1. Who we are

Path of Agent is operated by an independent developer based in Germany. Contact: [email protected]

2. What the product does

Path of Agent is a desktop application that analyzes Path of Exile 1 builds. The desktop app runs locally on your computer. It communicates with our backend server for account authentication, credit billing, and AI-powered analysis via OpenAI.

3. Data we collect

Account data

When you create an account, we store your email address and a hashed password. Passwords are hashed with Argon2id and never stored in plaintext. Your email is used for account verification, password resets, and important service notices.

Session data

When you sign in, we create a server-side session linked to a secure cookie. Session records include a session identifier, creation time, and last-active timestamp. You can view and revoke active sessions from your account settings.

Billing data

Credit purchases are processed by Stripe. We never see or store your payment card details. We store only the minimum billing metadata needed for credit accounting: transaction identifiers, credit amounts, and timestamps. Stripe's own privacy policy governs how they handle your payment information.

Usage data

When you run a build analysis, we record the number of credits consumed and basic token usage statistics for billing purposes. The content of your analysis (build data, AI prompts, AI responses) passes through our server in memory while the analysis runs, and is not retained afterwards by default. The one exception is described below under "Optional analysis log sharing".

Build data

Build codes you import are processed locally on your machine by the bundled Path of Building engine. To run the AI analysis, build context is sent to our server and forwarded to OpenAI for the duration of an active analysis session. By default it is held in memory only and discarded when the session ends.

Optional analysis log sharing

The desktop app asks you, the first time you import a build, whether you want to share your analysis logs with us for quality improvement and debugging. The dialog is explicit and the default is off until you choose. Your choice is remembered if you tick "don't ask again", and you can change it later in the app's settings.

If you opt in, the contents of each analysis (build data, AI prompts, AI responses, token usage) are uploaded to our server after the analysis finishes and stored for up to 30 days. We use these logs to debug failures, improve prompt quality, and audit analysis correctness. Logs are not shared with anyone outside the development of Path of Agent and are deleted automatically after 30 days.

Website visits

The public website is static and hosted via Cloudflare. Standard server logs (IP address, browser, timestamp) may be recorded by the hosting infrastructure. We do not use third-party analytics or tracking scripts on this website.

4. Why we process your data

• Account data: to authenticate you and provide the service
• Session data: to maintain your login state and allow session management
• Billing data: to process credit purchases and maintain accurate balances
• Usage data: to bill correctly based on actual usage
• Build data: to generate AI analysis during your active session
• Opted-in analysis logs: to improve the product (debugging, prompt quality, correctness audits)

Legal basis under GDPR: contract performance (Art. 6(1)(b)) for account, billing, and active-session build data; legitimate interest (Art. 6(1)(f)) for security logging and abuse prevention; consent (Art. 6(1)(a)) for optional analysis log sharing.

5. Third-party services

Your data may be shared with the following third parties, only as needed to provide the service:

• OpenAI: Build data and chat messages are sent to OpenAI's API during active analysis sessions. OpenAI's API data usage policy applies. OpenAI does not use API inputs for model training.
• Stripe: Payment processing for credit pack purchases. Stripe handles all card data directly.
• Cloudflare: DNS, TLS, and website hosting.
• Hetzner: Backend server hosting (Germany / EU).

We do not sell your data to anyone.

6. Where your data is stored

Our backend server and database are hosted in the EU (Hetzner, Germany). OpenAI processes data in the United States under their data processing terms. Stripe processes payment data in accordance with their global infrastructure.

7. Data retention

• Account data: retained while your account is active
• Session data: sessions expire automatically; revoked sessions are deleted
• Billing records: retained as required for tax and accounting purposes
• Build data (default): held in server memory only during an active analysis, then discarded
• Opted-in analysis logs: stored for up to 30 days, then deleted automatically
• Security logs: retained for up to 90 days for abuse prevention

8. Your rights

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your account and associated data
• Export your data in a portable format
• Object to processing based on legitimate interest
• Withdraw consent for optional analysis log sharing at any time, in the app or by email
• Lodge a complaint with your local data protection authority

To exercise any of these rights, contact [email protected].

9. Cookies

We use a single authentication cookie to maintain your login session. It is HttpOnly, Secure, and SameSite. We do not use advertising cookies, tracking cookies, or third-party cookie-based analytics.

10. Children

Path of Agent is not directed at children under 16. We do not knowingly collect data from children under 16.

11. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via the website or email. The "last updated" date at the top reflects the most recent revision.