What Data Do OP.GG, U.GG, and Riot API Sites Actually See About You?

The Riot Games API exposes game-related data only — it does not provide access to personal information like your email address, payment details, date of birth, IP address, or any account credentials. The data accessible through the API is limited to in-game identity and performance information: your summoner name and Riot ID, summoner level, ranked tier and LP, champion mastery levels, match history statistics, and live game information when you are currently in a match.

Match history data includes detailed per-game statistics for each participant: items purchased, runes selected, champion played, KDA, CS, damage dealt and received, vision score, gold earned, and dozens of other performance metrics. This data is publicly accessible for any summoner without that summoner's consent, because Riot's privacy policy designates game performance data as public by default. Any developer with an API key can retrieve the match history of any summoner on any region.

Critically, the API does not expose chat logs, friend lists, private messages, or report history. The platform data visible through the API is equivalent to what you see on the post-game scoreboard — it is game performance data, not personal communication data. This distinction is important for understanding the actual scope of third-party data access, which is narrower than many players assume.

Third-party platforms like OP.GG and U.GG store the data they retrieve from the Riot API in their own databases to enable the features their users expect. When you search a summoner on OP.GG, the platform stores a copy of that summoner's match history, champion statistics, and ranked data in OP.GG's own database. This cached copy persists indefinitely — your match history on OP.GG may include games from years ago even if Riot's own API only returns the most recent 100 match IDs.

The aggregate statistics these platforms compute — champion win rates, tier lists, build recommendations — are derived from stored match data. Every game that any summoner has played that was ever fetched by OP.GG or U.GG contributes to these aggregate calculations. The platforms do not need your permission to include your games in aggregate statistics because they are computing summary statistics that do not individually identify you in the output.

Third-party platforms also store usage data about how you interact with their website — which pages you visit, how long you spend on each page, what searches you perform. This is standard web analytics data collected via cookies and analytics services like Google Analytics. This web behavior data is separate from the game performance data pulled from the Riot API and is governed by each platform's privacy policy. Reviewing the privacy policy of each platform you use is the only way to know their specific data retention and sharing practices.

Riot provides a privacy option in the League of Legends client settings that allows players to hide their profile from third-party lookup tools. When this option is enabled, the Riot API returns limited data for that summoner — specifically, the ranked data endpoint and match history endpoint may return empty or restricted responses. Most major third-party platforms respect this privacy setting and will display a privacy-enabled notice rather than game history when they encounter a restricted profile.

The privacy setting has important limitations. It does not retroactively remove already-cached data from third-party databases. If OP.GG has already fetched and stored your last 500 games, enabling privacy on your account stops future data collection but does not delete the historical data OP.GG already holds. The existing cache will gradually become stale as new games are not added, but the old data persists on those platforms until they implement their own deletion or expiry policies.

The privacy setting also does not affect your inclusion in aggregate statistics. Your historical games that were already processed into OP.GG's win rate calculations remain in those calculations even after you enable privacy. Third-party platforms compute aggregate statistics in ways that prevent identifying which individual games came from privacy-enabled accounts, making retroactive exclusion technically impractical. The privacy setting primarily affects individual profile lookup, not aggregate data contributions.

Riot's API terms of service place specific restrictions on what developers can do with the data they retrieve. Key prohibitions include: selling or transferring raw API data to third parties, using API data to create products that provide unfair competitive gameplay advantages, presenting API data in ways that could mislead users about its accuracy or completeness, and using API data for purposes unrelated to League of Legends or other Riot products. These restrictions are enforced through API key revocation for violations.

The terms also require that applications disclose their use of the Riot API and provide users with information about what data is being accessed. This disclosure requirement means legitimate third-party platforms should have privacy policies that explain their data collection, storage, and use practices. Platforms that access the Riot API without complying with these disclosure requirements are operating outside Riot's approved usage guidelines.

Commercial applications that charge users fees for features enabled by Riot API data must receive explicit approval from Riot under their commercial licensing terms. This is why Blitz.gg's premium tier and similar monetized features went through a review process to ensure compliance. Free-tier tools that do not charge users face fewer restrictions but must still comply with all other API terms regarding data handling and feature restrictions.

