Privacy Policy

Last updated: April 25, 2026

The privacy of your data — and it is your data, not ours — matters to us. In this policy, we lay out: what data we collect and why, how it's handled, and your rights with respect to it. We do not sell your data. We do not run ads.

This policy applies to the OverLooker desktop application, the OverwatchStatsMCP backend service, and the website at overlooker.app (collectively, "OverLooker", "we", "our", or "us").

A note on scope: OverLooker is built and maintained by a single independent developer. It is not a company. References to "we" reflect the development team behind the project, but legally there is one natural person responsible.

What we collect and why

Our guiding principle is to collect only what we need.

Identity and access

When you sign in to the OverLooker backend, we use Google OAuth. We receive your Google account email address and a stable user identifier from Google. We do not receive your Google password and we do not have access to your Gmail, Drive, Calendar, or other Google services.

We store your email address to identify your account and so you can recover access if you sign in from another machine.

Game match data

When you play Overwatch 2 with OverLooker running, we capture and store:

• Match metadata: map, mode, queue type, game type (ranked / unranked / etc.), match start and end times, duration, outcome (victory / defeat / draw).
• Roster information: the battletags and selected heroes of all players in the match (yours and other players'). See "Third-party player data" below.
• Scoreboard statistics: kills, deaths, assists, damage, healing, and similar visible stats for each player at the end of the match.
• Hero swap timeline: which heroes each player switched between during the match.
• Rank progression: your rank, SR changes, and per-hero rank cards shown on the post-match rank screen.
• Live HUD events: payload progress, capture percentages, and similar in-match score events for ranked matches.

We use this data to provide your match history, statistics, filtering, and analysis features inside OverLooker.

Screenshots and video recordings

OverLooker captures screenshots of your Overwatch 2 game window in the following situations:

• Post-match scoreboard ("Tab" screenshots) — used to extract perks, hero panels, and rank information.
• Rank progression screens — captured automatically after ranked matches.
• Hero detail panels and SR cards.

These screenshots may contain other players' battletags as displayed on the in-game scoreboard.

If you enable automatic recording in settings, OverLooker also records a continuous MP4 video of your Overwatch 2 gameplay, plus a structured event log (overwolf.jsonl) and a sidecar metadata file. Recordings are stored locally under ~/.overlooker/recordings/. If you have configured a recording upload destination, recordings are also uploaded to a tus-protocol server for backup and download from other devices.

Recordings contain visible game audio, the in-game UI, and any voice chat or microphone audio that was active during the match if your system was capturing it.

Hypnos chat

OverLooker includes "Hypnos", an optional AI chat assistant. If you enable Hypnos:

• Your chat messages and any attached images are sent to the LLM provider you have configured (OpenAI's Codex API or OpenRouter). Their privacy policies and data-retention practices apply to that data while it is in their hands.
• Chat history is stored locally on your machine at ~/.overlooker/chat.json. It is not uploaded to the OverLooker backend.
• Chat-attached images are stored locally at ~/.overlooker/images/. They are not uploaded to the OverLooker backend.
• Persistent Hypnos files (notes, memories) live under ~/.overlooker/hypnos/ and are not uploaded.

Hypnos is disabled by default. Choosing to enable it means choosing to share the relevant chat content with the LLM provider you configure. We have no visibility into what you send.

Crash reports

OverLooker uses Sentry for crash and error reporting. When an error occurs, Sentry receives:

• A stack trace and error message.
• Anonymized environment information (OS version, app version, screen resolution).
• A breadcrumb trail of recent app events (no message content, no battletags).

Crash reporting is enabled by default but can be turned off in Settings → Interface → Error Reporting. When disabled, no data is sent to Sentry.

Local-only data

The following data is stored only on your computer and never transmitted to OverLooker servers:

• ~/.overlooker/config.yml — your settings, including any LLM API keys you've entered.
• ~/.overlooker/logs/ — application log files.
• ~/.overlooker/recordings/ — local copies of recordings (until uploaded, if uploads are enabled).
• ~/.overlooker/chat.json and ~/.overlooker/images/ — Hypnos chat history and attached images.
• ~/.overlooker/hypnos/ — Hypnos persistent files.

We have no access to any of this data unless you explicitly send it to us (for example, by attaching a log file to a bug report email).

Player notes

OverLooker lets you write free-text notes about other players' battletags ("noted enemy Zarya, plays close to her tank"). These notes are stored on the OverLooker backend, attached to the battletag they describe, and visible only to you.

Notes you write are subject to our acceptable-use rules — defamatory, harassing, or otherwise abusive content may be removed. See the Terms of Service.

Third-party player data

This is the most important section to read carefully.

