Logo
CounterWatch

Privacy Policy

Effective date: June 23, 2026

1. Who we are

Counterwatch is operated by Supre.me AB (Swedish company registration number 559424-3163), a company registered in Sweden. Supre.me AB is the data controller for personal data processed through the Counterwatch website (counterwatch.gg) and the Counterwatch desktop application distributed via Overwolf. This Privacy Policy covers both surfaces and explains what we collect, why, and what rights you have.

Because we are established in the EU, we are not required to appoint an Article 27 EU representative. We have not appointed a Data Protection Officer. You can reach us about any privacy matter using the contact details in section 14.

The Overwolf client has its own privacy policy governing the Overwolf platform itself. This policy is not an agreement with Overwolf.

2. Personal data we collect

Depending on how you use Counterwatch, we may collect or receive the following categories of data.

Account information (desktop app and website)

  • Email address (for signed-in users).
  • Single-sign-on (SSO) / authentication identifiers and tokens.
  • Profile information you choose to provide (e.g., display name).

Other players observed in matches

  • To build community statistics and power the app's live-match features, Counterwatch records in-game identifiers (such as Overwatch BattleTags and Marvel Rivals / NetEase ids), the heroes played, and per-match performance stats for players seen in tracked matches. Most of these players are not Counterwatch users: roughly 97% of the players we store have never installed the app.
  • Where this data comes from: identifiers and match stats are captured from live matches through the Overwolf game integration. For Overwatch, we may then collect additional public profile information from Blizzard's public profile pages, looked up using identifiers we already saw in a match. We do not mass-collect profiles.
  • We rely on legitimate interest for this processing. See section 5 for the details and how to object.

Support tickets and attachments

  • When you contact support or submit a ticket, we store your message, your email address, and any files or images you attach (stored in Supabase Storage).

Payment information

  • If you buy a subscription, our payment provider (Tebex) processes the payment. We receive and store payment metadata such as the transaction, subscription tier, and status. We do not receive or store your full card details.

Error and crash diagnostics

  • When the app or website hits an error or crash, we collect technical diagnostics such as error messages, stack traces, and basic device and app context. These are stored in Bugsink, an error tracker we host on our own infrastructure.

Hashed email (desktop app only, advertising identity)

  • For certain user tiers of the desktop app, an email hash may be generated for advertising identity purposes. A hashed email is a cryptographic hash of your email address and is used to help advertisers measure and personalize ads without revealing your plain email address.
  • You can opt out of hashed email usage via Overwolf client settings ("Use data to customize Overwolf for you").
  • The website (counterwatch.gg) does not generate or use a hashed email. The website does carry third-party display ads served by Nitro (NitroPay); those ads do not use a hashed email and are separate from the desktop app's Overwolf advertising (see sections 6 and 9).

Usage and device information

  • Feature interactions and diagnostic / performance information.
  • Technical identifiers such as device type, browser, and IP address, used for security, fraud prevention, and (in the desktop app) advertising.

3. How we use personal data

4. Legal bases for processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

5. Players observed in matches (legitimate interest)

Counterwatch's value comes from real match data. To produce hero win rates, counters, and synergies, and to power the app's live-match overlay, we record in-game identifiers and match stats for the players seen in tracked matches. Most of those players are not Counterwatch users. We process this data under the legitimate interest basis in Article 6(1)(f) GDPR.

What we collect:in-game identifiers (BattleTags, NetEase ids), the heroes played, and per-match performance stats. For Overwatch we may add public profile information from Blizzard's public profile pages, which we use to show individual player profiles in the app. Our community statistics come from this live match data, not from profile pages. We do not collect contact details, real-world identity, or any special-category data about observed players.

Our balancing test, in short: the data is already visible inside the game to everyone in the match; we use only what the game exposes; we do not build advertising profiles from it, contact observed players, or sell it; and aggregate statistics benefit the whole player community. We keep the footprint minimal and redact identifiers when someone objects.

Children: Overwatch and Marvel Rivals are played by minors, so the players we observe can include children. We treat their data with the same limits: we use only the in-game identifiers and gameplay stats the match already shows everyone, we never collect contact details or special-category data, we do not build individual advertising profiles, and what we publish is aggregate. The right to object and to request removal applies equally, and we act on it the same way.

Where it appears: the website currently shows community statistics in aggregate only. It does not list individual players. The desktop app shows individual players for your own matches, the same information the game itself shows you on the scoreboard.

Your right to object: if you are an observed player and you do not want us to process your in-game identifier, you can object or ask us to remove it on the Data requests page. Because we must avoid deleting another person's data, we verify a reasonable connection to the identifier before acting, and we respond within one month.

6. Cookies and similar technologies (website)

The website uses cookies and browser storage to keep you signed in, to understand which features people actually use so we can improve them, and to serve and measure third-party display ads (Nitro and its ad partners). In the EU, EEA, and UK, analytics and advertising cookies load only after you consent through the consent banner.

NameProviderPurposeCategoryDuration
Supabase auth tokens (sb-*)SupabaseSign-in / sessionStrictly necessarySession / up to 1 year
euconsent-v2, ncmp-ccNitro (NitroPay)Records your EU consent choices (consent management platform)Strictly necessary12 months
mp_* (localStorage)MixpanelProduct analytics (anonymous ID, page views, feature usage)Analytics (opt-in)Up to 12 months
_gaGoogleGoogle Analytics: distinguishes site visitorsAnalytics (opt-in)Up to 2 years (browsers may shorten this)
_ga_*GoogleGoogle Analytics: persists session stateAnalytics (opt-in)Up to 2 years (browsers may shorten this)
Advertising cookies (Nitro and Google ad-exchange partners)Nitro (NitroPay), Google, and ad partnersServe, frequency-cap, and measure display adsAdvertising (opt-in in the EU / EEA / UK)Varies by partner (typically up to 13 months)
CCPAOPTOUTNitro (NitroPay)Records a California "Do Not Sell or Share" opt-outStrictly necessaryUntil you clear it

In the EU, EEA, and UK, analytics and advertising cookies are only activated after you accept them in the consent banner. You can change your choice at any time using the "Cookie settings" link in the footer. California residents can opt out of the sale or sharing of personal information using the "Do Not Sell or Share My Personal Information" link in the footer (see section 12).

