Last updated: June 29, 2026 Operated by: SparkTank Labs LLC ("we", "us"), Delaware, USA. Contact: privacy@recallcards.gg
⚠️ DRAFT — NOT YET LEGAL ADVICE. This is a working draft to satisfy Riot's production-key requirement (a visible Privacy Policy on a domain you own). Before you launch publicly / accept real users, have a lawyer review it — especially the data-handling, RSO, and minors sections. Fill every [BRACKET].
Recall Cards is a post-game analysis tool for League of Legends, operated by SparkTank Labs LLC, a product of SparkTank Labs within the Connect & Thrive ecosystem. Recall Cards is not affiliated with, endorsed by, or sponsored by Riot Games, Inc. League of Legends and Riot Games are trademarks or registered trademarks of Riot Games, Inc.
This policy explains what information Recall Cards collects, how we use it, who we share it with, and your rights. It applies to our website at recallcards.gg and the Recall Cards application.
a. Information you provide / authorize - Your Riot ID (game name + tagline) and/or, if you sign in, your account identity via Riot Sign-On (RSO). RSO uses OAuth2 — we receive an authorization token from Riot; we never see or store your Riot password. - Account/contact details you give us directly (e.g. email, if you create an account or subscribe).
b. Game data from the Riot Games API With your Riot ID or RSO authorization, we retrieve, via the official Riot Games API: - Your account identifier (PUUID). - Match data and match timelines for your games — KDA, CS, gold, damage, vision, objectives, item and event timestamps, and the positions/stats of the other nine players in those matches (this is standard match data Riot exposes; it is used only to produce your analysis).
c. Information collected automatically - Standard technical data when you use the site/app: IP address, browser/device type, and usage logs, for security and to operate the service. - we do not use third-party advertising cookies
We do not show advertising and do not sell your data.
We do not use your data to train foundation models. Match data is sent to our AI inference provider (see §6) solely to generate your individual read, under their API terms (which, for the provider below, do not train on API inputs by default).
You initiate analysis by giving your Riot ID or authorizing RSO. You can stop using the service and request deletion (see §8) at any time. If you authorized RSO, you can revoke that authorization through your Riot account settings.
We share the minimum necessary with: - Riot Games, Inc. — we retrieve your game data from their API under the Riot Developer Terms; we do not send them new personal data beyond standard API calls. - Anthropic, PBC — our AI inference provider. Your extracted match facts are sent to the Anthropic API to generate your read. Anthropic's API terms state inputs/outputs are not used to train their models by default. [Verify current terms at time of launch.] - Stripe — to process subscriptions. They handle card data directly; we do not store full card numbers. - Cloudflare — to host the service. - Legal/safety: where required by law or to protect rights and safety.
We do not sell personal information or share it with advertisers.
Depending on your location (e.g. GDPR/EEA, UK, CCPA/California), you may have the right to access, correct, delete, or export your data, and to object to or restrict certain processing. To exercise these, contact privacy@recallcards.gg. We will respond within the timeframe required by applicable law.
Recall Cards is not directed to children under [13 / the age of digital consent in your jurisdiction]. We do not knowingly collect data from children under that age. League of Legends has its own age requirements; you must meet Riot's age and eligibility requirements to use a Riot account. If you believe a child has provided us data, contact us and we will delete it. [Legal review required — children's-data rules are strict and vary by region.]
We use reasonable technical and organizational measures to protect your data (encryption in transit, restricted access to API keys and stored data). No system is perfectly secure; we cannot guarantee absolute security.
[If you serve users outside your country, note that data may be processed in [country]. Add standard transfer-mechanism language after legal review.]
We may update this policy; we'll post the new version here and update the "Last updated" date. Material changes will be communicated [how].
Questions or requests: privacy@recallcards.gg, [legal entity + address if required].
Recall Cards is not endorsed by Riot Games and does not reflect the views or opinions of Riot Games or anyone officially involved in producing or managing Riot Games properties.