1. Scope
This policy covers sotwatch.com, the SoTWatch desktop app and the SoTWatch API. If a future service needs different data, it will tell you before collecting it.
SoTWatch is an independent community project. For privacy questions or requests, contact privacy@sotwatch.com.
2. What we collect
Your account
When you connect Xbox, we receive your Xbox user ID and gamertag. We store the Microsoft refresh credential needed to keep the connection working in encrypted form. The current Xbox sign-in does not request your Microsoft password.
Encounters and sessions
When SoTWatch detects an encounter, it sends the event to our API so we can identify the player and session. We keep the useful result: player XUID and gamertag, timestamp, session ID, server stamp and approximate server location. Your encounter history is private to your account.
Xbox profile data
We may store gamer pictures, presence, gamerscore and Sea of Thieves playtime returned by Xbox services. The same XUID is shared across encounter histories so we do not fetch a new copy for every user.
Your choices
Favorites and private notes are stored with your SoTWatch account. A small heartbeat records that the app is open so we can show the aggregate “Players Sailing Now” count.
Technical data
Our server may temporarily process IP addresses, request times and user-agent information for rate limiting, reliability and abuse prevention. We do not run advertising trackers or third-party analytics.
3. Why we use it
- to sign you in and keep your Xbox connection working;
- to build your encounter and session history;
- to enrich player profiles with Xbox information;
- to keep the service secure and diagnose failures;
- to provide aggregate, non-identifying service statistics.
Core account and encounter processing is necessary to provide SoTWatch. Security and abuse-prevention processing is based on our legitimate interest in operating a reliable service.
4. Storage and sharing
SoTWatch is hosted on Contabo infrastructure in the European Union. Xbox sign-in and profile requests are handled through Microsoft services and remain subject to the Microsoft Privacy Statement.
We never sell personal data. It is handled only by SoTWatch, our EU hosting provider, and Microsoft/Xbox where needed for sign-in and profile lookups. We may provide data when the law requires us to.
5. Retention and deletion
Your account, encounter history, notes and profile links remain until the account is deleted. Expired app heartbeats stop counting after three minutes. Short-lived security and diagnostic records are normally removed within 30 days unless they are needed to investigate abuse or a legal issue.
Account deletion is currently handled by email. Send the request to privacy@sotwatch.com from a contact we can verify. We aim to complete requests within 30 days. You may also ask for access, correction, export, restriction or objection where applicable.
6. Website storage
The public website does not use advertising cookies or tracking cookies. It loads release information and the aggregate live count from SoTWatch services.
7. Changes and contact
Material changes receive a new version date and may require acceptance in the app. Questions, player-profile removal requests and privacy requests go to: