XIVAuth Privacy Policy

XIVAuth collects information that you provide to us to provide and improve our services.

Collected information includes:

XIVAuth may use your information for internal analytics, reporting, and security purposes. For example, use of certain apps or features may be logged to prioritize performance improvements or identify abuse. User information is never shared for marketing purposes, including but not limited to advertising.

XIVAuth does not participate in data aggregation or collection of information other than what was explicitly shared. It does not purchase or scrape information from other data sources except when necessary to provide its own services (e.g., Lodestone for character data). Likewise, XIVAuth will not sell or provide information to third parties without explicit user consent or for XIVAuth's business needs (i.e., an explicitly noted sub-provider, below).

XIVAuth cannot see your activity on other websites or services, including those that use XIVAuth for authentication. XIVAuth does not, and will not, support receiving telemetry reports from these services. It does not monitor, track, or collect data from external services beyond the information you have explicitly shared with XIVAuth.

If compelled by law enforcement or other legal processes, XIVAuth may be required to disclose user information. As of May 1, 2026, XIVAuth has not disclosed information to law enforcement.

I am not a lawyer. Please do not sue me.

Data Subprocessor List

The following subprocessors are used by XIVAuth in some capacity:

Subprocessor Purpose Location
Railway Web hosting and data storage United States
Amazon Web Services Web hosting and data storage United States
Cloudflare DDoS protection, CDN services, performance analytics United States
Sentry Logging, error reporting, metric analytics United States
Postmark / ActiveCampaign Email delivery services United States