Privacy Policy
Last updated: [DATE] ← À REMPLIR
[COMPANY_NAME] ← À REMPLIR ("we", "us", "our") operates the website [SITE_URL] ← À REMPLIR (the "Platform"). We are committed to protecting your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and French data protection law (Loi Informatique et Libertés n°78-17, as amended).
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have.
1. Data Controller
The data controller for this Platform is:
[COMPANY_NAME] ← À REMPLIR [ADRESSE_SIÈGE_SOCIAL] ← À REMPLIR Email: [EMAIL_RGPD] ← À REMPLIR (e.g. privacy@[yoursite].com)
We do not have a designated Data Protection Officer (DPO), as we do not meet the criteria under Article 37 GDPR. For any data protection enquiry, please contact us at the email address above.
2. Data We Collect
We collect the following personal data when you use the Platform:
2.1 — Account & Authentication Data
Collected automatically when you sign in via Steam OpenID:
| Data | Purpose |
|---|---|
| Steam ID (64-bit) | Unique account identifier |
| Steam display name | Displayed on your public Player Card |
| Steam avatar (profile picture URL) | Displayed on your public Player Card |
| VAC ban status | Eligibility check — users with an active VAC ban are excluded from matchmaking |
| Steam profile visibility | To verify your Steam profile is set to public |
We do not store your Steam password. Authentication is handled entirely by Valve's Steam OpenID service. We only receive the data listed above.
2.2 — Connection & Technical Data
| Data | Purpose |
|---|---|
| IP address | Security, fraud prevention, ban enforcement, connection logging (legal obligation under French LCEN) |
| Country code (derived from IP via geolocation) | Displayed on your public Player Card as a country flag |
| Date and time of connection | Security and audit logs |
2.3 — In-Game & Ranking Data
| Data | Purpose |
|---|---|
| Match history (results, scores, kills/deaths) | Glicko-2 ranking calculation |
| Glicko-2 rank and rating deviation | Public Player Card display |
| Server connection data | Matchmaking |
2.4 — Communication & Moderation Data
| Data | Purpose |
|---|---|
| Chat messages (homepage chat) | Platform operation, moderation |
| Private messages (direct messages between players) | Player-to-player communication |
| Moderation reports submitted about you | Enforcement of Community Guidelines |
| Sanction history (mutes, kicks, bans) | Compliance and platform integrity |
| Admin notes (internal moderation notes) | Platform moderation — not visible to the user concerned |
2.5 — Payment & Subscription Data
| Data | Purpose |
|---|---|
| Subscription status (active/inactive) | Service access control |
| FragCoin balance and transaction history | Account management |
| Payment transaction reference (e.g. PayPal transaction ID) | Accounting and legal obligations |
We do not store your credit card number, CVV, or full bank details. Payment processing is handled entirely by our third-party providers (see Section 5). We only retain a transaction reference and the amount.
3. Legal Bases for Processing
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account | Contract performance (Art. 6(1)(b) GDPR) |
| Providing matchmaking services | Contract performance (Art. 6(1)(b) GDPR) |
| Processing payments and subscriptions | Contract performance (Art. 6(1)(b) GDPR) |
| Displaying your public Player Card | Contract performance (Art. 6(1)(b) GDPR) |
| VAC ban eligibility check | Contract performance (Art. 6(1)(b) GDPR) |
| IP address logging | Legal obligation (Art. 6(1)(c) GDPR) — French LCEN Art. 6-II |
| Retaining accounting records | Legal obligation (Art. 6(1)(c) GDPR) — French Code de commerce |
| Chat moderation and report processing | Legitimate interests (Art. 6(1)(f) GDPR) — maintaining a safe community |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f) GDPR) |
| Analytics and service improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
4. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data (Steam ID, profile info, rank) | Duration of account + 3 years after deletion |
| IP connection logs | 1 year (legal obligation under French LCEN) |
| Chat messages | 6 months |
| Moderation records (bans, reports) | 3 years from the date of sanction |
| Payment transaction references | 10 years (French Code de commerce — accounting obligation) |
| FragCoin transaction history | 5 years |
After the applicable retention period, data is deleted or anonymised.
5. Recipients and Third-Party Service Providers
Your data may be shared with the following categories of recipients:
5.1 — Steam (Valve Corporation)
Authentication is handled via Steam OpenID. When you log in, your browser communicates directly with Steam's servers. Valve's own privacy policy applies: https://store.steampowered.com/privacy_agreement/
5.2 — Hosting Providers
Your data is processed and stored on servers operated by:
Render Services, Inc. — San Francisco, CA, United States Hosts the website and API. The PostgreSQL database is hosted in Frankfurt, Germany (EU). Privacy Policy: https://render.com/privacy
Hetzner Online GmbH — Industriestr. 25, 91710 Gunzenhausen, Germany Hosts the CS2 game servers for European players. Game servers only process transient connection data (SteamID, IP address) during active matches — no personal data is stored permanently on game servers. Match demo recordings are temporarily stored on the game server, then transferred to the web server and deleted locally. Privacy Policy: https://www.hetzner.com/legal/privacy-policy
Regional game servers: The Platform may operate game servers in multiple geographic regions (EU, North America, Asia, etc.). Players are matched exclusively to servers in their own region — EU/EEA players are only routed to EU-based game servers and their connection data is never processed on servers outside the EEA. Non-EU game server providers, if any, are listed below as they become available.
5.3 — FACEIT (Optional Social Link Verification)
If you choose to link your FACEIT profile on your Player Card, we may query the FACEIT API to verify your FACEIT account. This is entirely optional and initiated by you.
- FACEIT Ltd — London, United Kingdom Privacy Policy: https://www.faceit.com/en/privacy
5.4 — Payment Providers
We use the following payment processors:
- PayPal (Europe) S.à r.l. et Cie, S.C.A. — 22-24 Boulevard Royal, L-2449 Luxembourg Privacy Policy: https://www.paypal.com/en/webapps/mpp/ua/privacy-full
- [OTHER_PAYMENT_PROVIDER] ← À REMPLIR — [ADDRESS] ← À REMPLIR
These providers process payment data under their own terms. We only receive a transaction reference confirming the payment.
5.5 — Discord (Security Alerts)
The Platform sends automated security alerts to a private Discord channel operated by the Platform administrators. These alerts may contain:
- IP addresses (of blocked or flagged requests)
- SteamIDs (for login events, role changes, or security incidents)
No user-generated content (messages, profiles) is sent to Discord. Alerts are used exclusively for real-time security monitoring by administrators.
- Discord Inc. — San Francisco, CA, United States Privacy Policy: https://discord.com/privacy
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
6. International Data Transfers
Your personal data is stored in a PostgreSQL database hosted in Frankfurt, Germany (EU) by Render Services, Inc. The web application (API) is also hosted by Render. EU game servers are operated by Hetzner Online GmbH in Germany (EU).
EU player data never leaves the EEA for game server processing — EU players are region-locked to EU-based game servers. Game servers in other regions (NA, Asia) only process data from players in those regions.
The Render web service may process API requests through infrastructure in the United States. For any transfers outside the EEA (Render API processing, Valve Corporation, PayPal), such transfers are made under appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions. You can request more information about these safeguards by contacting us.
7. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
| Right | Description |
|---|---|
| Right of access (Art. 15) | You can request a copy of all personal data we hold about you |
| Right to rectification (Art. 16) | You can request correction of inaccurate data |
| Right to erasure (Art. 17) | You can request deletion of your data ("right to be forgotten"), subject to legal retention obligations |
| Right to restriction (Art. 18) | You can request we limit processing of your data in certain circumstances |
| Right to data portability (Art. 20) | You can request your data in a machine-readable format |
| Right to object (Art. 21) | You can object to processing based on legitimate interests |
| Right to withdraw consent | Where processing is based on consent, you may withdraw at any time |
Note on erasure: Some data (e.g. IP logs, payment transaction records) must be retained under French law regardless of a deletion request. We will inform you of any limitations when you exercise your rights.
How to exercise your rights: Send a written request to: [EMAIL_RGPD] ← À REMPLIR
We will respond within 30 days of receiving your request. We may ask you to verify your identity before processing your request.
8. Public Player Card
Your Player Card is visible to all users of the Platform and displays:
- Your Steam display name
- Your Steam avatar
- Your country flag (derived from IP geolocation)
- Your Glicko-2 rank and match statistics
- Your social links (if you choose to add them — e.g. FACEIT, Twitch)
If you wish to make your Player Card non-public, or to request removal of your profile from the Platform, please contact us at [EMAIL_RGPD] ← À REMPLIR.
9. VAC Ban Data
We retrieve your VAC ban status from Steam solely to determine your eligibility to use the matchmaking service. Users with an active VAC ban on their Steam account are not permitted to join matchmaking queues. This data is fetched at login and at defined intervals. We do not store the specific game associated with any VAC ban.
10. Minors
The Platform is intended for users aged 15 and over, in accordance with Article 8 GDPR and French data protection law. By creating an account, you confirm that you are at least 15 years old. We do not knowingly collect data from children under the age of 15. If we become aware that a user is under 15, we will delete their account and associated data without delay. If you believe a minor has registered on our Platform, please contact us at [EMAIL_RGPD] ← À REMPLIR.
11. Cookies
We use cookies and similar tracking technologies. For full details, please refer to our Cookie Policy.
12. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:
- HTTPS encryption for all data transmitted to and from the Platform
- Restricted internal access to personal data on a need-to-know basis
- Regular security reviews
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
13. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the French data protection authority:
Commission Nationale de l'Informatique et des Libertés (CNIL) 3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07 Website: https://www.cnil.fr Online complaint form: https://www.cnil.fr/fr/plaintes
You may also contact the data protection authority of your country of residence within the EU.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where changes are material, notify you by email or via a notice on the Platform.
For any questions regarding this Privacy Policy, contact us at: [EMAIL_RGPD] ← À REMPLIR