Legal
Privacy Policy
AO-SAGE is a fan-made companion site for Albion Online. This policy explains what personal data we collect, why, how long we keep it, and the rights you have over it under the EU General Data Protection Regulation (GDPR).
Last updated: 2026-06-25
Who we are (controller)
The data controller for this site is Lulu Studio, a sole independent operator based in Denmark (EU). You can reach us about anything in this policy at [email protected].
AO-SAGE is a non-commercial fan project run by an individual operator, so there is no company registration and no CVR or VAT number. A postal address is available on request by emailing the address above.
What this site is
AO-SAGE is an independent, fan-made companion site for the game Albion Online - it shows the daily production bonus, item and crafting information, and a royal map. It is not affiliated with, endorsed by, or operated by Sandbox Interactive GmbH, the makers of Albion Online.
Our approach: data minimisation
AO-SAGE is data-light by design. We store only the minimal personal data needed to run an account and keep it secure: the OAuth identifiers your sign-in provider returns (account ID, username, avatar URL, and email only if the provider supplies it - encrypted at rest), plus auto-expiring security/session records (your IP address and browser user-agent, kept ~30 days). Your settings - theme, layout, region, daily-DM opt-in, and any notification webhook - are preferences you choose, not tracking.
Most of what the site shows you is public Albion Online game data, not personal data we collect about you. The daily production bonuses, item / recipe / craft information, and the royal map are public information about the game. The Albion character names and IDs you link are likewise public in-game data (visible through Albion's public API and in-game) that we surface for your convenience - we do not generate or privately hold them.
We run no third-party analytics, no advertising, no cross-site or cross-day tracking, and no profiling, and we never sell or share your data. The only usage measurement we keep is a privacy-preserving daily visitor count - see How we count visitors below.
What data we collect, and why
Account data (when you sign in)
We do not use passwords. You sign in with Discord or Google via OAuth. When you do, we store the account information your chosen provider returns to us:
- your provider account ID, username, and avatar image URL;
- your email address, only if the provider supplies it - and it is encrypted at rest in our database;
- any Albion Online character names / IDs you choose to link to your account (this is user-initiated - we never add characters for you).
Preferences
To make the site behave the way you want, we store the preferences you set: theme, layout, region, your daily direct-message (DM) opt-in, and any notification webhooks you configure (the webhook URL plus a label you give it).
Security & session data
To keep your account secure and to keep you signed in, we store session records that include your IP address and browser user-agent. These session records auto-expire after about 30 days.
How we count visitors (privacy-preserving)
We keep a simple count of how many unique visitors the site has each day. We do this without cookies and without storing your IP address: for each page view we compute a one-way salted hash of your IP address, your browser user-agent, and the current date, and store only that hash. Because the date is part of the hash, the value cannot be linked to you across days, and your raw IP address is never written to disk. The result is an aggregate number ("N visitors today") with no profile and no way to single you out. This is first-party only - no third party ever receives this data.
Legal basis (GDPR Article 6)
- Performance of a contract / legitimate interest - to provide the service you asked for (signing you in, saving your characters and preferences, sending the daily DM you opted into).
- Consent - where you opt in to something specific, such as the daily DM or a notification webhook. You can withdraw consent at any time in Settings.
- Legitimate interest - to keep the service secure and prevent abuse (session records, IP and user-agent logging).
Third parties & processors
We keep third parties to a minimum and we do not sell your data. The parties that may process data in the course of running this site are:
- Discord and Google - OAuth sign-in providers. When you choose one, you authenticate with them and they share the account data described above with us.
- Cloudflare - sits in front of the site as a CDN and secure tunnel, so request data passes through Cloudflare's network.
- Webhooks you configure - if you set up a notification webhook, we send the notification to the URL you chose. That data leaves to a destination you control and that destination's own terms then apply.
We do not load third-party fonts, and we run no third-party analytics, advertising, or tracking.
International data transfers
Some of our service providers process personal data in the United States: Discord and Google (for sign-in) and Cloudflare (for content delivery and security). Where personal data leaves the EU/EEA in this way, the transfer is safeguarded by the EU-US Data Privacy Framework (where the provider is certified) and/or the European Commission's Standard Contractual Clauses.
Data retention
- Account data - kept until you delete your account, which you can do yourself at any time from Settings.
- Session records - auto-expire after about 30 days.
- Audit / security log entries - retained for 24 months, after which they are deleted. When you delete your account, your user identifier in those logs is removed (de-linked) immediately; the action record itself may be kept for security for the remainder of the 24 months.
Your rights
Under GDPR you have the right to:
- Access and portability - you can download a JSON export of your data at any time from Settings → Download my data.
- Erasure - the Delete account feature in Settings removes your account and cascades to your linked data.
- Rectification - you can edit your preferences and linked characters directly in Settings.
- Withdraw consent - turn off the daily DM or remove a webhook in Settings at any time.
- Lodge a complaint - you may complain to the Danish Data Protection Authority, Datatilsynet (datatilsynet.dk), or to your local supervisory authority.
Reported players (the scam / ban / warn list)
AO-SAGE hosts a community scam / ban / warn list - a members-only record of Albion Online players that community members have reported for alleged scamming, real-money trading, account theft or similar conduct. These entries are community-submitted allegations, not verified facts or findings of any crime. If you have been reported, this section explains how that data is handled and how to contest it.
What is held, and where it came from
An entry may include the reported person's in-game name(s) and Discord ID / handle, the report type and reason, the dates, and the community that submitted it. We did not receive this from the reported person - it comes from other community members' submissions, our Discord bot, and ban lists shared by Albion communities (this is the source disclosure required by GDPR Article 14).
Why we hold it, and who can see it
The legal basis is our legitimate interest (GDPR Article 6(1)(f)) in helping the community avoid known scammers, weighed against the reported person's rights and interests. To keep that balance proportionate the list is not public: it is visible to signed-in members only, it is not search-engine indexed, and it is presented as alleged conduct. It is never sold, and never shared outside the members list.
How long we keep it
We keep an entry only while it stays relevant to community safety. We remove an entry when a dispute is upheld, when it is shown to be inaccurate or mistaken, or when it is no longer relevant.
If you have been reported - your rights
You have the right to access the entry, have it corrected (Article 16), have it erased (Article 17), and object to it (Article 21). You do not need an account to do so:
- Email [email protected] with enough detail to find the entry (the in-game name or Discord handle listed), and we will review it and correct or remove it where your objection is justified.
- Signed-in members can also open the entry and use the "Dispute this listing" button, which sends the same request to our moderators.
We review each dispute individually. You may also lodge a complaint with Datatilsynet (datatilsynet.dk).
Cookies
We use a small number of strictly-necessary and functional first-party cookies, and no tracking, analytics, or advertising cookies. See the Cookie Notice for the full list.
Children
AO-SAGE is not directed at, and is not intended for, children under 13. Thirteen is the digital-consent age under the Danish implementation of the GDPR. Note that Discord and Albion Online also require users to meet their own minimum ages.
Changes to this policy
We may update this policy. When we do, we will change the "Last updated" date at the top of the page. Material changes will be made clear on the site.
Contact
Questions or requests about your data? Email [email protected].