Terms of Service & Privacy Policy

API Key Usage

When you log in, your Torn API key is used to verify your identity via the official Torn API and to fetch faction data on your behalf.

• Your key is encrypted using AES-256-GCM before being stored in our database. It is never stored or logged in plain text.
• Only a masked preview (first 4 and last 4 characters) is displayed in the interface.
• The key is only decrypted server-side at the moment of making Torn API calls.
• A Limited API key is sufficient — we do not require or accept Full access keys.
• You can remove your API key at any time from the Settings page.

Server-side API Calls

We send requests to the API and only read the returned data.

• User basic info (player ID, name, faction membership)
• Faction member lists and online/idle/offline statuses
• Personal stats (xanax consumption, overdoses, play time)
• Battle stats estimates (via FF Scouter integration, if configured)
• Ranked war data (scores, results, opponent detection)
• Faction upgrades and respect data
• Armory usage logs (item use, fills, loans)
• Company data (employees, stock, funds, daily income, activity)
• Energy level, drug cooldown, and medical item cooldown

A Limitedaccess key is required for full functionality (some endpoints like faction upgrades require it). No actions are ever performed on your behalf — all calls are read-only.

Third-Party Services: Battle Stats

Battle stats estimates displayed on Torn Intel are fetched from third-party services:

• BSP — a paid service. To use BSP stats on Torn Intel, you must have an active BSP subscription.
• FF Scouter— a free alternative for battle stats estimates.
• Torn Intel is not affiliated with BSP or FF Scouter. We only use their APIs to fetch stat estimates on your behalf.
• If you do not have a BSP subscription, battle stats features will simply be unavailable — all other features work without it.
• BSP battle stats are only visible to you if you have an active BSP subscription — other users without a subscription will see FF Scouter estimates instead.

Third-Party Services: TornStats

You may optionally provide a TornStats API key to import spy report data:

• Your TornStats key is encrypted with AES-256-GCM, same as your Torn API key.
• We use it to fetch spy reports (battle stats: strength, defense, speed, dexterity) for faction members.
• If you provide a TornStats API key, spy data is synced every 6 hours and stored in our database. It is only visible to members of your faction by default — not shared with other factions.
• Alliance Spy Sharing — If your faction is part of an alliance on Torn Intel, alliance leaders may set up spy sharing agreements with other allied factions. If a spy sharing agreement is accepted between two factions, both factions gain read access to each other’s TornStats spy data. Sharing is always bilateral: if faction A shares with faction B, faction B’s data becomes visible to faction A and vice versa. You can view and manage active sharing agreements from the Alliance › Spy Sharing tab.
• You can remove your TornStats key at any time from the Settings page.
• Torn Intel is not affiliated with TornStats.

Company Data

If you are employed at a Torn company, we collect company data to power the Company Dashboard:

• Daily snapshots: income, wages, funds, stock, employee effectiveness, advertising budget.
• Activity snapshots every 5 minutes: employee online/idle/offline status for heatmap visualizations.
• You can share your company data with other players via the sharing feature. Shared users get read-only access to all company data.
• You can revoke shared access at any time.

Spy Credits & Payments

Pro users can purchase spy credits to watch additional factions (beyond the 3 included with Pro):

• Credits are purchased by sending Xanax in-game. 2 Xanax = 1 spy credit.
• Credits are debited automatically every 30 days (1 credit per paid watched faction).
• Credits never expire — they remain in your balance until used.
• If your credit balance reaches zero, paid watched factions are deactivated (most recently added first). Existing data remains readable.
• Up to 30 watched factions total (3 free with Pro + 27 with credits).
• All Xanax payments are logged for transparency and visible in your account.

Watched Factions & Global Data

To optimize API usage and provide faster access, faction stats data (personal stats, activity, armory) is shared globally across all tenants:

• If multiple factions watch the same opponent, data is collected once and shared — reducing API load.
• Battle stats (BSP) remain private and per-faction, as they require individual subscriptions.
• Activity heatmaps aggregate data by hour and day of the week to show average patterns.

Data Collection & Retention

Data Access & Sharing

• Your faction’s data is only accessible to authenticated members of your faction.
• Watched (opponent) faction data is visible to your faction’s members only. Non-BSP stats may be shared globally to avoid duplicate API calls.
• Company data is private to the owner, unless explicitly shared via the company sharing feature.
• We do NOT sell, share, or provide your data to any third party.
• All collected data originates from publicly available Torn API endpoints or user-provided third-party keys (TornStats).
• Energy, drug cooldown, and medical item cooldown data is collected and shared with other Cat Script users within your faction only. This data is not visible to members of other factions.

Security Measures

• API keys encrypted at rest with AES-256-GCM (same standard used by banks)
• Two-Factor Authentication (2FA) available via TOTP — compatible with Google Authenticator, Authy, 1Password, and any TOTP app. Your 2FA secret is also encrypted with AES-256-GCM.
• Authentication via secure, httpOnly JWT cookies with SameSite and Secure flags
• HTTPS-only connections with HSTS preload
• Security headers: Content-Security-Policy, X-Frame-Options (DENY), X-Content-Type-Options, Referrer-Policy, Permissions-Policy
• Database hosted on isolated infrastructure with SSL encryption
• No plain-text storage of sensitive credentials
• 16 automated security checks on every code change: static analysis (Semgrep), secret scanning (TruffleHog), SQL injection detection, auth bypass detection, SSRF/CSRF protection, dependency audits, and more

For full details, see our Security page.

Data Deletion

You can remove your API key from the Settings page at any time. For full account and data deletion, contact us directly on Torn or via Discord. We will remove all data associated with your account, including your encrypted API key, player information, and all collected faction data.

Torn API Compliance

Torn Intel operates in compliance with Torn’s API terms of use. We only make read-only requests, respect rate limits, and do not use the API to perform any in-game actions.

About This Project

Torn Intel is built and maintained by a solo developer. The backend — API handling, encryption, data processing, and security — is hand-written and thoroughly tested. The frontend UI is built with the help of AI tools to speed up development, but every line is reviewed and validated before deployment. The priority right now is shipping features and squashing bugs; a full frontend polish is planned once the core is stable.

Contact

For questions, data deletion requests, or concerns, contact the developer:

• Torn: JESUUS [2353554]
• Discord: Jesus.3999