AlbionCore AlbionCore
Privacy

Privacy policy

Last updated: 2026-05-08 · Plain language, no boilerplate

What is AlbionCore

AlbionCore is a free companion website for players of the MMORPG Albion Online. It helps players track bank inventory, plan crafting routes, monitor market prices, and coordinate party compositions through a Discord-authenticated dashboard. The project is in alpha and source code is publicly available.

What we collect

Discord identity

Your Discord user ID, username, avatar URL, and guild memberships. Obtained via Discord OAuth on first login, with your explicit consent on Discord's authorization screen.

Encrypted Discord OAuth tokens

Refresh + access tokens, encrypted at rest with Fernet. Used so the bot can sync your guild list without re-prompting OAuth. Plaintext is never stored or logged.

In-game data you upload

Bank inventory items, character names + UUIDs observed by the desktop companion, manually-entered wallet balances. You provide this voluntarily — typically by syncing the desktop companion or typing values into the dashboard.

Companion session credentials

SHA-256 hashes of bearer tokens for paired desktop companions. The plaintext token is returned to your computer once at pairing time and never stored server-side.

Why we collect it

Discord identity is required to authenticate you and associate your data with your account. Albion-side data (characters, bank, wallet) is the core function of the service — you upload your own gameplay data to view it on the dashboard.

We do not use your data for advertising, profile-building, or sale to third parties.

The desktop companion

The optional desktop companion application (Windows) reads your own Albion network traffic locally via Npcap, parses the public Photon protocol, and uploads bank snapshots to AlbionCore over HTTPS. It is read-only — it never modifies the game client or sends anything back to Albion. The companion's source code is public alongside the rest of the project.

Third parties

Discord

OAuth login + guild listing.

Albion Online Data Project

Live market prices. We send the items + cities you query; we do not send your account identifiers.

Vercel

Frontend hosting + CDN. Standard web access logs (IP, user-agent) per their privacy policy.

Railway

Backend hosting + Postgres. Same standard hosting logs.

How long we keep data

We retain your data for as long as your account is active. You can delete it at any time:

  • Companion-imported bank rows + linked characters
    Click Disconnect & purge on app.albioncore.com/companion.
  • Manual bank entries
    Delete row-by-row from app.albioncore.com/bank.
  • Full account deletion
    Contact us (see below). We will purge every row associated with your Discord ID across the database.

Security

  • All transport is HTTPS / TLS 1.3.
  • Discord OAuth tokens are Fernet-encrypted with a server-side key never accessible to the frontend.
  • Companion bearer tokens are stored hashed (SHA-256).
  • Database access is restricted to the application backend.

Children

Albion Online's terms restrict play to ages 13+ and AlbionCore matches that. We do not knowingly collect data from children under 13.

Contact

For questions, data export requests, or full account deletion:

contact@albioncore.com

Source-code level detail of any data flow described above is available in the public GitHub repository linked from the homepage.