JonKazama-Hellion/HellionChat
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Releases 42 Activity
Files
73a8532e2620ab4e7e83eb196a004492ef8d3263
HellionChat/PRIVACY.md
T
JonKazama-Hellion 0220e5d756 chore(linting): refresh configs and sweep auto-fix 
Pull in the refreshed linter and tooling configs (editorconfig,
gitignore, gitattributes, prettierignore, prettierrc, markdownlint,
yamllint, env.example, dotnet-tools) and run prettier and markdownlint
in --fix / --write mode across the repo so the existing tree matches
the new rules.

- prettier 2-space indent on yaml/yml and json overrides, asterisk
  strong, underscore emphasis, proseWrap always
- markdownlint MD007 indent aligned to 2 and MD049 to underscore so
  prettier output stays passing
- preflight Block F also ignores CLAUDE.md (gitignored personal file)
- prettierignore extended to keep HellionChat.yaml manifest and the
  NuGet packages.lock.json out of the formatter

No semantic content changed; csharpier, build, full build-suite
(729/729) and the new prettier/markdownlint/yamllint checks all green.
2026-05-17 17:20:55 +02:00

230 lines
11 KiB
Markdown
Raw Blame History

# Privacy notice
HellionChat is a Dalamud plugin for FINAL FANTASY XIV, focused on giving the user explicit control
over what their chat client stores locally. This document describes what the plugin does with your
data, what it does not do, and how you exercise the rights the GDPR gives you over data you generate
yourself.
This document is informational. The maintainer of HellionChat is **not** a controller or processor
of your data in the GDPR sense, because no data ever leaves your machine on the maintainer's
infrastructure. Independently of that, the plugin is built so that you can act on your own data the
way the GDPR expects.
Last reviewed: 2026-05-05 (HellionChat v1.1.0).
---
## TL;DR
- All chat data the plugin stores stays on your machine, in your Dalamud
`pluginConfigs/HellionChat/` directory.
- The plugin does not phone home. No telemetry, no analytics, no crash reporter, no usage counter,
no remote update check beyond what Dalamud itself does.
- One outbound network call exists by design: the BetterTTV emote service (for chat emotes). It is
documented in detail below and can be reasoned about per request.
- You can export every message the plugin has stored, in Markdown, JSON or CSV, and you can wipe
stored history per channel, per date range, or globally.
---
## What the plugin stores locally
HellionChat keeps three kinds of state on your machine, all under
`%appdata%\XIVLauncher\pluginConfigs\HellionChat\` on Windows
(`~/.xlcore/pluginConfigs/HellionChat/` on Linux/macOS via XIVLauncher Core):
1. **Configuration** (`HellionChat.json`). Plugin settings, channel whitelist, retention values,
layout state, theme colours. Contains no chat content.
2. **Message database** (SQLite file in the same directory). Chat messages from the channels on your
whitelist, stored as MessagePack-encoded blobs. The default whitelist out of the box covers only
your own conversations: tells, party, free company, linkshells, cross-world linkshells, alliance,
ExtraChat. Public chat, NPC dialogue, system messages and battle logs are dropped on the storage
layer and never written to disk.
3. **Cached emote images** (`EmoteCacheV1/` directory). Image files downloaded from BetterTTV when
an emote appears in a message you receive. See "Outbound network calls" below.
There is no shared state with the upstream Chat 2 plugin. `pluginConfigs/HellionChat/` is
independent from `pluginConfigs/ChatTwo/`.
### Retention defaults
- Tells: 365 days
- Your-conversation channels (party, FC, linkshells, cross-world LS, alliance, ExtraChat): 90 days
- Global default for anything else: 30 days
**Retention is off by default.** The plugin does not delete anything on its own until you explicitly
turn the retention sweep on in the settings. Until then, stored messages stay until you clear them.
---
## What the plugin does not store
- Public chat (`/say`, `/yell`, `/shout`), NPC dialogue, system messages and battle logs. These are
filtered before they reach the storage layer.
- Anything from channels you remove from the whitelist. The privacy filter runs on the way in, not
on the way out.
- Login credentials, character IDs, account IDs. The plugin uses whatever Dalamud already exposes
about the local character to attribute messages. Nothing of that is sent anywhere or persisted
beyond the message itself.
---
## Outbound network calls
HellionChat makes two kinds of automatic outbound network requests. Both are inherited from upstream
Chat 2 and both are documented here because "GDPR-by-design" means you should know what your client
does on your behalf.
### 1. BetterTTV emote service (`api.betterttv.net`, `cdn.betterttv.net`)
- **What it does:** When a chat message arrives that references a BetterTTV emote, the plugin asks
the BetterTTV API for the emote metadata and downloads the image from the BetterTTV CDN to display
it inline.
- **What is sent:** A standard HTTPS GET request. Your IP address reaches BetterTTV (unavoidable for
any HTTPS request); the request itself contains no identifying user data, no character name, no
message text. Only the emote ID being looked up is in the URL path.
- **When it triggers:**
- The emote _list_ (global emotes plus the top-1500 community emotes over fifteen API pages) is
fetched from `api.betterttv.net` once per session at plugin startup, provided the **Show
emotes** option is on. This first list-fetch happens before any chat message has arrived.
BetterTTV's edge therefore sees your IP as soon as the plugin loads, not only after an emote is
mentioned.
- The individual emote _images_ on `cdn.betterttv.net` are fetched on demand, only when an
incoming chat message contains a token matching one of the cached IDs. These are cached locally
(`emoteCache/`) and reused across sessions.
- **Cached:** Yes, in `emoteCache/`. A given emote is downloaded once per machine and reused.
- **How to opt out:** Turn off the **Show emotes** option in Settings → Chat. With it disabled, the
emote cache does not load and no requests to BetterTTV are made for the rest of the session.