OverLooker captures match data that necessarily includes information about other Overwatch 2 players present in your matches — players who have not signed up for OverLooker and have not consented to its use. Specifically, we collect:

• Their battletags as shown in the match.
• Their selected heroes and hero swaps during the match.
• Their visible scoreboard statistics at the end of the match.
• Their appearance in screenshots and recordings of the match.

We process this data on the basis of legitimate interest under GDPR Article 6(1)(f). The legitimate interest is enabling our users to review and analyze their own competitive matches — a recognized purpose closely connected to gameplay improvement.

We balance this interest against the rights of the players whose data is captured by:

• Not making any other player's data publicly searchable.
• Only serving a player's data back to OverLooker users who actually played in matches with them.
• Honoring deletion requests from any individual whose battletag appears in our records (see "Your rights" below).
• Not selling, monetizing, or transferring this data to third parties.

If you are a player who has been recorded in another OverLooker user's match and you want your data removed, email privacy@overlooker.app. We will verify your control of the battletag (typically through an in-game profile screenshot) and complete removal within 30 days.

When we access or disclose your information

We use a small number of third-party processors to operate the Services. The current list:

We do not share your data with any other parties.

A human (the developer) may access your data only in these limited cases:

• To respond to a support request you make. We will only access data tied to the issue you reported, and only as needed to resolve it.
• To investigate an automated process failure. When a server-side error occurs, the developer may need to look at the affected data to understand and fix the underlying bug.
• To investigate abuse. If we receive a credible report of abuse or terms-of-service violation, we may review the relevant account data.
• When required by law. We will only preserve or share data if compelled by a legally binding order from a competent authority. We will notify the affected user before disclosure unless legally prohibited from doing so.

We do not look at your data for marketing, product analytics, or any purpose other than the above.

Your rights with respect to your information

We apply the same data rights to all users, regardless of location:

• Right to know. You have the right to know what personal information is collected and how it's used. This policy describes that.
• Right of access. You may request a copy of the personal data we hold about you.
• Right to correction. You may request correction of inaccurate personal data.
• Right to erasure. You may request deletion of your data. Granting this request will close your OverLooker account and remove all match data tied to you.
• Right to portability. You may request an export of your data in a machine-readable format (JSON).
• Right to object. You may object to our processing of your data on legitimate-interest grounds. This applies in particular to other players whose battletags appear in our records.
• Right to complain. You have the right to lodge a complaint with your local data protection supervisory authority. In the EU, this is your country's data protection authority; in the UK, the ICO.

To exercise any of these rights, email privacy@overlooker.app. We will respond within 30 days, with a possible 60-day extension for unusually complex requests (we will tell you if we need the extension).

We may need to verify your identity before responding — typically by confirming you control the email address tied to your OverLooker account, or for non-user requests, by verifying you control the battletag in question.

How we secure your data

• All data transmitted between the OverLooker desktop app and the backend is encrypted in transit via HTTPS / TLS.
• Backend authentication uses Google OAuth with PKCE; we never see or store your Google password.
• Backend data is stored in a PostgreSQL database with access restricted to the developer.
• Recording uploads use bearer-token authentication.
• The OverLooker desktop app's installer is code-signed.

We do not encrypt match data or screenshots at rest in the database — they need to be served back to you on demand. If you store anything in OverLooker that you would consider highly sensitive, please reconsider; OverLooker is a hobby-scale companion app, not a security-certified service.

Data retention

• Match data, screenshots, player notes: retained for as long as your account is active. We do not currently auto-expire match history. We may introduce a retention policy in the future and will notify you in-app before doing so.
• Recordings (server-side): retained until you delete them via the app or via deletion request.
• Recordings (local): retained according to the recording.keep setting in your config (default: 5 most recent).
• Crash reports (Sentry): retained according to Sentry's default retention (currently 90 days).
• Logs (local): kept on your machine; we do not have access.
• Account deletion: when you request deletion, your data is removed from active systems within 30 days and from backups within 60 days.

Location of site and data

The OverLooker backend currently runs on infrastructure outside the European Union. If you are located in the EU, UK, or elsewhere, please be aware that any information you submit to OverLooker will be transferred to and stored on servers in another jurisdiction.

By using the Services, you consent to this transfer.

We rely on the GDPR Article 49(1)(a) derogation (explicit consent) and the legitimate-interest balancing test for the processing of EU-resident data. We are happy to enter into a Standard Contractual Clauses (SCC) data processing addendum with any user who requires one — contact privacy@overlooker.app.

Changes and questions

We may update this policy as the Services evolve or to reflect changes in applicable law. Changes are tracked in the project's git history. Whenever we make a significant change, we will refresh the date at the top of this page and notify you in-app via the changelog modal on next launch.

For any questions about this policy, your data, or your rights, email privacy@overlooker.app.

This policy is adapted from the 37signals/Basecamp Open Source Policies, used under the MIT License.