Path of Agent
Desktop analysis for PoE 1
Download
Privacy

Privacy Policy

Last updated: March 2026. This policy describes what data Path of Agent collects, why, and how it is handled.

1. Who we are

Path of Agent is operated by an independent developer based in Germany. Contact: contact@pathofagent.com

2. What the product does

Path of Agent is a desktop application that analyzes Path of Exile 1 builds. The desktop app runs locally on your computer. It communicates with our backend server for account authentication, credit billing, and AI-powered analysis via OpenAI.

3. Data we collect

Account data

When you create an account, we store your email address and a hashed password. Passwords are hashed with Argon2id and never stored in plaintext. Your email is used for account verification, password resets, and important service notices.

Session data

When you sign in, we create a server-side session linked to a secure cookie. Session records include a session identifier, creation time, and last-active timestamp. You can view and revoke active sessions from your account settings.

Billing data

Credit purchases are processed by Stripe. We never see or store your payment card details. We store only the minimum billing metadata needed for credit accounting: transaction identifiers, credit amounts, and timestamps. Stripe's own privacy policy governs how they handle your payment information.

Usage data

When you run a build analysis, we record the number of credits consumed and basic token usage statistics for billing purposes. We do not store the content of your analyses, chat messages, or build data on our servers after a session ends.

Build data

Build codes you import are processed locally on your machine by the bundled Path of Building engine. Build data is sent to our server only for the duration of an active analysis session to enable AI-powered recommendations. It is held in memory and not persisted to a database.

Website visits

The public website is static and hosted via Cloudflare. Standard server logs (IP address, browser, timestamp) may be recorded by the hosting infrastructure. We do not use third-party analytics or tracking scripts on this website.

4. Why we process your data

  • Account data: to authenticate you and provide the service
  • Session data: to maintain your login state and allow session management
  • Billing data: to process credit purchases and maintain accurate balances
  • Usage data: to bill correctly based on actual usage
  • Build data: to generate AI analysis during your active session

Legal basis under GDPR: contract performance (Art. 6(1)(b)) for account and billing data; legitimate interest (Art. 6(1)(f)) for security logging and abuse prevention.

5. Third-party services

Your data may be shared with the following third parties, only as needed to provide the service:

  • OpenAI — Build data and chat messages are sent to OpenAI's API during active analysis sessions. OpenAI's API data usage policy applies. OpenAI does not use API inputs for model training.
  • Stripe — Payment processing for credit pack purchases. Stripe handles all card data directly.
  • Cloudflare — DNS, TLS, and website hosting.
  • Hetzner — Backend server hosting (Germany/EU).

We do not sell your data to anyone.

6. Where your data is stored

Our backend server and database are hosted in the EU (Hetzner, Germany). OpenAI processes data in the United States under their data processing terms. Stripe processes payment data in accordance with their global infrastructure.

7. Data retention

  • Account data: retained while your account is active
  • Session data: sessions expire automatically; revoked sessions are deleted
  • Billing records: retained as required for tax and accounting purposes
  • Build data: not persisted — exists in server memory only during active sessions
  • Security logs: retained for up to 90 days for abuse prevention

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Object to processing based on legitimate interest
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact contact@pathofagent.com.

9. Cookies

We use a single authentication cookie to maintain your login session. It is HttpOnly, Secure, and SameSite. We do not use advertising cookies, tracking cookies, or third-party cookie-based analytics.

10. Children

Path of Agent is not directed at children under 16. We do not knowingly collect data from children under 16.

11. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via the website or email. The "last updated" date at the top reflects the most recent revision.