Privacy & Security Policy
Last updated: June 2026
1. What data we collect
- Account data: email, display name, country (optional), SteamID (when logging in with Steam).
- Bot data: the Steam credentials you add for your bots and their settings.
- Payment data: transaction identifiers from PayPal / Coinbase Commerce (we do not store card numbers).
- Technical data: IP address and the actions performed (audit log), for security and abuse prevention.
2. How we protect data
- Your account password is stored only as a bcrypt hash — we cannot see it.
- Steam bot credentials are stored encrypted (AES-256-GCM), in separate per-user containers (a dedicated file for each account).
- Sessions use httpOnly cookies; Steam Guard codes are not stored.
- Access to your data is limited to your account; other users cannot see your bots.
3. How we use data
- To provide the Service (connecting bots, farming, notifications).
- For billing and support.
- For security (rate-limiting, auditing, fraud prevention).
- We do not sell or rent your data to third parties.
4. Third-party services
We use: the Steam network (connecting bots), PayPal and Coinbase Commerce (payments), Discord (notifications — only if you configure a webhook). Each has its own privacy policy.
5. Your rights
- You can access, correct, or delete your profile data from the dashboard.
- Deleting a bot removes its credentials from your encrypted container.
- You can request full deletion of your account by contacting the administrator.
6. Data retention
Account data is kept for as long as the account exists. Audit logs and payment records are kept in accordance with legal billing obligations.
7. Contact
For any request regarding your data, contact the platform administrator using the details shown in the dashboard.