What we store, why, and how to wipe it

RUNNER//NET is an unofficial fan project. We store the minimum data needed to make the LFG board work: your bungie.net membership ID, your display name + #code, and a session cookie with your OAuth access token. We don't collect email, payment info, or anything we don't need. You can delete everything tied to your account at any time at /account/delete.

We use a Cloudflare D1 (SQLite) database. The only personal data in it is per-LFG-contract:

• Your bungie.net membership_id (a public identifier from bungie.net).
• Your bungie.net display name and #code (also public on bungie.net).
• The role you took in each contract (host or guest), the status (pending or confirmed), and the timestamp you joined.

We do notstore: your email address, your real name, payment info, IP address, your friend list, your Destiny inventory, or anything else from the Bungie API beyond what's listed above.

All session cookies are httpOnly and secure, scoped to the access-token lifetime (currently ~1 hour, set by Bungie):

• mlfg_access — your Bungie OAuth access token.
• mlfg_membership_id — mirror of your membership ID for fast lookup.
• mlfg_identity— cached display name + code so we don't hit the Bungie API on every page load.
• mlfg_oauth_state — short-lived (~10 min) CSRF token used during the OAuth handshake.
• mlfg_reauth_attempted — short-lived (~2 min) marker used to break re-auth loops if your token gets rejected.

We don't use analytics cookies, advertising cookies, or any third-party tracking.

No one. Your data is not sold, rented, or shared with third parties. The site does send authenticated requests to bungie.net on your behalf using your OAuth token (to read your display name, platform memberships, and friend list); those requests are governed by Bungie's privacy policy. We don't store your data on Bungie's side beyond the standard OAuth grant record they keep.

The site runs on Cloudflare Workers. The D1 database is hosted in the ENAM (eastern North America) Cloudflare region. Cloudflare may handle the data per their privacy policy.

LFG contracts persist in D1 until either (a) the host scrubs the contract via the UI, or (b) you wipe everything tied to your account at /account/delete. There's no automatic expiry today. If we add one we'll update this policy.

• Access: everything we store about you is visible on /runner and on each contract page where you're a member.
• Delete: wipe everything at /account/delete. The deletion is immediate and irreversible.
• Revoke: you can also revoke the OAuth grant on bungie.net at any time, which invalidates our access token.

If we change what we collect or how we use it, we'll update the "LAST UPDATED" date at the top and bump it visibly. There's no email list, so check back here when in doubt.

This is a fan project run by an individual. For questions or data requests, the best path is to file an issue on the project repository (see terms for the unaffiliated-with-Bungie disclaimer).