CellString Logo

CellString

/ Privacy Policy
Back to Homepage

Privacy Policy

Last updated: December 23, 2025

1. Introduction

Welcome to CellString. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices regarding data collection when you use our website at cellstring.com (the “Service”).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Username
  • Password (stored securely as a cryptographic hash using bcrypt)
  • Display name (optional)

2.2 Linked Game Accounts

When you link your Supercell game accounts (Clash of Clans, Clash Royale, Brawl Stars), we collect:

  • Player tag (game identifier)
  • Player name and basic statistics fetched from official Supercell APIs
  • Verification status

Important: We never store your in-game API tokens or friend links. These are used only once during verification and are immediately discarded.

2.3 Analytics Data

With your consent, we collect anonymous usage data to improve our Service:

  • Pages visited
  • Session duration
  • Outbound link clicks (to tracking sites)
  • Referrer information (how you found us)
  • Browser type and device category

This data is aggregated and cannot be used to identify you personally. You can withdraw your consent at any time through the cookie consent banner.

2.4 Security Data

For security purposes, we log IP addresses for login attempts, password changes, and administrative actions. This data is used solely to protect accounts and detect unauthorized access.

3. Cookies and Local Storage

We use the following cookies:

CookiePurposeDuration
auth_tokenAuthentication (HttpOnly, secure)7 days
csrf_tokenSecurity protection against CSRF attacks24 hours

We also use localStorage to remember your analytics consent preference. No third-party tracking cookies are used.

4. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate you and secure your account
  • To display your linked game statistics
  • To verify ownership of game accounts
  • To improve our Service based on aggregated analytics
  • To detect and prevent fraud or abuse
  • To communicate important updates about the Service

5. Data Sharing and Third Parties

We do not sell your personal information. We share data only in these limited circumstances:

  • Supercell APIs: We query official Supercell APIs using your player tag to fetch game statistics. This is subject to Supercell's privacy policy.
  • Infrastructure providers: Our servers are hosted on DigitalOcean, and we use Cloudflare for security and SSL. These providers may process technical data as outlined in their respective privacy policies.
  • Legal requirements: We may disclose information if required by law or to protect our rights and users' safety.

6. Data Retention

We retain your data as follows:

  • Account data: Retained until you delete your account
  • Analytics data: Raw data is deleted after 90 days; aggregated statistics are retained indefinitely
  • Security logs: Retained for 1 year for fraud prevention

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Update incorrect information via your profile settings
  • Right to erasure: Delete your account and all associated data from your profile page
  • Right to withdraw consent: Opt out of analytics at any time
  • Right to data portability: Request your data in a machine-readable format

To exercise these rights, use the settings in your profile or contact us directly.

8. Security Measures

We implement industry-standard security measures to protect your data:

  • All connections are encrypted using HTTPS/TLS
  • Passwords are hashed using bcrypt with high cost factor
  • Authentication cookies are HttpOnly and Secure
  • CSRF protection on all state-changing operations
  • Rate limiting to prevent brute-force attacks
  • Regular security audits and updates

9. Children's Privacy

Our Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our Discord server or reach out on X (Twitter).