Last updated June 1, 2026
Privacy Policy
What we collect, why we collect it, and how we handle your data when you use our website, payments, and delivery services.
This Privacy Policy explains how CS2 Commend collects, uses, and protects information when you use our website and services. It applies worldwide unless a local notice says otherwise.
1. Who processes your data
The data controller for the Service is the operator of CS2 Commend ("we," "us"). Use the support options in your account dashboard for privacy requests.
2. Information we collect
Depending on how you use the Service, we may process:
- Account data: email, password hash, session tokens, verification status, and account identifiers;
- Steam-related data: profile links you submit, resolved account identifiers, display names, avatars, and order targets;
- Order and payment data: order IDs, products purchased, credit balances, payment status, and limited billing metadata from processors (we do not store full card numbers);
- Technical data: IP address, browser type, device signals, cookies, and security logs;
- Support and chat: messages you send via support or live chat tools;
- Anti-abuse data: rate-limit counters, fraud signals, chargeback flags, and linked accounts used to enforce our Terms.
3. Why we use your data
We process personal data to:
- Provide accounts, checkout, credits, and order fulfillment;
- Validate Steam profiles and complete your orders;
- Prevent fraud, chargebacks, multi-account abuse, and attacks;
- Comply with tax, accounting, and legal obligations where applicable;
- Improve reliability, debug errors, and secure infrastructure;
- Send transactional emails (verification, receipts, security alerts).
Legal bases (where GDPR/UK GDPR applies) may include contract performance, legitimate interests (security, fraud prevention), legal obligation, and consent where required (e.g. non-essential cookies).
5. Retention
We keep data only as long as needed for the purposes above, including legal, tax, and dispute windows. Examples:
- Account data: while your account is active and a reasonable period after;
- Order records: typically years where required for accounting/disputes;
- Security logs: limited rolling retention unless tied to an investigation;
- Chargeback/abuse records: may be kept longer to prevent repeat abuse.
6. Security
We use reasonable technical and organizational measures (access controls, hashing, HTTPS, secrets management). No method is 100% secure. You are responsible for protecting your account credentials and email access.
8. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, object, or port certain data, and to withdraw consent where processing is consent-based.
Use the support options in your account dashboard for privacy requests. We may need to verify your identity. We will respond within timelines required by applicable law.
If you are in the EEA/UK, you may lodge a complaint with your local supervisory authority. We prefer you contact us first so we can fix issues directly.
9. Children
The Service is not directed to anyone under 18. We do not knowingly collect data from children. If you believe a minor provided data, contact us through support and we will delete it where appropriate.
10. International transfers
We may process data in countries other than yours. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.
11. Changes to this policy
We may update this Privacy Policy. Material changes will be reflected in the "Last updated" date. Continued use after updates means you acknowledge the revised policy, subject to your rights under applicable law.
12. Contact
Use the support options in your account dashboard for privacy requests.