Plainly: how this works.
How the site is built, what data is collected (and isn’t), how it’s protected, and who answers when something goes wrong.
This project is developed with the assistance of AI tools, including Claude Code.
AI helps accelerate development, research, debugging, and iteration. Every feature, design decision, security control, and production deployment is reviewed and approved by a human: me.
AI does not operate this service autonomously.
Before changes are released, they are tested, validated, and quality-checked. User feedback, bug reports, and feature requests are reviewed directly, and accountability for the platform remains with the project owner.
Using AI allows this project to move faster. It does not remove responsibility for the quality, security, or reliability of what is shipped.
- Passwords. We never store passwords. Period. Sign-in goes through Discord OAuth, Google OAuth, or a passwordless email magic link — the password (if any) lives at your identity provider, not here.
- Marketing data. No newsletters, no broadcast emails, no audience lists. If you sign in with email, your address is used to send your one-time login link — that’s it.
- Resale or sharing. We do not sell your data, trade it, or share it with third-party brokers.
- Cross-site tracking pixels. No third-party tracking scripts beyond standard, non-personalized page-view analytics (Vercel Analytics). We also run a first-party visitor counter (anonymous random ID stored in your browser, hashed before our database ever sees it) so we can show “online now” on /status — it respects your Do Not Track signal and never leaves our servers.
- Your in-game name. You provide it on registration so we know which PUBG account to archive.
- A login identifier. Either your Discord ID, your Google sub, or your email (for magic-link). This is how we recognize you when you come back.
- Public PUBG match data. Pulled from Krafton’s official PUBG API: matches, kills, weapons, positions, placements. Same data anyone with an API key could pull about that same public account.
- (Optional) a personal PUBG API key. If you choose to add one in your dashboard, it gives your account a dedicated sync lane. Storing it is opt-in, and donating its idle capacity to other operators is a separate opt-in toggle (default off).
- HTTPS everywhere. All traffic to and from the site is encrypted in transit.
- API keys encrypted at rest. If you save a personal PUBG API key, it’s encrypted in the database with AES-256-GCM. Even we don’t read it without the encryption key.
- No password storage to leak. Because we never store passwords, a database breach can’t leak them. OAuth and magic links sidestep the whole class of risk.
- Session revocation. If you ever need to sign out everywhere, we can revoke every active token on your account on request.
If you find a bug, a security issue, or an incorrect result — please report it. There is a Feedback button on every page, and impersonation reports go through a dedicated review queue. Continuous improvement is part of the process.
Using AI lets this project move faster. It does not remove responsibility for the quality, security, or reliability of what is shipped.