EXILED TOOLS
This product isn't affiliated with or endorsed by Grinding Gear Games in any way. Path of Exile 2 is a trademark of Grinding Gear Games.

Privacy Policy

Effective date: May 2026 · Exiled Tools takes your privacy seriously.

This Privacy Policy explains what information Exiled Tools collects when you use our website at exiledtools.com, how we use it, and what rights you have. We are committed to handling your data transparently and in accordance with applicable privacy law including the UK GDPR and the CCPA.

Data ControllerWhat We CollectCookiesThird PartiesRetentionYour RightsChildrenChangesContact

1. Data Controller

The data controller for this Service is Exiled Tools, operated by its individual owner.

Contact: Contact form at exiledtools.com/faq

Website: https://www.exiledtools.com

2. What We Collect

We do not require registration. We do not collect your email address, payment information, or real-world identity as part of normal Service use.

Data we collect automatically

  • Usage analytics — pages visited, session duration, referring URL, browser type, device type, and approximate country. Collected via Google Analytics 4 using anonymised IP addresses. This data is aggregated and cannot identify you personally.
  • Advertising data — if Google AdSense is active, Google may set advertising cookies to show relevant ads. See section 4 (Third Parties) for details.
  • Server logs — our hosting provider (Vercel) automatically records basic request logs (IP address, timestamp, URL, status code) for up to 30 days for security and operational purposes.

Data collected when you log in with your GGG account

  • OAuth access token & refresh token — stored in a secure, HTTP-only cookie for the duration of your session. Used solely to fetch your stash data from Grinding Gear Games' official API on your behalf. We never store or transmit your GGG password.
  • GGG username — stored in a cookie to display your in-game name in the dashboard. Not stored on our servers.
  • Stash tab contents — fetched live from GGG's API and processed in your browser. We do not store your stash contents on our servers.

Data we do NOT collect

  • Email addresses or real-world names
  • Payment or financial information
  • Chat logs, trade history, or any other game data beyond stash contents (and only when you explicitly log in)

3. Cookies & Local Storage

We use the following categories of cookies. You can control analytics and advertising cookies via your browser settings or an ad blocker. Strictly necessary cookies cannot be disabled without breaking core features.

Strictly necessary (set only when you log in)

Cookie namePurposeTypeDuration
poe_access_tokenGGG OAuth access token — authenticates stash API requestsFunctionalSession / OAuth expiry
poe_refresh_tokenGGG OAuth refresh token — silently renews your sessionFunctional14 days
poe_usernameYour GGG display name for the dashboardFunctionalSession
poe_oauth_stateCSRF protection during OAuth login flowFunctionalMinutes (cleared after login)
poe_code_verifierPKCE code verifier for OAuth securityFunctionalMinutes (cleared after login)

Analytics (Google Analytics 4)

Cookie namePurposeTypeDuration
_gaDistinguishes users (anonymised)Analytics2 years
_ga_*Stores session state for GA4Analytics2 years
_gidDistinguishes users (short-term)Analytics24 hours

Advertising (Google AdSense — only if ads are active)

Cookie namePurposeTypeDuration
IDEGoogle ad targeting and measurementAdvertisingUp to 13 months
ANIDGoogle ad personalisationAdvertisingUp to 13 months
test_cookieChecks whether your browser accepts cookiesAdvertising15 minutes

You can opt out of Google Analytics tracking at any time using the Google Analytics Opt-out Browser Add-on. You can manage advertising preferences via Google Ad Settings.

4. Third-Party Services

We rely on the following third-party services. Each has its own privacy policy:

poe.ninja— Price data aggregation

Price data is fetched server-to-server from poe.ninja. Your browser never contacts poe.ninja directly. We cache responses for up to 5 minutes.

Grinding Gear Games (GGG)— OAuth login & stash API

When you log in, we use GGG's official OAuth 2.0 flow. GGG's own privacy policy applies to that interaction.

Google Analytics 4— Anonymous usage analytics

IP anonymisation is enabled. Data is processed in the EU/US under Google's standard contractual clauses.

Google AdSense— Display advertising (if active)

Google may use cookies to serve personalised or contextual ads. You can opt out via Google Ad Settings.

Vercel— Web hosting & infrastructure

Vercel processes request metadata (IP, URL, timestamp) as part of normal hosting operations.

5. Data Retention

  • OAuth cookies — refresh tokens expire after 14 days or when you log out. Access tokens follow GGG's own expiry schedule.
  • Google Analytics data — retained for 26 months by Google, then automatically deleted.
  • Vercel server logs — retained for up to 30 days.
  • Price cache — in-memory only, reset on server restart. Maximum age 30 minutes.
  • Stash data — not stored. Processed in-memory per request only.

6. Your Rights

Depending on where you are located, you may have the following rights regarding your personal data:

Under UK GDPR / EU GDPR

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Restriction — request that we limit how we use your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — for analytics/advertising cookies, at any time

Under CCPA (California residents)

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information we have collected
  • Right to opt out of the sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, please use the contact form at exiledtools.com/faq. We will respond within 30 days.

You also have the right to lodge a complaint with your supervisory authority. In the UK, that is the Information Commissioner's Office (ICO).

7. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. Path of Exile 2 itself carries a PEGI 18 rating in Europe and a Mature (M) rating from the ESRB in North America.

If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date at the top of this page will always reflect the most recent revision. Where changes are material, we will make reasonable efforts to notify users (for example, via a notice on the home page).

Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

9. Contact & Data Requests

For any privacy-related questions, data access requests, or erasure requests, please use our contact form:

Contact form: exiledtools.com/faq— click “Send a Message” at the bottom of the page.

Please include “Privacy Request” in the subject and describe your request clearly. We will respond within 30 days.

Note for deletion requests: Because we do not store stash contents or item data on our servers, and analytics data is held by Google, most deletion requests will need to be directed partly to Google via their My Account tools. We will assist you in identifying the right steps.

See also: Terms of Service · FAQ