Privacy Policy
Last updated: April 16, 2026
1. Overview
SaveEditor ("we", "us", "our") operates the SaveEditor website (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
The core principle: save files you upload for editing are never permanently stored. They are uploaded to our server for parsing only, processed in ephemeral server storage, and automatically deleted within 30 minutes. We do not read, analyze, or retain the contents of those files beyond what is required to parse and return them to you.
The one exception is the optional Community Saves feature. If you choose to publicly share a save file there, that file is stored permanently (until you or we remove it) so other users can download it. See section 2.3 below.
2. Information We Collect
2.1 Information You Provide
- Account Data: If you create an account (optional), we collect your email address and display name via third-party authentication providers (Google, GitHub, etc.).
- Payment Data: If you subscribe to Pro, payment processing is handled entirely by Stripe. We never see or store your credit card number.
- Bug Reports & Suggestions: When you submit a report through the in-app Report button, we store the report text, the URL it was sent from, your browser's user-agent string, and your IP address. This is kept until an admin processes or deletes it so we can answer you and detect duplicate spam.
- Community Save Submissions: If you upload a save to the public Community Saves section, the file itself, its title and description, and its associated metadata are stored permanently and shown publicly until you or we remove it.
2.2 Information Collected Automatically
- IP Address: Used for rate limiting (a short cooldown of ~4 uploads per 2-minute window) and abuse prevention. IPs are kept in two places: (a) a short-lived in-memory rate-limit cache that auto-expires within 24 hours, and (b) a persistent audit log in our database — including upload events, error reports and any IPs that have been blocked for abuse. These persistent records are retained for as long as we consider them useful for security and analytics, and are not shared with third parties for marketing.
- Upload Telemetry: For each upload we record the time, file size, detected format, and the requesting IP, so we can show aggregate usage in our admin dashboard and detect abuse. We do not store the file contents or filename in this telemetry.
- Error Reports: When an error occurs we store the error message, stack trace, request path, and your IP so we can debug and respond. These are kept until manually cleared from the admin dashboard.
- Usage Analytics: We use Google Analytics 4 (when configured) and Vercel Analytics / Speed Insights to understand aggregate page views and performance. These services may set their own cookies and are bound by their own privacy policies.
- Cookies: We use essential cookies for session management and theme preference, plus the analytics and (optional) advertising cookies described in our Cookie Policy.
2.3 Save Files
Files uploaded for editing are processed in ephemeral server storage for format detection and parsing. They are automatically deleted within 30 minutes or when the server restarts — whichever comes first. We log file metadata (filename, format detected, file size, and your IP address) for rate limiting and abuse prevention, but we do not read, analyze, log, or retain the actual contents of your files beyond what is necessary to parse and return them to you.
Files uploaded to the Community Saves libraryare different: by submitting a save there you are knowingly publishing it. The file is hosted on Vercel Blob storage, indexed in our database, and made publicly downloadable. The submitter's IP, the file's title, description, associated game and any tags are also stored. You can request removal of any save you submitted by emailing the address in section 10; we will also remove content in response to valid DMCA or other lawful takedown notices.
3. How We Use Your Information
- To provide and maintain the Service
- To enforce rate limits and prevent abuse
- To process payments (via Stripe)
- To improve the Service based on aggregated, anonymous usage patterns
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Third-Party Services
- Vercel: Hosting and edge network provider. Subject to Vercel's Privacy Policy.
- Vercel Blob: Storage provider used for community save files. Same legal terms as Vercel itself.
- Vercel Analytics & Speed Insights: Aggregated, cookieless visitor metrics. No cross-site tracking.
- Neon (PostgreSQL): Managed database where audit logs, blocked IPs, telemetry and community-save metadata are stored. Subject to Neon's Privacy Policy.
- Stripe: Payment processing. Subject to Stripe's Privacy Policy.
- Google Analytics 4: Aggregate usage analytics (only loaded when a measurement ID is configured). Subject to Google's Privacy Policy. We use the default IP-anonymisation behaviour of GA4.
- Google AdSense: Advertisement display (when active). Subject to Google's Privacy Policy. Google may use cookies to serve personalized ads; you can opt out at adssettings.google.com.
- Authentication Providers: Google, GitHub, or other OAuth providers for sign-in. We only receive your email and display name.
4a. International Data Transfers
Our hosting (Vercel) and database (Neon) provide infrastructure in multiple regions. Depending on edge routing, your request and any data we record may be processed in the United States or the European Union. Where personal data leaves the EEA / UK we rely on Standard Contractual Clauses and our providers' equivalent transfer mechanisms.
5. Data Retention
- Files uploaded for editing: Deleted within 30 minutes of upload from temporary server storage; never written to long-term storage.
- Files uploaded to Community Saves: Stored permanently in Vercel Blob and our database until you or we remove them.
- Rate-limit cache (in-memory IP map): Purged automatically within 24 hours.
- Audit log, upload telemetry, error reports, blocked IPs: Stored in our PostgreSQL database (Neon, EU/US region depending on routing). Retained for as long as they are useful for security, analytics and debugging, and may be cleared manually from the admin dashboard.
- Bug reports / suggestions: Stored until an admin processes or deletes them.
- Account data: Retained while your account is active. You may request deletion at any time (see section 6).
- Payment data: Managed by Stripe per their retention policies.
6. Your Rights (GDPR / UK GDPR / CCPA)
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your personal data (the "right to erasure")
- Object to or restrict processing of your data
- Data portability — receive your data in a portable, machine-readable format
- Withdraw consent at any time without affecting prior lawful processing
- Lodge a complaint with your local data protection authority
- Opt out of the "sale" or "sharing" of personal information (CCPA). We do not sell personal information; advertising cookies served by third parties such as Google may, however, be considered "sharing" under California law — see our Cookie Policy to manage these.
To exercise any of these rights, email us at the address in section 10. We will respond within 30 days (or the period required by your local law). For account deletion or data export requests we may need to verify your identity using the email associated with your account.
7. Security
We use industry-standard security measures including HTTPS encryption for all data in transit, secure temporary file handling, and automatic cleanup of uploaded data. No system is 100% secure, but we take reasonable precautions to protect your information.
8. Children's Privacy
Our Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us at: contact.saveeditor@gmail.com