Privacy Policy

We collect the minimum data needed to run LoadoutCraft. We don’t sell your data, we don’t track you across the web, and we don’t serve ad-tech cookies. Sign-in uses Steam OpenID — we never see your Steam password.

If you want your account and data deleted, email support@loadoutcraft.com.

LoadoutCraft (the “Service”) is operated by the LoadoutCraft team (“we”, “us”). This policy is governed by the laws of England and Wales.

For privacy questions or rights requests: support@loadoutcraft.com.

We collect three categories of data:

From your Steam account (only when you sign in)

• Your Steam ID (a numeric identifier)
• Your public Steam display name
• Your public Steam avatar URL

We never receive your Steam password. The OpenID flow only confirms that you control the Steam account.

From your activity on the site

• Crafts you create, including names, weapon/skin choices, and sticker placements
• Likes and views you generate
• Settings and preferences stored in your browser

Automatic technical data

• IP address (for security and rate limiting)
• Browser user-agent and screen size (for compatibility)
• Anonymous pageview counts (no cross-site tracking)

• We don’t collect your email address (Steam doesn’t share it).
• We don’t collect payment information — there’s nothing to pay for.
• We don’t collect your Steam friends list, inventory, or trade history.
• We don’t use third-party advertising cookies or trackers.

• To display your crafts publicly with your name and avatar attached as the designer
• To maintain your account session (you stay signed in across visits)
• To prevent abuse, spam, and brute-force attempts
• To improve the product (anonymous usage patterns, error reports)
• To respond to your support requests

We set the minimum cookies needed:

• Session cookie — keeps you signed in. Required for the site to know who you are. Cleared when you sign out.
• CSRF token cookie — protects forms from cross-site request forgery attacks.
• Preferences — your UI choices (sidebar tab, sticker tray state, etc).

No advertising cookies. No analytics cookies that identify you personally.

Our infrastructure is hosted in the European Union (Hetzner, Germany). Cover images are stored on Backblaze B2 (United States) and served through Cloudflare’s global CDN.

For users in the UK and EEA: when data crosses borders, we rely on Standard Contractual Clauses or equivalent safeguards as required under UK GDPR.

• Account data: kept while your account is active. Deleted within 30 days of account deletion.
• Published crafts: kept indefinitely unless you delete them or your account.
• Server logs: kept for 30 days, then automatically purged.

You have the right to:

• Access a copy of the data we hold about you
• Correct any inaccurate data
• Delete your account and associated data
• Restrict or object to processing
• Port your data to another service (we’ll provide it as JSON)
• Complain to the UK Information Commissioner’s Office (ICO) if you believe we’ve mishandled your data

To exercise any of these rights, email support@loadoutcraft.com. We’ll respond within 30 days as required by law.

We share data only with infrastructure providers needed to run the service:

• Steam (Valve Corp) — for sign-in OpenID verification
• Hetzner — server hosting
• Cloudflare — DDoS protection and CDN
• Backblaze — image storage
• Vercel — frontend hosting

We do not sell, rent, or trade your data with anyone for any purpose.

All traffic to LoadoutCraft is encrypted with TLS. Authentication uses HTTP-only, secure cookies. We don’t store passwords (Steam handles authentication). Server access is restricted to a small number of authorized people via SSH key authentication.

No system is perfectly secure. If we discover a breach affecting your data, we’ll notify you within 72 hours of becoming aware as required under UK GDPR.

LoadoutCraft is not directed at children under 13. We don’t knowingly collect data from children under 13. If you believe a child under 13 has signed up, contact us and we’ll delete their data.

We may update this policy as the service evolves. Material changes will be flagged on the homepage and at the top of this page. Continuing to use LoadoutCraft after a change means you accept the new terms.