Climber.gg is in open beta. Sign up free; paid plans launching soon.What's live
climber.gg
Log inGet started

Privacy policy

Last updated: 10 June 2026

1. Controller

climber.gg is operated by its founder as a sole proprietor based in Germany (full operator details are being finalised and will be published here and in the Impressum). The operator is the data controller within the meaning of Art. 4(7) GDPR. Contact: privacy@climber.gg. See also the Impressum.

2. Data we collect

  • Account: email, hashed password (or OAuth provider ID), display name, locale.
  • Game identifiers you link voluntarily: Riot ID, Steam ID, FACEIT nickname — strictly the publicly available identifiers needed to fetch your game statistics.
  • Game data fetched on your request from the providers in section 5: match history, match timelines, ranked statistics. We cache this data to power your analyses.
  • Coaching content: the questions you ask, the AI replies, and your feedback on answers (👍/👎 ratings and optional comments).
  • Billing metadata via Polar (our merchant of record): customer ID, plan, country, last 4 digits of the card. We never see or store your full card number.
  • Product analytics (only with your cookie consent): page views, funnel events (e.g. signup, account connect, first analysis) and the acquisition source you arrived from (UTM parameters).
  • Operational logs: IP address, browser, request paths (kept ≤30 days for security).

3. Lawful bases (Art. 6 GDPR)

Account, game-data fetching, coaching and billing data: performance of a contract (Art. 6(1)(b)). Operational logs, abuse prevention and service security: legitimate interests (Art. 6(1)(f)). Product analytics and error reporting: consent (Art. 6(1)(a)) given via the cookie banner — you can use the service fully without granting it.

4. AI processing

Your coaching questions and the relevant cached game data are sent to our AI providers (Anthropic and OpenAI) to generate answers. Under their API terms, these providers do not use data submitted via the API to train their models. We do not use your data to train models either. Coaching output is informational and involves no automated decision-making with legal or similarly significant effect (Art. 22 GDPR).

5. Processors and data sources

We share data only with the processors needed to run the service:

  • Vercel (application hosting), Cloudflare (coach backend, DNS) — infrastructure.
  • Neon (PostgreSQL database, EU region — Frankfurt).
  • Anthropic, OpenAI (AI inference for your coaching prompts, USA).
  • Polar (merchant of record for payments, USA).
  • Resend (transactional email, USA).
  • PostHog (product analytics — consent-gated), Sentry (error reporting — consent-gated).
  • Inngest (background jobs, USA).

Game data is retrieved from the official Riot Games API (LoL, TFT), OpenDota (Dota 2), FACEIT (CS2) and the HenrikDev API (Valorant) using only the public identifiers you provided. Their respective terms apply to that data. climber.gg is not endorsed by Riot Games (see the notice in the footer).

Where processors are located outside the EEA, transfers rely on an adequacy decision (e.g. the EU-U.S. Data Privacy Framework) or Standard Contractual Clauses. Each processor is bound by a data processing agreement.

6. Retention

  • Account data, coaching content and the game-data cache: until you delete your account (or unlink the game account for its cached data).
  • Billing records: 10 years (German tax retention obligations, §147 AO).
  • Operational logs: 30 days.
  • Analytics events: per PostHog retention settings, currently ≤12 months.

7. Your rights

You have the rights of access, rectification, erasure, restriction, portability and objection (Art. 15–21 GDPR). You can export or delete your data yourself in Settings, or email privacy@climber.gg. Where processing is based on consent, you may withdraw it at any time with effect for the future (via the cookie banner choice stored on your device). You may lodge a complaint with a supervisory authority (Art. 77 GDPR) — in Germany, the authority of your federal state.

8. Cookies and local storage

Essential, always on: the sign-in session cookie and your cookie-consent choice (stored in your browser). Optional, only after you accept: PostHog analytics and Sentry error reporting, plus a first-visit acquisition snapshot (UTM source) stored in your browser. Declining keeps every feature working.

9. Children

The service is intended for users aged 16 and over.

10. Changes

We will notify you by email about material changes at least 30 days before they take effect.