Legal

Privacy Policy

This policy explains how CS2.trading handles personal data when you sign in with Steam, browse listings, create trades, make offers, use My Trades, contact us, or otherwise use the site.

Last updated: 1 July 2026

1. Data controller

The data controller for personal data processed through CS2.trading is the operator of this website. If a registered company or dedicated privacy contact is added later, this policy should be updated with those details.

Privacy questions can be sent to cs2.trading@csgolist.com.

2. What we collect

Depending on how you use the site, we may process:

  • Account data: your SteamID64, Steam display name, profile URL, avatar URL, account creation and last-seen timestamps, profile text you add, and public trading summary.
  • Authentication and session data: information needed to complete Steam OpenID sign-in and maintain your encrypted session cookie. We do not receive or store your Steam password.
  • Trade Link data: the Steam Trade Link you save, including the partner and token values needed for matched traders to open the Steam trade offer flow.
  • Inventory, listing, and offer data: selected Steam inventory asset IDs, item names, images, rarity, price estimates, listing notes, wanted items, offer messages, offer status, Steam inspect links for listed or offered inventory items where Steam provides them, and denormalized item snapshots used to render historical trades. Steam inspect links can technically include the item owner's SteamID64 and inventory asset ID, or a Steam inspect token, because Steam requires those values for item inspection.
  • Trade lifecycle and reputation data: accepted offers, completion confirmations, reviews, ratings, XP events, levels, badges, and public profile trading history.
  • Premium and billing metadata: Premium status, plan, subscription period, cancellation status, purchase availability, and payment-provider identifiers such as Stripe customer ID, subscription ID, checkout session ID, price ID, invoice/payment identifiers, and webhook event IDs where Stripe is used. Payment providers handle card data, billing details, invoices, and payment method information.
  • Support and moderation data: messages you send to support, account restrictions, admin actions, reasons, internal moderation notes, and audit records needed to protect the service.
  • Technical data: cookies or similar storage needed for sessions and security, request timestamps, error details, and hosting or database logs generated when the site is operated.

3. Why we use data

We use personal data only for purposes connected to operating and protecting CS2.trading, including:

  • creating and securing Steam-backed user accounts;
  • loading and validating tradable CS2 inventory items;
  • creating listings, offers, accepted trades, reviews, and public profiles;
  • letting signed-in users inspect listed and offered skins through Steam before deciding whether to trade;
  • showing matched participants the relevant Trade Links after an offer is accepted;
  • calculating XP, levels, badges, notifications, trading summaries, and Community Supporter profile-name rewards;
  • showing Premium purchase availability, starting Premium checkout when enabled, activating Premium, applying Premium XP boosts, and managing billing status;
  • preventing abuse, scams, spam, fake listings, and unauthorized admin actions;
  • responding to support requests and enforcing site rules;
  • maintaining, debugging, securing, and improving the service.

4. Legal bases where GDPR-style rules apply

Where EEA, UK, or similar privacy rules apply, the legal bases may include:

  • Contract: to provide the account, listing, offer, trade, review, and profile features you request.
  • Legitimate interests: to secure the service, prevent abuse, maintain platform integrity, improve reliability, and show public trading history, balanced against your rights.
  • Legal obligation: to comply with applicable laws, lawful requests, bookkeeping, dispute handling, or enforceable government requirements.
  • Consent: where consent is legally required, for example for optional cookies, analytics, marketing, or similar non-essential processing if those features are enabled.

5. Cookies and similar technologies

CS2.trading uses essential cookies and similar browser storage to keep you signed in, protect the session, remember authentication state, remember your cookie choice and selected display currency, and operate security-sensitive flows. Blocking essential cookies or storage may break login, preferences, or trade management features.

Optional analytics or marketing cookies are not active right now. The cookie notice lets you choose necessary-only storage or allow optional storage for any optional categories described in the current notice. You can change your choice from Cookie settings in the footer. Current necessary storage is first-party only; session cookies last for the browser/server session, while cookie-choice and display-currency preferences stay until you change them, clear browser storage, or the consent version changes. If optional analytics, preference, or marketing cookies are added later, this policy and the cookie notice should be updated, the consent version should be changed, and users should be asked again before those optional tools are used.

6. How we share data

We do not sell personal data. We may share or make data available only where needed to operate the site:

  • With other users: public profile details, active listings, item snapshots, reviews, reputation, levels, and badges may be visible to other users. Signed-in users may also receive Steam inspect links for listed or offered skins, and those links can technically contain the item owner's SteamID64 and asset ID, or a Steam inspect token. Trade Links are only shown to matched participants after an offer is accepted.
  • With Steam or Valve: Steam OpenID, public Steam profile data, and Steam inventory or trade-offer URLs are used when you choose Steam-related features. Current public Steam display names may also be checked for Community Supporter XP, subject to Valve's own policies.
  • With service providers: hosting, database, logging, security, email, deployment, and infrastructure vendors may process data for us under appropriate protection terms.
  • With payment providers: when Premium billing is available or an existing Premium subscription is managed, a provider such as Stripe may process checkout, payment methods, subscription billing, invoices, refunds, disputes, and customer portal sessions. We use provider identifiers and webhook events to connect the subscription to your CS2.trading account.
  • With authorities or legal parties: if required by law, to protect rights and safety, or to investigate abuse, fraud, or security incidents.

7. International transfers

CS2.trading and its service providers may process data in countries other than where you live. Where required, we rely on appropriate safeguards such as contractual protections, regional hosting controls, or other lawful transfer mechanisms.

8. Retention

We keep personal data only as long as needed for the purposes in this policy, including account operation, trade history, dispute handling, abuse prevention, security, backups, and legal obligations.

Some trade records, item snapshots, reviews, XP events, and audit logs may be retained for longer because they protect platform integrity and help preserve a reliable trading history. When data is no longer needed, we delete, anonymize, or aggregate it where practical.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. You may also have the right to withdraw consent where processing depends on consent and to lodge a complaint with a data protection authority.

To make a request, contact cs2.trading@csgolist.com. We may need to verify that the request relates to your Steam account before changing or disclosing account data.

10. Children

CS2.trading is not directed to children who are below the age required to use Steam or consent to data processing in their region. We do not knowingly collect personal data from children in violation of applicable law.

11. Security

We use technical and organizational measures designed for the risk, including Steam OpenID authentication, encrypted session cookies, server-side inventory validation, Trade Link privacy rules, and admin audit logging. No online service is completely secure, and you remain responsible for protecting your Steam account, devices, Steam Guard settings, and browser session.

12. Changes to this policy

We may update this policy as the service changes. When we make material changes, we will update the "Last updated" date and may provide additional notice through the site where appropriate.