CSCHEAP
README
DOCS
PRICING
STATUS
SIGN-IN
CSCHEAP

LEGAL

Our privacy policy, terms of service, and data processing terms. Reach out with any questions.

Privacy Policy→Terms of ServiceData Processing Addendum

LEGAL

Privacy Policy→Terms of ServiceData Processing Addendum

Privacy Policy

Last updated: June 12, 2026.

The operator of cs.cheap (“cs.cheap,” “we,” “us,” or “our”) operates a website and API service providing price data for Counter-Strike in-game items (“skins”) listed on third-party marketplaces, together with related computation features (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:

  • Visit our website;
  • Create an account or sign in;
  • Subscribe, purchase credits, or otherwise pay for the Services;
  • Call our API using an API key; or
  • Contact us for support.

The market price data we aggregate from third-party marketplaces relates to in-game items, not to identified individuals; it is not personal information and is outside the scope of this Policy.

1. Information We Collect

1.1 Information You Provide Directly

We may collect:

  • Account email address (for password sign-in, or when you bind a real email)
  • Identities from third-party sign-in — Steam (SteamID, public nickname, avatar) and GitHub (account ID, username, email)
  • Support ticket content and other communications you send us
  • Payment-related information you submit to our payment processor

1.2 Information Collected Through the Services

When you use the Services, we may process:

  • API keys associated with your account
  • Subscription status, access-window dates, and credit balance / ledger
  • API usage metadata (request counts, timestamps) used for billing and abuse prevention
  • Authentication and security logs

1.3 Automatically Collected Information

When you visit our website, we may collect:

  • IP address, browser type, and device information
  • Pages visited and referring URLs
  • Cookies and session tokens needed to keep you signed in
  • Bot-protection signals from Cloudflare Turnstile when you submit certain forms

Steam sign-in returns only a SteamID, nickname, and avatar — never an email. Accounts created purely through Steam are assigned a synthetic, non-deliverable address until you bind a real email.

2. How We Use Information

We use personal information to:

  • Provide, operate, and maintain the Services
  • Authenticate you and secure your account
  • Process payments and manage subscriptions and credits
  • Enforce rate limits and prevent fraud, abuse, and unauthorized access
  • Provide support and respond to tickets
  • Send transactional email (verification, password reset, email change, security notices)
  • Comply with legal obligations

We do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA, and we do not use personal information for cross-context behavioral advertising.

We do not use your data for advertising profiling.

3. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area (EEA) or United Kingdom, we process personal data under the following legal bases:

  • Performance of a contract
  • Legitimate interests — specifically, securing the Services, preventing fraud and abuse, ensuring service reliability, and improving the product
  • Compliance with legal obligations
  • Consent, where required

4. How We Share Information

4.1 Service Providers (Subprocessors)

We rely on trusted third parties that process personal information on our behalf and on our instructions, such as:

  • Hosting and serverless compute providers
  • Neon — managed Postgres database
  • Resend — transactional email delivery
  • Cloudflare — Turnstile bot protection

We require these providers to protect personal information and process it only for authorized purposes.

4.2 Independent Third-Party Services

Some services we integrate with determine their own purposes and means of processing and act as independent controllers, governed by their own terms and privacy policies:

  • Steam (OpenID sign-in) and GitHub (OAuth sign-in) — see Section 10
  • NOWPayments — cryptocurrency payment processing; payment details you submit at checkout are processed under NOWPayments' own terms and privacy policy

4.3 Legal Requirements

We may disclose information if required by law or in response to valid legal processes.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction.

5. Data Retention

We retain personal information for as long as necessary to:

  • Provide the Services
  • Maintain security and audit logs
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Retention periods vary depending on the type of data. As a general guide:

  • Account data — for as long as your account exists
  • Billing and payment records — as required by applicable tax and accounting rules
  • Security and authentication logs — for a limited period after they are generated
  • Support tickets — for a limited period after the ticket is closed

6. Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption in transit
  • Access controls
  • Monitoring and logging
  • Secure development practices

API keys and credentials are stored securely and are never exposed to client-side code or logged in plaintext. However, no system is completely secure, and we cannot guarantee absolute security.

7. International Data Transfers

We may transfer personal information to countries outside of your jurisdiction. Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses. You may request a copy of the relevant safeguards by contacting us at [email protected].

8. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access personal information
  • Correct inaccurate data
  • Delete personal information
  • Restrict or object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with your local data protection supervisory authority

To exercise your rights, contact us at [email protected].

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Operate the website and keep you signed in
  • Analyze usage
  • Improve performance

You may control cookies through your browser settings. Some features — including staying signed in — may not function properly if cookies are disabled.

10. Third-Party Sign-In (Steam & GitHub)

Our Services let you authenticate using Steam (OpenID 2.0) and GitHub (OAuth 2.0).

  • Steam returns only your SteamID, public nickname, and avatar URL. Steam never returns an email address.
  • GitHub returns your GitHub account ID, username, and — where permitted — your primary email, which we use to populate your account email.

We request only the minimum scopes necessary for authentication. We do not request access to your private repositories, Steam inventory, or any data beyond basic profile information. You may revoke our access at any time through your Steam account settings or your GitHub authorized applications.

11. Children's Privacy

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

12. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), including rights to access, delete, and correct personal information. We do not sell or share personal information as those terms are defined under California law.

To submit a request, contact [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised “Last updated” date.

14. Contact Us

This Policy is published in English, Simplified Chinese, and Russian. If there is any inconsistency between a translated version and the English version, the English version controls to the extent permitted by law.

If you have questions about this Privacy Policy, contact:

Operator: the individual operator of cs.cheap

Email: [email protected]