Privacy Policy
Last updated: May 9, 2026
Short Version
RYUREX Ultimate Flipper is local-first, GPL-3.0-or-later open-source software. Most data never leaves your machine. Optional remote features (Discord auth, VPS sync) only transmit what is strictly required. No analytics, no tracking, no data sales.
1. Open Source and Transparency
This software is licensed under GPL-3.0-or-later. The full source code is available for inspection, which means you can audit exactly what data is collected, stored, and transmitted. There are no hidden telemetry hooks.
Author: RYUREX. When the public GitHub repository is available, it will be linked from the About page.
2. Local-First Architecture
All core workflows run on your local machine across three services:
- Engine API —
127.0.0.1:3420 - Head API —
127.0.0.1:3069 - Next.js web —
127.0.0.1:3670
None of these services phone home. Data stays on your machine for all local-mode operations.
3. Data Stored Locally
- SQLite database — trade snapshots, analytics, paper trader records, flip tracker history.
- JSON config files — filters, presets, display settings, bank size.
- Auth session state — local unlock state and remote-connect metadata (no raw keys stored in web layer).
- Log files — runtime and orchestrator logs in
head/logs/.
You can delete any of these files at any time. The tool will regenerate defaults on next run.
4. External Data Sources
Market data is fetched from the OSRS Wiki Prices API (prices.runescape.wiki). This is a public read-only API. Your IP address may be visible to that endpoint as part of normal HTTP requests. No account data or personal identifiers are sent.
5. Discord Authorization (Optional)
- A one-time Discord authorization is required only if you enable protected sync/auth features.
- Authorization tokens are stored locally in
head/auth/and are never echoed back through the web API. - Discord-linked integrations run only when you explicitly configure and enable them.
- You can disconnect Discord auth at any time via the Settings page, which clears the local auth state.
6. VPS Sync (Optional)
If you configure VPS sync, required runtime data (favorites, alerts, paper trader state) is pushed to your configured remote endpoint. This is fully opt-in. The sync destination is entirely under your control — you run the remote server. No data is sent to any RYUREX-operated infrastructure.
7. No Analytics, No Tracking, No Data Sales
- No analytics SDKs, tracking pixels, or telemetry are embedded in this software.
- No usage data is collected by the author.
- Personal data is never sold, rented, or shared with third parties.
8. No AI Robots or Model Training Use
- Automated bots, crawlers, and AI robots may not scrape or bulk-copy this website without explicit written permission.
- Content and data from this service may not be used for AI/ML training, fine-tuning, or evaluation datasets.
- The GPL license governs the source code separately from these access restrictions on the hosted interface.
9. Security
- All services bind to
127.0.0.1only — not exposed to the network by default. - Auth tokens and API keys are stored only in local files under
head/auth/with no web-layer exposure. - You are responsible for securing your local machine and any VPS you configure for remote sync.
10. Your Rights and Control
Since this is local-first open-source software, you have full control:
- Inspect all data storage in the local SQLite DB and config files.
- Delete any or all local data at any time.
- Audit the source code to verify all data flows.
- Fork and modify the software under GPL-3.0-or-later terms.
11. Updates
This policy may be updated when product scope changes. The open-source nature of the project means any changes to data handling are visible in the public commit history once the GitHub repository is published.