- **BetterTTV's privacy policy:** <https://betterttv.com/privacy>
Source: `HellionChat/EmoteCache.cs`.
### 2. Square Enix Lodestone font (removed in v1.0.4)
Earlier versions of HellionChat (and upstream Chat 2) downloaded `FFXIV_Lodestone_SSF.ttf` from
`img.finalfantasyxiv.com` once during font setup. That code path was a leftover from upstream's
removed webinterface feature and was no longer consumed anywhere. The in-game symbol glyphs (job
icons, item glyphs, status effects) come from Dalamud's bundled symbol-font helper, not from the
downloaded TTF.
The download was removed in v1.0.4. As of that version HellionChat makes no automatic network call
to Square Enix or to any `finalfantasyxiv.com` host.
Cached `FFXIV_Lodestone_SSF.ttf` files left over from earlier versions remain in
`pluginConfigs/HellionChat/` until manually deleted. They are no longer read.
### Links you click yourself (no automatic traffic)
The settings panel contains a few buttons that open external pages in your browser when you click
them: the upstream Chat 2 GitHub repo, the upstream maintainers' Ko-fi pages, the HellionChat issue
tracker and `hellion-media.de`. Nothing happens until you click. They are documented here for
completeness, not because they generate background traffic.
---
## What the plugin does not do
- **No telemetry.** Source verified: no calls to AppInsights, Sentry, PostHog, Plausible, Google
Analytics, Microsoft Clarity or any comparable service exist in the codebase, nor in the direct
dependencies the plugin pulls in. See `docs/THIRD_PARTY_NOTICES.md`.
- **No crash reporting.** Crashes go to Dalamud's local `xllog`, not to a remote endpoint controlled
by HellionChat.
- **No usage counters.** The plugin does not count installs, sessions, feature usage, channel
activity or anything else for the maintainer.
- **No phone-home update check.** Updates are delivered through Dalamud's plugin installer, which
polls the custom-repo `repo.json` on GitHub. That is GitHub's traffic and falls under GitHub's
privacy policy. The plugin code does no separate update check.
- **No background sync.** Messages stay on your machine. No cloud backup, no sharing feature, no
remote viewer.
---
## Your data, your rights
The GDPR gives you specific rights over data about you. Because HellionChat stores everything
locally, those rights translate directly into plugin features:
### Right to access (Art. 15)
Use the export feature in the plugin settings. You can export to **Markdown**, **JSON** or **CSV**,
filtered by channel, date range or sender substring. The export goes through a Dalamud file dialog
and writes wherever you point it, on your machine.
### Right to erasure (Art. 17)
Two options:
1. **Targeted deletion.** The "retroactive cleanup" feature lets you apply your current whitelist to
the existing database. It shows a preview of what will be removed before you confirm with
Ctrl+Shift, runs in the background, and calls `VACUUM` afterwards to actually shrink the file.
2. **Full deletion.** Close the game and delete the `pluginConfigs/HellionChat/` directory. The next
plugin start will produce a fresh, empty configuration.
### Right to portability (Art. 20)
The JSON and CSV exports are open formats. The Markdown export is human-readable and
machine-parseable. Nothing is locked into a proprietary container.
### Right to object / restrict processing (Art. 21, 18)
Adjust the channel whitelist or set retention to a low value. Both take effect immediately on new
messages. Existing data needs the retroactive cleanup to apply retroactively, by design.
---
## Third parties involved
| Party | Why they appear | What reaches them | Their privacy policy |
| ---------------------------------------------------------- | -------------------------------------------------- | ------------------------------------------------------------------------ | -------------------------------------- |
| BetterTTV (NightDev LLC) | Optional emote rendering | HTTPS request for an emote ID; your IP | <https://betterttv.com/privacy> |
| Hellion Forge (Gitea, self-hosted by Hellion Online Media) | Plugin distribution via custom repo, issue tracker | Whatever the Gitea instance sees from any HTTPS request to a public repo | <https://hellion-media.de/datenschutz> |
| Dalamud / XIVLauncher (goatcorp) | Plugin loader, font subsystem, repo polling | Whatever Dalamud reports for itself; out of HellionChat's scope | <https://github.com/goatcorp/Dalamud> |
The Hellion Forge Gitea instance and the Dalamud/XIVLauncher loader are unavoidable for anyone using
HellionChat through Dalamud at all. BetterTTV is the only third party HellionChat introduces on top
of that baseline, and it is opt-out via settings.
---
## Dependencies that touch the network
For a full dependency inventory see `docs/THIRD_PARTY_NOTICES.md`. Of the direct dependencies the
plugin pulls in:
- `MessagePack`: local serialisation, no network.
- `Microsoft.Data.Sqlite`: local SQLite access, no network.
- `morelinq`: LINQ helpers, no network.
- `Pidgin`: parser combinators, no network.
- `SixLabors.ImageSharp`: image decoding (used for the BetterTTV emote pipeline), no network on its
own.
The single network call listed under "Outbound network calls" is written directly in HellionChat's
own source, not delegated to a dependency.
---
## Changes to this notice
If a future release changes what HellionChat stores, sends or caches, this document will be updated
and the change called out in the changelog block of that release. The "Last reviewed" date at the
top tracks the version this document is accurate for.
---
## Questions
For privacy-related questions specific to HellionChat:
- Email: `kontakt@hellion-media.de`
- Discord DM: `@j.j_kazama`
Security-relevant findings (for example, the plugin storing or sending something this document says
it does not) go through the private advisory in `SECURITY.md`, not a public issue.
---
Maintained under **Hellion Forge**, the modding and plugin line of **Hellion Online Media** | Bad
Harzburg | [hellion-media.de](https://hellion-media.de)
Reference in New Issue View Git Blame Copy Permalink