Privacy Policy

1. Who We Are

Skinstrack is a price tracking and data aggregation platform for CS2 cosmetic items. We act as the data controller for any personal information you provide while using our website, dashboard, or API. If you have any privacy-related questions, you can reach us through the contact methods listed in section 11.

2. Data We Collect

We only collect the data we need to operate the Service. The categories below describe exactly what we store.

Steam account data

When you sign in with Steam, we receive your public Steam information through Steam OpenID: your SteamID, public username, profile URL, and avatar image. We do not receive or store your Steam password and we never gain access to your Steam inventory, trade history, or account settings.

Account and contact details

• Email address (optional, used for receipts, account-related notices, and email alerts)
• Discord webhook URL, if you choose to receive alerts on Discord
• Telegram username and linking code, if you choose to receive alerts on Telegram
• Account timestamps such as your first login, last login, and join date

Subscription and billing data

For paid plans, we store the subscription state and metadata needed to operate billing: your current plan, subscription status, renewal or expiry date, trial status, and identifiers issued by our payment processors (such as a Stripe customer ID, Stripe subscription ID, or an OxaPay payment ID). We do not store your full card number, CVV, or crypto wallet credentials. Card data is collected and stored directly by Stripe; crypto payment details are handled by OxaPay.

API usage data

• Your personal API key
• The number of API requests you make per day and per month against your quota
• Basic request metadata used for rate limiting, abuse prevention, and debugging

Product data you create

• Items you add to your inventory or portfolio, including quantities and optional notes
• Price alerts you configure (item, target price, direction, notification method)
• Plan and tradelock alert preferences

Technical and security data

• IP address and basic request headers, used for security, abuse prevention, and rough geolocation for tax purposes
• Session cookies that keep you signed in
• Cloudflare Turnstile verification tokens, used to confirm that requests are not automated
• Server logs that record errors and significant events

We do not knowingly collect any data that you have not provided through one of the flows above, and we do not buy personal data from third parties.

3. How We Use Your Data

We use the data above only for the following purposes:

• Authenticating you through Steam and maintaining your session
• Providing the dashboard, inventory tracking, price alerts, and API features
• Processing payments, applying subscription state, and issuing receipts
• Sending operational messages such as alerts you configured, billing notices, or important service updates
• Enforcing rate limits and protecting the Service from abuse, fraud, and bot traffic
• Diagnosing errors and improving reliability and performance
• Complying with legal obligations, including tax and accounting requirements

We do not sell your personal data, and we do not use it for behavioural advertising or profiling.

4. Legal Bases for Processing

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

• Contract: processing needed to deliver the Service you signed up for, including account management, subscriptions, and API access.
• Legitimate interests: running the Service securely, preventing abuse, debugging, and communicating about your account.
• Legal obligation: keeping the records we are required to keep, for example for tax and accounting.
• Consent: optional features such as configuring Discord, Telegram, or email alerts. You can withdraw consent at any time from your dashboard.

5. Cookies & Similar Technologies

Skinstrack uses a small set of strictly necessary cookies. These are used to keep you signed in, remember your preferences between visits, and protect forms with Cloudflare Turnstile. We do not use advertising cookies or third-party tracking pixels. If we add privacy-friendly analytics in the future, we will update this section before doing so.

6. Who We Share Data With

We share personal data only with the service providers needed to operate Skinstrack. These providers act as processors on our behalf and are bound by their own privacy and security commitments.

• Steam (Valve Corporation): identity provider for Steam OpenID login.
• Stripe: processes card payments and recurring subscriptions. Stripe receives the data needed to complete checkout and may collect additional information directly from you on its hosted pages.
• OxaPay: processes one-time crypto payments. OxaPay receives the data needed to confirm payment status.
• Cloudflare: provides hosting, DNS, CDN, DDoS protection, and the Turnstile bot-protection challenge.
• Discord, Telegram, and email providers: deliver the alert notifications you have explicitly opted into.
• Hosting and infrastructure providers: run the servers, databases, and backups that Skinstrack relies on.

We may also disclose personal data if we are legally required to do so, for example in response to a valid court order, or where necessary to investigate fraud, protect our rights, or protect the safety of users.

7. International Data Transfers

Skinstrack operates globally, and some of the providers listed above process data outside your country of residence, including in the United States. When this happens, we rely on the safeguards offered by those providers, such as Standard Contractual Clauses or equivalent mechanisms, to protect your data.

8. Data Retention

We keep your account data for as long as your account exists. Inventory items, portfolios, and alerts are kept until you remove them or delete your account.

Billing and transaction records are kept for the period required by applicable tax and accounting laws, typically several years, even after your account is closed. Server logs and security records are kept for a limited period and are then rotated or deleted.

If you delete your account, we will remove or anonymise the personal data we no longer need to keep. Some data may remain in encrypted backups for a limited time until those backups are cycled out.

9. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

• Access a copy of the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your data, subject to legal retention requirements
• Object to or restrict certain types of processing
• Withdraw consent for optional features such as alerts at any time
• Receive a portable copy of the data you provided to us
• Lodge a complaint with your local data protection authority

You can manage most of these rights directly from your dashboard. For requests we cannot fulfil through the dashboard, contact us using the details in section 11 and we will respond within a reasonable timeframe.

10. Security & Children

We take security seriously and apply a combination of technical and organisational measures, including encryption in transit, restricted internal access, hardened infrastructure, and rate limiting. No system can be guaranteed completely secure, and you are responsible for keeping your Steam account and API key safe on your side.

Skinstrack is not intended for users under 18. We do not knowingly collect data from anyone under that age. If you believe a minor has created an account, please contact us so we can remove the account and any associated data.

11. Contact & Updates

For privacy questions, data requests, or any other concerns covered by this policy, you can reach us by email at [email protected] or via our Discord server. We aim to respond within a few business days.

We may update this Privacy Policy from time to time to reflect changes in our product, our providers, or legal requirements. When we do, we will update the effective date at the top of this page and, for material changes, post a notice on our Discord or email active subscribers. Continuing to use Skinstrack after a revision takes effect means you accept the updated policy.