Privacy Policy

Last updated: May 8, 2026

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Patrick Wegner
Am Campus 2
48565 Steinfurt
Germany
Email: contact@r6-replay.com

2. Overview

This Privacy Policy explains what data we collect, how we use it, how private match data is protected, and what rights you have under the GDPR.

Our basic approach is: private team matches stay private to the authorized users of that team or workspace; official and public matches may be used for public analytics

3. Data We Collect

3.1 Account Data

When you create an account or accept an invitation, we may collect:

  • Email address
  • Display name, team, or organization details if provided
  • User ID and account metadata
  • Authentication credentials stored in encrypted form
  • Subscription, plan, or billing status where applicable

Legal basis: contract performance (Art. 6(1)(b) GDPR), legitimate interest in operating and securing the Service (Art. 6(1)(f) GDPR), and consent where required (Art. 6(1)(a) GDPR).

3.2 Replay Files and Match Data

When you upload replay files, we collect and process:

  • The uploaded replay file
  • Parsed match data, such as rounds, players, operators, events, statistics, and outcomes
  • Upload timestamps, file metadata, parsing status, and error information
  • Workspace, team, or access-control information needed to show the match to authorized users

Legal basis: contract performance (Art. 6(1)(b) GDPR) to provide the analysis service, and legitimate interest (Art. 6(1)(f) GDPR) for security, debugging, service improvement, and abuse prevention.

3.3 Usage, Device, and Log Data

We automatically collect technical and usage information, such as:

  • IP address, which may be shortened, masked, or otherwise protected where appropriate
  • Browser type and version
  • Operating system and device information
  • Pages visited, feature usage, and interaction events
  • Date and time of access
  • Error logs, performance metrics, and security events

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in keeping the Service secure, reliable, and useful.

3.4 Analytics Data

We use PostHog EU Cloud for product analytics, error investigation, and understanding how the Service is used. Analytics may include feature usage, upload and parsing events, page navigation, error events, and general interaction data.

For visitors in EU privacy regions, optional browser analytics only runs after consent. Client-side PostHog analytics is disabled for logged-in users.

We do not use PostHog to intentionally share private replay files, private match contents, or private team strategy with other teams or public users.

Legal basis: consent (Art. 6(1)(a) GDPR) for optional browser analytics in EU privacy regions, and legitimate interest (Art. 6(1)(f) GDPR) for security, reliability, and abuse-prevention logging.

Processor: PostHog EU Cloud. See the PostHog Privacy Policy.

4. Match Privacy

4.1 Private Team Matches

Private team matches, scrims, practice sessions, internal reviews, and non-public uploads are available only to the uploading user, authorized team or workspace members, and limited service operators where operational access is necessary.

We do not publish, sell, disclose, or make available private match-specific data, private replay files, strategies, player statistics, analysis results, or outcomes to other teams, public users, or unauthorized third parties.

4.2 Official and Public Matches

Official, tournament, broadcast, publicly available, or otherwise public match data may be used for public analytics, public statistics, research, model improvement, and product features.

4.3 Ranked Matches

The Service is not intended to analyze ranked matchmaking games. Ranked matches are excluded from public analytics and public model-training datasets where we can identify them, and we may reject or remove ranked replay uploads.

5. Machine Learning and Service Improvement

We may use replay-derived data to improve parsing, statistics, detection logic, reliability, quality assurance, and machine-learning models used by the Service.

For private team matches, this use is limited to anonymized or de-identified derived data. We remove or transform direct identifiers such as account IDs, uploader information, team names, player names, private match IDs, file names, and metadata that is not needed for improvement. We also avoid using private match data in a way that is intended to reveal a team's specific strategy, performance, match history, or private analysis to other users.

Where data can no longer reasonably identify a person, team, account, private match, or strategy, we treat it as anonymized data. Where re-identification remains reasonably possible, we treat the data as personal data or confidential match data and continue to protect it under this Privacy Policy, the Terms, and applicable law.

We do not provide raw private replay files or private match datasets to third-party model providers for their own model training unless this is covered by a separate written agreement or a clearly disclosed policy update.

