Privacy Policy | SkinPricer

§ 01

Overview

IN SHORTWe collect what's needed to run the product and answer your support tickets — and not much more. We don't sell your data. We never publish your portfolio.

SkinPricer ("we", "us") provides market data, pricing, and trading analytics for in-game items. This Privacy Policy describes what personal data we collect, why, how long we keep it, and the rights you have over it.

It applies to skinpricer.com, our REST & WebSocket APIs, our SDKs, and any other service that links to this policy. It does not apply to third-party marketplaces or game clients we ingest data from.

§ 02

Data we collect

IN SHORTAccount info, billing data, API usage logs, and your portfolio entries (private to you).

Type	Examples	Why
Account	Email, hashed password, display name, OAuth provider IDs	Required to log in
Billing	Last 4 digits of card, country, billing email — full PCI data lives at Stripe	Required for paid plans
API usage	API key ID, request paths, status codes, latency, IP, user-agent	Rate limits, abuse, debugging
Portfolio	Items you import, cost basis, alerts, watchlists	To render Portfolio + Inventory screens
Steam linkage	SteamID64 + public inventory snapshots (you opt in)	Inventory sync feature
Telemetry	Browser, OS, viewport, page paths, error stack traces	Bug fixing, performance
Support	Conversations you start with us	To help you

We do not collect: items you searched for in marketplaces outside SkinPricer, gameplay data, friend graphs, or location beyond country-level inferred from IP.

§ 03

How we use it

We process your data to:

▸Operate the product — render dashboards, run alerts, sync inventories.
▸Bill correctly and maintain audit trails for tax & accounting.
▸Detect abuse, enforce rate limits, and investigate suspicious activity.
▸Improve the product — anonymized aggregates inform model training and feature work.
▸Communicate — service updates, security notices, and (only if you opt in) product news.

We never sell your personal data. We never use your portfolio holdings to train public-facing models, never publish them, and never expose them to other users.

§ 04

Models, aggregates, and your data

IN SHORTWe train ML models on market microstructure (orders, listings, prices). We do not use your individual portfolio or trades to train them.

SkinPricer’s pricing and detection models learn from public market data we ingest from third-party marketplaces — listings, completed sales, order book snapshots. Your personal portfolio and watchlist are never used as model inputs.

If you contribute aggregate, fully-anonymized signals (e.g. opt-in liquidity surveys), we’ll tell you exactly what is collected and what it influences before you opt in.

§ 05

Who we share with

We share data only with vendors that help us run the service, under contracts that bind them to confidentiality and our security standards.

Vendor	Purpose	Location
Stripe	Payments and subscription billing	United States
AWS	Hosting and storage	EU + US (your data is pinned to your region)
Cloudflare	DDoS protection and edge caching	Global edge
Proton Mail	Account + transactional email	Switzerland
PostHog	Product analytics + error tracking (PostHog Cloud)	EU

We will disclose data when required by law (subpoena, court order) and we will tell you whenever we are legally allowed to.

§ 06

Retention

Data	Default retention	Trigger
Account record	Active + 30 days after deletion	Account deletion
API request logs	30 days	Rolling window
Billing records	7 years	Tax law requirement
Portfolio entries	Active + immediately on deletion	User action
Inventory snapshots	180 days	Rolling window
Support conversations	3 years	Last contact
Anonymized aggregates	Indefinite	Cannot be linked back to you

§ 07

Your rights

IN SHORTYou can access, export, correct, or delete everything we hold on you. From the Account page or via email.

Depending on where you live (GDPR, UK GDPR, CCPA, LGPD, and others), you have rights including:

▸Access — get a copy of everything tied to your account.
▸Portability — export it in a structured, machine-readable format (JSON or CSV).
▸Correction — fix anything that's wrong.
▸Deletion — wipe your account; we'll keep only what tax law requires.
▸Opt-out — refuse marketing communications without affecting service.
▸Restriction — pause specific kinds of processing while we investigate a complaint.

Self-serve from Account → Privacy, or email dpo@skinpricer.com. We respond within 30 days.

§ 08

Security

Production data is encrypted at rest (AES-256) and in transit (TLS 1.3). Access to production is gated behind SSO + hardware keys, scoped least-privilege, and audit-logged. We rotate secrets at least every 90 days. We undergo annual third-party penetration tests.

Report a vulnerability to security@skinpricer.com — bounty up to $5,000 per qualifying issue.

§ 09

Cookies & local storage

Name	Purpose	Lifetime
sp_session	Authenticated session	30 days
sp_route	Remembers last visited screen	Persistent (local only)
sp_csrf	CSRF protection	Session
ph_*	Self-hosted product analytics (opt-in)	365 days

No third-party advertising cookies. No cross-site trackers.

§ 10

Children

SkinPricer is intended for users 16 and older. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, email privacy@skinpricer.com and we’ll delete it.

§ 11

Changes to this policy

We will email account holders at least 14 days before any material change takes effect, and the changelog above will mark the new version. Continued use after the effective date means you accept the updated terms.

Questions about this document?

We respond within 5 business days.

legal@skinpricer.com dpo@skinpricer.com