7. Analytics and error diagnostics

Website: we use Mixpanel for anonymous product analytics and Google Analytics for aggregate traffic measurement. In the EU, EEA, and UK, both load only after you accept analytics in the consent banner. The website does not use session replay or autocapture.

Website advertising:the website shows third-party display ads served by Nitro (NitroPay), an Overwolf company. Nitro and its ad partners may set advertising cookies and process ad-request data to serve and measure ads. In the EU, EEA, and UK this happens only after you consent. See section 9. This is separate from the desktop app's Overwolf advertising.

Desktop app:the app uses Mixpanel for product analytics, including autocapture, which records interactions inside the app so we can find and fix problems and improve features. You can control this through the app's settings and Overwolf's data controls.

Errors and crashes: diagnostics from both the app and the website are sent to Bugsink, an error tracker we host ourselves. They are not shared with a third-party analytics service.

8. Which desktop-app users have hashed emails

Hashed email and advertising behaviour in the desktop app varies by user tier:

TierHas email hashSees ads
GuestNoYes
FreeYesYes
PlusYesNo
PremiumYesNo

9. Sharing personal data

Overwolf (desktop app, required disclosure)

We share desktop-app users' email addresses, SSO information, and data related to advertising (as applicable to your tier) with Overwolf. Overwolf is the platform that distributes the desktop app.

Website display ads (Nitro / Overwolf)

The website's display ads are served by Nitro (NitroPay), part of Overwolf, acting as our ad management partner. To serve, frequency-cap, and measure ads, ad-request data (such as your IP address, device and browser information, approximate location, and the page you are viewing) is shared with Nitro and, under Google Multiple Customer Management (MCM), with Google and its advertising exchanges and partners. In the EU, EEA, and UK this sharing happens only after you consent through the cookie banner, and you can withdraw consent at any time. This website advertising is separate from the desktop app's Overwolf advertising described above.

Service providers (processors)

We share personal data with third-party service providers that help us operate the service. Current processors:

  • Supabase: authentication and backend services, including account management and storage.
  • Mixpanel: product analytics for the website and desktop app.
  • Tebex: payment processing for subscriptions. Tebex processes your payment and returns transaction metadata to us.
  • Google (Google Analytics 4): aggregate website traffic analytics (website only, not the desktop app). Google acts as our processor. Google Analytics sets the _ga and _ga_*cookies to measure how visitors find and use the site. It does not log or store your IP address; the IP is used only to estimate your approximate (city-level) location and is then discarded. We do not link it to Google Ads or use it to build advertising profiles. In the EU, EEA, and UK you can opt out using the Cookie settings link, or anywhere with Google's Analytics Opt-out Browser Add-on. See Google's Privacy Policy for how Google processes this data.
  • Amazon Web Services (AWS): cloud hosting for the website, our backend services, and our self-hosted error tracker. AWS provides infrastructure only and does not use your data for its own purposes.

Our error tracker (Bugsink) is self-hosted on our own AWS infrastructure, so error diagnostics are not shared with a third-party analytics provider. If we add further providers, we will update this Privacy Policy.

Where in-game data comes from (sources, not recipients)

We observe in-game data through the Overwolf game integration, and, for Overwatch, from Blizzard's public profile pages. Blizzard (Overwatch) and NetEase (Marvel Rivals) operate the games and are the source of this data. They are not our processors, and we do not share Counterwatch user data with them.

10. International data transfers

Supre.me AB is based in Sweden, and some of our processing happens outside the European Economic Area, so your personal data may be transferred internationally. Our website, backend services, and self-hosted error tracker (Bugsink) run on Amazon Web Services in the United States (the us-east-1 region). Other providers, including Mixpanel and Google, are also in the United States. For these US transfers we rely on the EU-U.S. Data Privacy Framework and, where applicable, Standard Contractual Clauses (SCCs); Google, AWS, and Mixpanel are certified under the Data Privacy Framework. Our payment provider, Tebex, is in the United Kingdom, which the European Commission recognises as providing an adequate level of data protection. Our website advertising partner Nitro (NitroPay / Overwolf), together with Google and its ad exchanges under Google MCM, may also process ad-request data in the United States and other countries; for these transfers we rely on the EU-U.S. Data Privacy Framework and, where applicable, Standard Contractual Clauses. Each provider is contractually bound to protect your data.

11. Data retention

When we delete personal data, residual copies may remain in encrypted backups until those backups age out on a scheduled roll-off. We do not surgically edit individual records out of backups.

12. Your rights and choices

You have the right to access, rectification (correction), erasure (deletion), restriction of processing, data portability, and objection. To exercise any of these, use the Data requests page.

13. Supervisory authority

If you are in the EU / EEA and you believe we are processing your data unlawfully, you have the right to lodge a complaint with a supervisory authority. The authority for Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY), available at imy.se.

14. Contact information

To exercise your rights or ask questions about this Privacy Policy, contact us:

Name: Supre.me AB
Company registration number: 559424-3163
Address: Kommendörsgatan 9, C/O Tech Farm, 114 48 Stockholm, Sweden
Email: oskar@counterwatch.gg

This Privacy Policy may be updated from time to time. Material changes will be announced on this page with an updated effective date.