Privacy Policy

1. Who we are

This Privacy Policy explains how [Company Legal Name] ("SteamMarketRunner", "we", "us") collects, uses, and protects your information when you use the SteamMarketRunner application, website, and APIs (the "Service"). For any privacy question, contact [privacy contact / DPO] at the address below.

2. Information we collect

Account data: your email address and authentication details (your password is stored only as a salted hash).

Steam operation data: the Steam account credentials and secrets you provide so the Service can operate trading on your behalf, plus the proxy and notification settings you configure.

Trading and configuration data: your strategy settings, items tracked, orders, listings, and the audit history generated by your use of the Service.

Technical data: IP address, request metadata, and logs we keep for security, debugging, and abuse prevention.

3. How we use your information

To provide and operate the Service (including automating the actions you enable), to authenticate you, to bill paid plans, to send service and security notifications, to prevent abuse, and to comply with legal obligations. We do not sell your personal data, and we do not use your Steam secrets for any purpose other than operating your accounts.

4. Security and encryption

Steam secrets and other sensitive fields are protected with per-tenant envelope encryption (AES-256-GCM); encryption keys are managed separately from the database. We never log decrypted secrets, and the Service has no ability to withdraw or transfer your funds. No method of storage or transmission is perfectly secure, but we apply industry-standard safeguards.

5. Sharing and subprocessors

We share data only with service providers that help us run the Service — for example hosting, database, payment processing, and (where you enable them) notification delivery — under contractual confidentiality and data-protection obligations. We also use the third-party providers you configure, such as your own proxies. We may disclose information where required by law. A current list of subprocessors is available on request.

6. Data retention

We keep your data for as long as your account is active and as needed to provide the Service, then delete or anonymize it within a reasonable period, except where longer retention is required for legal, accounting, or security reasons.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can delete connected Steam accounts and their secrets at any time from within the app, and you can request account deletion by contacting us. We will respond within the timeframe required by applicable law.

8. International transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

9. Children

The Service is not directed to anyone under 18, and we do not knowingly collect data from children.

10. Changes to this Policy

We may update this Policy from time to time. We will post the updated Policy with a new effective date and, where required, notify you.