csVaulted logocsVaulted
Alpha

Legal

Privacy Policy

Last updated: 23 May 2026

This Privacy Policy explains how csVaulted ("we", "us", "our") collects, uses, discloses, and protects personal data when you access or use the csVaulted website, applications, APIs, and related services (the "Platform"). It is published in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable local data protection laws. By using the Platform you acknowledge that you have read and understood this Policy.

1. Data Controller

The data controller responsible for your personal data is csVaulted. For any privacy-related question, request, or complaint, contact us at support@csvaulted.com.

2. Personal Data We Collect

We collect the following categories of personal data:

  • Account data: email address, username, hashed password, profile picture, optional display name and status, optional two-factor authentication secret, account preferences (language, display currency, notification and privacy settings).
  • Usage data: opened cases and capsules, owned virtual items and their serial numbers, market listings and sales, trades, chat messages, friends, quests, achievements, level progression, referrals, and other in-platform activity.
  • Payment data: when you purchase site balance, a Supporter subscription, or any other paid offering, our payment processor (Stripe) collects your billing details. We receive a transaction reference, the amount paid, the product, your billing country, subscription status, and renewal dates — we never receive or store full card numbers or CVCs.
  • Technical data: IP address, browser type and version, device identifiers, operating system, timestamps, language, and cookies (see Section 7).
  • Communications: emails you send to support, support replies, and any user-generated content you submit (chat messages, reports, trade messages, profile content).

3. Legal Bases and Purposes of Processing

We process personal data on the following legal bases under the GDPR:

  • Performance of a contract (Art. 6(1)(b)): to create and operate your account, deliver virtual goods you purchase, process subscriptions, and provide customer support.
  • Legitimate interests (Art. 6(1)(f)): to secure the Platform against fraud, abuse, and unauthorized access; to maintain service stability; and to improve the Platform.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, anti-fraud, and other statutory obligations.
  • Consent (Art. 6(1)(a)): for non-essential cookies, optional marketing emails, and where otherwise required.

4. How We Use Your Data

  • Authenticate you and keep your account secure;
  • Provide, personalize, and support the Platform;
  • Process payments and send transactional emails (receipts, subscription updates, password resets, security alerts);
  • Detect, prevent, and investigate fraud, abuse, and violations of our Terms;
  • Comply with legal, regulatory, and tax obligations;
  • Communicate service updates and respond to support requests.

5. Sharing and Disclosure

We do not sell your personal data. We share it only with:

  • Service providers (processors) acting on our instructions, including hosting and database providers, our payment processor (Stripe), email delivery providers, and analytics/observability tools. They are bound by data processing agreements and may only process data to provide the contracted services.
  • Authorities where required by law, court order, or to protect our rights, users, or the public.
  • Successors in the event of a merger, acquisition, or asset sale, subject to confidentiality obligations.
  • Other users only with respect to information you choose to make public (username, avatar, status, item showcase, public market listings, public trade activity, and chat messages you send). Your balance, purchase history, subscription status, email, preferences, and notifications are never shown to other users.

6. International Transfers

Some of our service providers may process data outside the European Economic Area. When we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

7. Cookies and Similar Technologies

We use strictly necessary cookies to keep you signed in, remember your preferences, and secure the session. We may also use limited first-party analytics cookies to understand aggregate usage. You can control cookies through your browser settings; disabling essential cookies may break parts of the Platform.

8. Data Retention

We retain personal data only for as long as necessary for the purposes set out above: account data for as long as your account is active, transactional records for at least the period required by tax and accounting law (typically 7–10 years), and technical logs for a limited security-monitoring window. When data is no longer required, we delete or anonymize it.

9. Your Rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request erasure of your data, subject to legal retention obligations;
  • Restrict or object to certain processing;
  • Receive your data in a portable, machine-readable format;
  • Withdraw consent at any time, without affecting prior processing;
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact support@csvaulted.com. We respond within 30 days.

10. Security

We implement reasonable technical and organizational measures including encryption in transit, password hashing, access controls, and optional two-factor authentication. No system is perfectly secure; you are responsible for keeping your credentials confidential and reporting any suspected compromise to us promptly.

11. Children

The Platform is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will delete it.

12. Changes to This Policy

We may update this Policy from time to time. The "Last updated" date reflects the most recent revision. Material changes will be announced on the Platform or via email. Continued use of the Platform after changes take effect constitutes acceptance.

13. Contact

For privacy questions or to exercise your rights, please contact support@csvaulted.com.