Legal

Privacy

Draft — pending final legal review. Reflects the data model described in our architecture: what the loader sends, what the control plane keeps, what telemetry batches contain.

What we collect

Email — entered at checkout. Used to deliver your license key, send security notices, and contact you about your account.
Hardware ID hash — derived locally on your machine from CPU brand, disk serial, and MAC, stretched through 100,000 PBKDF2 iterations. We store the hash, not the raw inputs. Used only to bind a license to its allowed slots.
Authentication token — a 24-hour JWT issued at sign-in. Refreshed automatically by the loader.
Telemetry — the loader and DLL emit AES-GCM-encrypted batches that report crashes, update-check outcomes, and feature toggles. These do not contain your IP address, Steam ID, in-game username, or chat content.

What we don't collect

We don't store Steam IDs, in-game handles, voice or chat content, the contents of your CS2 config, or any data from games other than CS2. The loader self-deletes after injecting; we don't collect a record of it ever having run on disk.

How long we keep it

Email and HWID hashes for the life of your account plus 90 days after deletion (so we can honour any pending refund or chargeback window). Telemetry is aggregated within 30 days of receipt; original batches are deleted at that point. Backups age out within 60 days.

Who we share with

Stripe processes your payment (we never see your card details). Cloudflare fronts our CDN and API. Mailgun delivers email. We do not sell or rent your data to anyone. We disclose data to law enforcement only against a binding legal request and only the minimum required.

Your rights

Email [email protected] to ask us to export, correct, or delete your data. Account deletion is also available in-app from /account; that path triggers the same backend purge.

Contact

Privacy questions: [email protected].