I have neither the need nor the desire to do sus things with your data. You are free to audit the source code if it makes you feel better (although you have no way of verifying that code is what's actually running on this webserver). GDPR data requests or whatever can be sent to misfit at misfitmaid dot com.

For those doing unit configuration, which requires logging in (currently via discord), we do a simple oauth request. You can see what data Discord sends to us here (under the identify scope). We don't use or store most of that data tbh. In addition, when logging in we store your IP address and reported user agent for purposes of session identification. This is purged in the normal session expiry process.