Privacy Policy
Last updated: June 12, 2026.The operator of cs.cheap (“cs.cheap,” “we,” “us,” or “our”) operates a website and API service providing price data for Counter-Strike in-game items (“skins”) listed on third-party marketplaces, together with related computation features (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:
- Visit our website;
- Create an account or sign in;
- Subscribe, purchase credits, or otherwise pay for the Services;
- Call our API using an API key; or
- Contact us for support.
The market price data we aggregate from third-party marketplaces relates to in-game items, not to identified individuals; it is not personal information and is outside the scope of this Policy.
1. Information We Collect
1.1 Information You Provide Directly
We may collect:
- Account email address (for password sign-in, or when you bind a real email)
- Identities from third-party sign-in — Steam (SteamID, public nickname, avatar) and GitHub (account ID, username, email)
- Support ticket content and other communications you send us
- Payment-related information you submit to our payment processor
1.2 Information Collected Through the Services
When you use the Services, we may process:
- API keys associated with your account
- Subscription status, access-window dates, and credit balance / ledger
- API usage metadata (request counts, timestamps) used for billing and abuse prevention
- Authentication and security logs
1.3 Automatically Collected Information
When you visit our website, we may collect:
- IP address, browser type, and device information
- Pages visited and referring URLs
- Cookies and session tokens needed to keep you signed in
- Bot-protection signals from Cloudflare Turnstile when you submit certain forms
Steam sign-in returns only a SteamID, nickname, and avatar — never an email. Accounts created purely through Steam are assigned a synthetic, non-deliverable address until you bind a real email.
2. How We Use Information
We use personal information to:
- Provide, operate, and maintain the Services
- Authenticate you and secure your account
- Process payments and manage subscriptions and credits
- Enforce rate limits and prevent fraud, abuse, and unauthorized access
- Provide support and respond to tickets
- Send transactional email (verification, password reset, email change, security notices)
- Comply with legal obligations
We do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA, and we do not use personal information for cross-context behavioral advertising.
We do not use your data for advertising profiling.
3. Legal Bases for Processing (EEA/UK)
If you are located in the European Economic Area (EEA) or United Kingdom, we process personal data under the following legal bases:
- Performance of a contract
- Legitimate interests — specifically, securing the Services, preventing fraud and abuse, ensuring service reliability, and improving the product
- Compliance with legal obligations
- Consent, where required
4. How We Share Information
4.1 Service Providers (Subprocessors)
We rely on trusted third parties that process personal information on our behalf and on our instructions, such as:
- Hosting and serverless compute providers
- Neon — managed Postgres database
- Resend — transactional email delivery
- Cloudflare — Turnstile bot protection
We require these providers to protect personal information and process it only for authorized purposes.
4.2 Independent Third-Party Services
Some services we integrate with determine their own purposes and means of processing and act as independent controllers, governed by their own terms and privacy policies:
- Steam (OpenID sign-in) and GitHub (OAuth sign-in) — see Section 10
- NOWPayments — cryptocurrency payment processing; payment details you submit at checkout are processed under NOWPayments' own terms and privacy policy
4.3 Legal Requirements
We may disclose information if required by law or in response to valid legal processes.
4.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction.
5. Data Retention
We retain personal information for as long as necessary to:
- Provide the Services
- Maintain security and audit logs
- Comply with legal obligations
- Resolve disputes and enforce agreements
Retention periods vary depending on the type of data. As a general guide:
- Account data — for as long as your account exists
- Billing and payment records — as required by applicable tax and accounting rules
- Security and authentication logs — for a limited period after they are generated
- Support tickets — for a limited period after the ticket is closed
6. Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including:
- Encryption in transit
- Access controls
- Monitoring and logging
- Secure development practices
API keys and credentials are stored securely and are never exposed to client-side code or logged in plaintext. However, no system is completely secure, and we cannot guarantee absolute security.
7. International Data Transfers
We may transfer personal information to countries outside of your jurisdiction. Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses. You may request a copy of the relevant safeguards by contacting us at [email protected].
8. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access personal information
- Correct inaccurate data
- Delete personal information
- Restrict or object to processing
- Data portability
- Withdraw consent
- Lodge a complaint with your local data protection supervisory authority
To exercise your rights, contact us at [email protected].
9. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Operate the website and keep you signed in
- Analyze usage
- Improve performance
You may control cookies through your browser settings. Some features — including staying signed in — may not function properly if cookies are disabled.
10. Third-Party Sign-In (Steam & GitHub)
Our Services let you authenticate using Steam (OpenID 2.0) and GitHub (OAuth 2.0).
- Steam returns only your SteamID, public nickname, and avatar URL. Steam never returns an email address.
- GitHub returns your GitHub account ID, username, and — where permitted — your primary email, which we use to populate your account email.
We request only the minimum scopes necessary for authentication. We do not request access to your private repositories, Steam inventory, or any data beyond basic profile information. You may revoke our access at any time through your Steam account settings or your GitHub authorized applications.
11. Children's Privacy
The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.
12. California Privacy Rights
If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA/CPRA), including rights to access, delete, and correct personal information. We do not sell or share personal information as those terms are defined under California law.
To submit a request, contact [email protected].
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version with a revised “Last updated” date.
14. Contact Us
This Policy is published in English, Simplified Chinese, and Russian. If there is any inconsistency between a translated version and the English version, the English version controls to the extent permitted by law.
If you have questions about this Privacy Policy, contact:
Operator: the individual operator of cs.cheap
Email: [email protected]