6. How We Use Data

We process data for the following purposes:

  • Service provision: accounts, authentication, replay parsing, analysis, access controls, and result display
  • Team privacy: restricting private matches to authorized users and workspaces
  • Service improvement: debugging, quality assurance, parsing improvements, model evaluation, and feature development
  • Security: detecting abuse, fraud, unauthorized access, scraping, and security incidents
  • Support: responding to requests, investigating errors, and communicating service notices
  • Public analytics: creating statistics and insights from official, public, aggregated, or anonymized data
  • Legal compliance: meeting legal obligations and enforcing our Terms

7. Storage and Retention

Core Service data is stored on infrastructure located in Germany. Some analytics data is processed by PostHog EU Cloud. We do not intentionally transfer private replay files or private match contents outside the EU/EEA.

Typical retention periods:

  • Account data: until account deletion or as long as needed for legal, billing, security, or dispute purposes
  • Private replay files and match data: until you delete them, your account is deleted, or retention is otherwise needed for security, legal, or backup purposes
  • Official and public match data: as long as useful for public analytics, historical statistics, product features, or research
  • Log data: normally up to 90 days, unless longer retention is needed for security, debugging, abuse investigation, or legal reasons
  • Analytics data: according to our PostHog settings and PostHog EU Cloud retention options
  • Anonymized or aggregated data: may be retained for service improvement, research, statistics, and model development

Backups may retain deleted data for a limited period before they are overwritten according to our backup cycle.

8. Data Sharing and Processors

We do not sell your personal data or private match data. We share data only where needed to operate the Service, comply with law, or protect our rights and users.

  • Hosting and infrastructure providers: server infrastructure, storage, networking, and backups
  • PostHog EU Cloud: product analytics and error investigation
  • Payment providers: payment processing and billing, where paid plans are used
  • Legal, security, or compliance recipients: where required by law or necessary to protect the Service, users, or our rights

Processors are required to protect data under appropriate contractual terms, including data processing agreements where required by GDPR.

9. Cookies and Local Storage

We use browser storage mechanisms such as:

  • Essential cookies: authentication, session management, security, and core Service operation
  • Analytics cookies or storage: product analytics and usage measurement, where permitted
  • Preference storage: theme, UI preferences, and similar settings

You can control cookies through your browser settings. Blocking essential cookies may prevent parts of the Service from working correctly.

10. Security Measures

We use technical and organizational measures designed to protect data, including:

  • Encrypted transmission through HTTPS/TLS
  • Protected password storage
  • Authentication and access controls
  • Workspace and team-based authorization for private match access
  • Logging and monitoring for security, abuse, and reliability
  • Backups and infrastructure safeguards
  • Limited operational access where necessary

No internet service can guarantee absolute security, but we work to protect your data and respond to risks appropriately.

11. Your GDPR Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): request a copy of your personal data
  • Right to rectification (Art. 16 GDPR): correct inaccurate personal data
  • Right to erasure (Art. 17 GDPR): request deletion of personal data
  • Right to restriction (Art. 18 GDPR): restrict certain processing
  • Right to data portability (Art. 20 GDPR): receive certain data in a portable format
  • Right to object (Art. 21 GDPR): object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3) GDPR): withdraw consent where processing is based on consent

To exercise your rights, contact us at contact@r6-replay.com. We will respond within the time required by law. You also have the right to lodge a complaint with a data protection authority.

12. Account and Data Deletion

You can request deletion of your account and associated personal data by contacting contact@r6-replay.com.

After a valid deletion request, we will delete or anonymize personal data as required by law, including:

  • Account and authentication data
  • Personal profile information
  • Private replay files and private match data associated with your account, unless continued retention is legally required or necessary for security, billing, dispute, or backup reasons
  • Personal identifiers in logs where reasonably possible

Aggregated, anonymized, or de-identified data that no longer reasonably identifies you, your team, a private match, or private strategy may be retained for service improvement, statistics, and model development.

13. Children and Age Requirements

The Service is intended for users who meet the age requirements for Rainbow Six Siege and for entering into these Terms in their jurisdiction. We do not knowingly collect personal data from children who are not legally permitted to use the Service.

If you believe a child has provided personal data without proper permission, please contact us.

14. International Transfers

We aim to store and process personal data within Germany and the EU/EEA. If a transfer outside the EU/EEA becomes necessary, we will use appropriate safeguards required by GDPR.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in the Service, legal requirements, analytics practices, or data-processing activities. We will provide reasonable notice of material changes, such as by email or a prominent notice in the Service.

16. Contact

If you have questions about this Privacy Policy or our data practices, please contact:

Patrick Wegner
Email: contact@r6-replay.com
Address: Am Campus 2, 48565 Steinfurt, Germany