Privacy Policy

• Local-first. Your accounts, instances, mods, and settings live on your device. They only leave it if you turn on Cloud Sync.
• We never see your password. Microsoft login uses official OAuth — NoirClient receives a token, not your credentials.
• No selling, ever. We do not sell, rent, or share your data with advertisers.
• Diagnostics are optional and anonymous. You can turn crash reporting off in Settings.
• You stay in control. Export or wipe synced data and revoke accounts at any time.

NoirClient is local-first. Most data below is stored only on your computer and is listed so you know what the app touches.

Account data

For Microsoft accounts, NoirClient uses Microsoft's official OAuth flow. We receive a short-lived access/refresh token and your public profile (username, UUID, skin) — never your email password. Tokens are stored in your operating system's secure credential store.

For offline (cracked) accounts, we store only the username you type, on your device. No verification data is sent anywhere.

Launcher & gameplay configuration

Installed game versions, instances, selected mod packs, and per-profile JVM/RAM settings are stored locally so the launcher can run them.

Optional Cloud Sync

If you enable Cloud Sync, your instance list and launcher settings are uploaded to our servers, encrypted, so they follow you across machines. This is off by default. Disabling it deletes the synced copy.

Diagnostics & crash reports

If enabled, anonymous crash and performance reports (OS, app version, stack traces) help us fix bugs. They contain no account credentials, chat, or world data, and can be disabled in Settings.

Mod & pack downloads

When you install mods, NoirClient fetches files directly from providers like CurseForge and Modrinth. Those requests reach the provider, whose own privacy policy applies.

Website

This site collects minimal, aggregate analytics (e.g. page views) and uses no advertising trackers.

• Your Microsoft or email password.
• Your Minecraft world saves, builds, or screenshots.
• In-game chat, keystrokes, or voice.
• Contact lists, location, or browsing history outside this app.

• Authenticate you with Mojang/Microsoft and launch the game.
• Store and restore your instances and settings on your device (and via Cloud Sync, if you enable it).
• Resolve and download the mods and versions you choose.
• Diagnose crashes and improve stability — only with diagnostics enabled.

We do not use your data for advertising or profiling.

Security is built into how NoirClient handles every piece of data:

• Encrypted in transit. All network traffic (auth, downloads, sync) uses HTTPS/TLS 1.2+.
• Secure token storage. Account tokens are kept in the OS credential vault (Windows DPAPI / macOS Keychain / Secret Service), not in plain text.
• Encrypted at rest. Cloud-synced data is encrypted on our servers.
• Least data. We collect only what the launcher needs; sensitive content never leaves your device.
• No third-party ad SDKs. The app and site ship without advertising or fingerprinting libraries.
• Hardened delivery. This site sends strict security headers (HSTS, anti-clickjacking, content-type and referrer protections).

No system is perfectly secure, but we follow least-privilege and encryption practices to keep risk low. If you find a vulnerability, please report it (see Contact) so we can fix it quickly.

NoirClient relies on a few external services. Each has its own privacy policy:

• Microsoft / Mojang — account authentication.
• CurseForge & Modrinth — mod and pack downloads.
• Content delivery / hosting — serving downloads and Cloud Sync.

We share with them only what is required to perform the action you requested.

Local data stays until you delete it or uninstall NoirClient. Cloud-synced data is kept while sync is on and removed when you disable it or delete your account. Anonymous diagnostics are retained only as long as useful for debugging.

Depending on where you live (including under the EU GDPR and the UAE Personal Data Protection Law), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing.

• Revoke a linked Microsoft account at any time from your account settings.
• Disable Cloud Sync to delete the server-side copy.
• Turn off diagnostics in Settings.
• Contact us to request access to or deletion of any data we hold.

NoirClient is not directed to children under 13 (or the minimum age in your country). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will remove it.

We may update this policy as NoirClient evolves. Material changes will be noted here with a new "last updated" date. Continued use after a change means you accept the revised policy.

Questions, data requests, or security reports? Reach the maintainer on Discord (@lonerloop). NoirClient is operated from Dubai, UAE.