health, debugging issues, fixing bugs, and improving the Services on the basis of aggregated and de-identified usage.
  • Compliance with legal obligations (LGPD Art. 7, II; GDPR Art. 6(1)(c)): responding to lawful requests from authorities, retaining limited records as required by Brazilian law (e.g., fiscal records when paid plans launch).
  • Consent (LGPD Art. 7, I; GDPR Art. 6(1)(a)): if and when we send marketing emails, run analytics with tracking cookies, or process Personal Data of minors. Today, we do none of these, so we do not currently rely on consent for any processing. We will ask you for explicit consent if that changes.

6. Who We Share Data With

We do not sell your Personal Data and do not share it with third parties for marketing purposes. We share it only with the following processors, strictly to the extent necessary to operate the Services:

  • Riot Games (United States and various regional entities): we exchange data with the Riot Games API to retrieve your match information. Riot Games is a separate controller for your in-game data and is governed by their own privacy notice.
  • OpenAI, L.L.C. (United States): we send match data and your journal text to OpenAI for the purpose of generating AI self-reviews. OpenAI processes this data under their API Terms and our signed Data Processing Addendum. OpenAI does not, as of the date of this Policy, train its models on data submitted via the API by default.
  • [Hosting provider]: hosts our application servers and database. They process Personal Data only to operate the infrastructure.
  • [Transactional email provider]: sends account-related emails (confirmations, password resets, security notices).
  • Lemon Squeezy (Lemon Squeezy LLC, Merchant of Record): if you upgrade from the free trial to a paid subscription, Lemon Squeezy processes billing-related Personal Data (your name, email, billing address and payment method) as the legal seller of the subscription. Acts as an independent controller for that billing data, governed by their own privacy notice. Users who remain on the free trial do not have billing data shared with Lemon Squeezy.

We may also disclose Personal Data to a court, tribunal, regulator or law enforcement authority when required by law, or to enforce our Terms of Service.

We may update the list of processors over time. If we add or replace a processor in a way that materially changes how your data is handled, we will notify Users by email at least 30 days in advance.

7. International Transfers

We are based in Brazil but use processors located outside Brazil, notably OpenAI in the United States. Cross-border transfers of Personal Data are made under the safeguards permitted by LGPD Art. 33 (specific contractual clauses or equivalent guarantees) and, for transfers from the European Economic Area, the GDPR Standard Contractual Clauses included in our processors' Data Processing Addenda.

You can request a copy of the relevant safeguard documents at the contact address in Section 15.

8. Retention and Deletion

We retain Personal Data only for as long as necessary for the purpose for which it was collected, plus a short cleanup window and any legally required retention period.

  • Account, summoner, match, journal and AI-review data: retained while your Account is active. When you delete your Account, this data is removed from our active systems within 30 days.
  • Backups: we keep encrypted backups of the database for up to 30 days for disaster-recovery purposes. Deleted data is purged from backups as backups roll over.
  • Server access and error logs: retained for up to 90 days, after which they are deleted or aggregated into non-identifying metrics.
  • Communications with us (email support): retained while needed to handle your request and for a reasonable follow-up period; deleted on request when no longer needed for legal reasons.

We may anonymize Personal Data instead of deleting it. Anonymized data is no longer Personal Data and may be retained indefinitely for analytics and service improvement.

9. Cookies and Similar Tech

During beta we use only strictly necessary cookies:

  • A session cookie (set by the Rails web framework) to keep you signed in and to protect the form submissions on the site against forgery (CSRF). This cookie is essential for the Services to function and is not used for tracking or analytics.

We do not currently use third-party analytics, advertising or tracking cookies. If we add any in the future, we will ask for your prior consent through a cookie banner and update this Section.

10. Your Rights

Depending on which law applies to you, you have the following rights over your Personal Data:

  • Confirmation and access: confirm whether we process your Personal Data and obtain a copy of it.
  • Correction: ask us to correct inaccurate or incomplete data.
  • Anonymization, blocking or deletion (LGPD): of unnecessary, excessive data or data processed in violation of the law.
  • Erasure (GDPR "right to be forgotten"): in the situations defined by law.
  • Portability: receive your data in a structured, machine-readable format, or have it transmitted to another provider, where technically feasible.
  • Information about sharing: know with whom your data has been shared.
  • Objection and restriction: object to or restrict processing in the cases defined by law.
  • Withdrawal of consent: at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Information on the consequences of refusing consent (LGPD): we will tell you what happens if you refuse to provide a piece of data we ask for.

To exercise any of these rights, write to privacy@lolguidedreview.com from the email address associated with your Account. We aim to respond within 15 days, extendable by 15 more for complex requests, in line with LGPD Art. 19 deadlines.

11. Minors

The Services are not directed to children under 16. If we discover that we have collected data from a child under 16 without verified parental or guardian consent, we will delete that data as soon as practicable. If you are a parent or guardian and believe a minor in your care has provided us with Personal Data without your consent, please contact us at privacy@lolguidedreview.com.

12. Security

We apply reasonable technical and organizational measures to protect Personal Data, including:

  • HTTPS / TLS encryption for all Web traffic.
  • Salted-and-hashed password storage (never plain text).
  • Access controls on production systems, with credentials separated from source code.
  • Encrypted credentials and secrets stored using industry-standard mechanisms.
  • Database encryption at rest, where provided by our hosting provider.
  • Periodic dependency updates and security checks.

No system is perfectly secure. If we become aware of a breach affecting your Personal Data, we will notify you and the relevant authorities (such as the ANPD in Brazil) within the timeframes required by law.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The most up-to-date version is always available at this URL, with the "Last modified" date at the top.

For material changes (such as new categories of Personal Data, new processors, or new purposes), we will notify Users by email at least 30 days before the change takes effect. Continuing to use the Services after the effective date constitutes acceptance of the updated Policy.

14. Complaints

If you believe we have not addressed your privacy concerns appropriately, you have the right to lodge a complaint with the relevant supervisory authority:

We would appreciate the chance to address your concern first through our own channel before you escalate.

15. Contact

For any question about this Privacy Policy, your data, or to exercise your rights: