Privacy Policy

SkinReflex ("the Platform," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we share it, and what choices you have regarding your data. By using SkinReflex, you consent to the practices described in this policy.

Information from Steam

When you log in through Steam, we collect your Steam ID, display name, profile URL, avatar images, country/region information, and trade URL. This data is provided by Valve Corporation's Steam API and is necessary for the Platform to function.

Login and Security Data

We collect and store information about each login session, including your IP address, browser type and version, operating system, and the date and time of access. We also derive approximate geographic location (country, region, city) from your IP address. This data is used to protect your account from unauthorized access and to detect suspicious activity.

Transaction Data

We record details of all transactions you make on the Platform, including item deposits, withdrawals, marketplace purchases, sales, and cryptocurrency transactions. This includes item identifiers, prices, fees charged, wallet addresses, and timestamps.

Cryptocurrency and Payment Data

When you deposit or withdraw cryptocurrency, we store the wallet address you provide, the cryptocurrency type, network, transaction amount, and external transaction identifiers. Payment processing is handled by third-party providers, and we do not store private keys or full payment credentials.

We use the information we collect to:

• Provide, operate, and maintain the Platform and its features
• Process transactions, deposits, and withdrawals
• Verify your identity and prevent fraud or unauthorized access
• Monitor login activity and detect suspicious behavior using IP addresses and device information
• Communicate with you about your account, transactions, or Platform updates
• Enforce our Terms of Service and protect the rights and safety of our users
• Comply with legal obligations and respond to lawful requests from authorities
• Improve the Platform through aggregated, anonymized usage analysis

SkinReflex logs your IP address each time you log in. We use this information to monitor for unauthorized account access, detect and prevent fraud and abuse, identify patterns of suspicious activity (such as logins from unusual locations), and maintain an audit trail for account security purposes.

Your login history, including IP addresses, timestamps, approximate location, and device information, is visible to you on your profile page under Account Activity. IP addresses displayed to you are partially masked for privacy.

We retain login activity data for a minimum of 12 months. This data may be disclosed to law enforcement or regulatory authorities if required by law or if we reasonably believe disclosure is necessary to prevent fraud, protect our users, or comply with legal processes.

If you enable two-factor authentication (2FA), we store a hashed version of your TOTP secret on our servers. This secret is used solely to verify your authentication codes. We do not have access to your authenticator app or device.

SkinReflex uses cookies and browser local storage to maintain your login session and remember your preferences. We do not use third-party tracking cookies for advertising purposes. Our live chat provider (Crisp) may set its own cookies to provide customer support functionality.

We do not sell your personal data. We may share your information with:

• Payment processors: Cryptocurrency transaction details are shared with our payment processing partners to facilitate deposits and withdrawals.
• Other users: When you list items for sale, your listing is visible to other users. Your Steam display name and avatar may be visible in connection with your listings.
• Law enforcement: We may disclose your data if required by law, regulation, legal process, or governmental request.
• Service providers: We may share data with trusted service providers who assist us in operating the Platform, provided they agree to keep your information confidential.

We retain your account data for as long as your account is active. Transaction records and fee logs are retained indefinitely for audit and compliance purposes. Login activity logs are retained for a minimum of 12 months. If you request account deletion, we will remove your personal data within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (such as fraud prevention or financial record-keeping).

We implement reasonable technical and organizational measures to protect your data, including encrypted connections (HTTPS), secure authentication through Steam's OAuth system, and restricted access to personal data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your personal data, subject to legal retention requirements
• Object to or restrict certain processing of your data
• Request a copy of your data in a portable format

To exercise any of these rights, please contact us through the channels listed below. We will respond to your request within 30 days.

SkinReflex is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

SkinReflex is operated within the European Union. If you access the Platform from outside the EU, please be aware that your data may be transferred to, stored, and processed in the EU or other jurisdictions where our service providers operate. By using the Platform, you consent to such transfers.

If you are located in the European Economic Area (EEA) or the United Kingdom, your rights under the General Data Protection Regulation (GDPR) or UK GDPR apply in full. Contact us to exercise these rights.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Platform after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

If you have questions about this Privacy Policy or wish to exercise your data rights, you can reach us through our official channels:

• Twitter: @SkinReflexCom
• Discord: discord.gg/Enm8sCYZfQ