Third-party sites cannot see your chat messages from any game. In-game chat, post-game chat, friend messages, and lobby chat are not exposed through the Riot API. There are no endpoints for retrieving communication data, which means all the conversations you have had in games are inaccessible to any third-party tool regardless of their access level. This is one of the most important privacy protections in the system.

Third-party sites cannot see your report history, honor level details beyond what appears in public profile data, ban history, or any account moderation actions. The API does not expose these fields. Similarly, your payment history, purchase records, Riot Points balance, and transaction data are entirely outside the API scope. Financial and account security data stays within Riot's own systems and is never accessible to external developers.

IP address and hardware information are also inaccessible through the Riot API. Third-party sites cannot determine where you are located beyond the server region you play on, cannot identify your hardware configuration, and cannot fingerprint your device. The API is scoped entirely to in-game identity and performance data, and the extensive personal and technical data that Riot collects during gameplay remains within Riot's own infrastructure and is not shared through the API.

The primary security risk when using third-party League of Legends sites is not data exposure through the Riot API — that risk is limited to the public game performance data described above. The primary risk is credential phishing. Fraudulent sites designed to look like legitimate analytics platforms sometimes present fake login forms requesting your Riot account credentials. Legitimate third-party analytics sites like OP.GG and U.GG do not require you to log in with your Riot username and password to look up your profile.

Third-party desktop applications like Blitz.gg and the OP.GG app request access to your computer system and running processes to enable their overlay features. This access level is more significant from a security perspective than web-based sites. Before installing any League-related desktop application, verify that it is a legitimate, well-known tool with a clear developer identity, positive community reputation, and a published privacy policy. Unknown or unreviewed desktop applications should be treated with strong skepticism.

Browser extensions that claim to provide League analytics or champion select assistance are another category requiring scrutiny. Browser extensions request broad permissions that may include access to all your web browsing activity, not just League-related sites. Review extension permissions carefully before installation, prefer well-known extensions with large user bases and established reputations, and periodically audit which extensions you have installed and remove any you no longer actively use.

Players in jurisdictions covered by GDPR — primarily the European Union — have the right to request deletion of personal data held by third-party services. OP.GG, U.GG, and other major platforms have privacy contact mechanisms for submitting data deletion requests. However, the scope of what constitutes personal data in the context of game performance statistics is debated — aggregate statistics that cannot identify you individually are typically considered non-personal data and may not be subject to deletion requests.

For game performance data linked to your summoner identity — your personal match history, your ranked history, your champion statistics as cached on third-party sites — you can request deletion by contacting each platform through their privacy channels. Most major platforms will honor deletion requests for summoner-identified records and will also honor Riot's built-in privacy toggle that prevents future data collection. Documenting your request and following up if you do not receive a response within the stated timeframe is advisable.

The most practical step for players concerned about their data is to enable the privacy setting in the Riot client, which immediately limits future data collection by third-party tools, and to contact the support channels of specific platforms where you want historical data removed. For most players, the data held by these platforms — game performance statistics — poses minimal practical privacy risk since it contains no sensitive personal information. The primary privacy consideration is controlling your public gaming identity and performance record, which the privacy toggle addresses.

The most effective privacy practice for League players is using the in-client privacy setting if you do not want your performance history publicly accessible. This setting stops new game data from being retrievable via the API by third-party tools, effectively making your profile invisible to future profile lookups on sites like OP.GG. Note that your games are still played and still contribute anonymously to aggregate champion statistics through Riot's own data pipelines.

Create separate accounts if you want to practice without your main account's statistics being visible. Many high-elo players use alternate accounts for experimenting with new champions or playstyles so their main profile's statistics reflect only their best performance on established champions. This is a legitimate strategy that has nothing to do with smurfing — a fresh account used for personal practice at your actual skill level is a privacy tool, not a cheating mechanism.

Review the privacy policies of any third-party tool you actively use and decide whether their data practices are acceptable to you. The data available through the Riot API is public game performance data, not personal information — but how each platform handles, stores, and potentially monetizes that data varies. Being an informed user of these platforms means knowing what each one does with the data rather than assuming all third-party tools handle it identically.