Privacy policy

Last updated: 23 April 2025

1. Scope

This Privacy Policy (“Policy”) explains how Exeskins (“ExeSkins,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards your information when you:

  • visit https://exeskins.com (the “Website”);
  • install or use our browser extension (the “Extension”); or
  • access any other feature, application, or service that links to this Policy (together with the Website and Extension, the “Services”).

This Policy does not apply to games, websites, products, or services that we do not own or control, nor to individuals we do not employ or manage.

2. Interpretation & Definitions

The capitalised terms below have the meanings given here or in Section 19 (Annex of Definitions). Definitions apply equally in singular and plural.

  • Account – a unique account created so you can access the Services.
  • Affiliate – an entity that controls, is controlled by, or is under common control with ExeSkins.
  • Cookies – small text files placed on your device that store information about your browsing.
  • Country – Poland (unless otherwise stated).
  • Device – any device capable of accessing the Services (e.g., computer, phone, tablet).
  • Personal Data – information that identifies or relates to an identifiable individual.
  • Service Provider – any natural or legal person that processes data on our behalf.
  • Third-Party Social Media Service – any social-network site through which you may log in to or create an Account.
  • Usage Data – data collected automatically through the Services (e.g., page-visit duration).

You – the individual using the Services, or any company or entity on whose behalf that individual acts.

3. How We Collect Personal Information

  • Directly from you — Registration details, e-mail, feedback, marketplace listings, support requests
  • Automatically — IP address, device type, operating system, browser, referral URLs, timestamps, in-app events, cookie identifiers, local Extension storage
  • Public / third-party sources — Data from linked Steam accounts, payment processors, social-media profiles, ad networks, fraud-prevention partners
  • Affiliate programme — Referral codes, payout wallets, statistics required to calculate commissions

4. Categories of Personal Information We Collect

Depending on how you use the Services, we may collect:

  • Contact Data – name (if provided), e-mail, phone, postal address
  • Account Data – username, password hash, Steam ID, profile image
  • Financial Data – card or crypto-wallet identifiers, transaction history
  • Biographical & Demographic Data – date of birth, age, gender (optional)
  • Biometric Data – facial geometry from ID photos (only if you complete identity/KYC verification)
  • Internet / Activity Data – IP address, advertising IDs, device/browser details, analytics events
  • Location Data – country or region inferred from IP or user input
  • Inference Data – preferences, purchase patterns, and similar analytics profiles

We do not intentionally collect sensitive data such as health, racial or religious information.

5. Cookies and Other Tracking Technologies

We use Cookies, web beacons, tags, scripts, and local Extension storage to:

  • recognise repeat visitors and save their settings;
  • analyse Service performance through tools like Google Analytics and Google Tag Manager;
  • deliver and measure advertising (only where legally permitted).

You can manage cookies via your browser or our Cookie Consent Banner. Note that some parts of the Services may not function if Cookies are disabled. Our Services currently do not respond to “Do Not Track” signals.Visit https://exeskins.com/page/cookie-policy for Cookies Policy.

6. Legal Bases for Processing (EEA / UK users)

Where the EU GDPR or UK GDPR applies, we rely on:

  1. Contract – to provide, manage, and deliver the Services;
  2. Legitimate Interests – to secure and improve the Services, prevent fraud, and conduct analytics (balanced against your interests and rights);
  3. Consent – for optional cookies, direct marketing, or linking third-party accounts;
  4. Legal Obligation – to meet KYC/AML, tax, or court-order requirements.

You may withdraw consent at any time (Section 13).

7. How We Use Personal Information

We process Personal Data to:

  • Provide and operate the Website and Extension;
  • Process transactions and maintain internal accounting;
  • Verify identity and prevent fraud or abuse;
  • Respond to inquiries and provide customer support;
  • Send administrative notices (e.g., security alerts, policy updates);
  • Send marketing material — only if you opt in (unsubscribe anytime);
  • Analyse performance and develop new features;

Comply with laws and enforce our Terms of Service.

8. How We Share Personal Information

  • Service Providers — Hosting, payment processing, KYC/AML, analytics, customer support (contractually bound to use data solely for our purposes)
  • Affiliates & Group Companies — Same privacy commitments as this Policy
  • Business partners / ad networks — To present offers with your consent or where otherwise permitted
  • Other users — If you voluntarily publish information (e.g., listings, profile details)
  • Legal authorities — To comply with valid requests, defend legal claims, or prevent harm
  • Prospective buyers — In case of merger, acquisition, or asset sale (subject to confidentiality)

We do not “sell” personal information as defined by the California Consumer Privacy Act (CCPA). The only data “sharing” under CCPA may arise from third-party advertising cookies, which you can disable via our Cookie Banner.

9. International Transfers

We operate globally. Your data may be processed on servers located in the European Union, the United States, or other jurisdictions. When we transfer Personal Data from the EEA/UK to a country lacking an adequacy decision, we rely on Standard Contractual Clauses or equivalent safeguards.

10. Retention of Personal Data

  • Transaction records — ≥ 5 years (tax / AML)
  • Biometric data (if collected) — ≤ 3 years after your last interaction
  • Marketing-opt-out records — Duration of opt-out + proof period
  • Analytics / log data — Up to 2 years, unless required for security or legal claims

When data is no longer needed, we delete or anonymise it.

11. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access / Know – obtain a copy of your Personal Data;
  • Correct – request rectification of inaccurate data;
  • Delete – request erasure (“right to be forgotten”);
  • Port – receive data in machine-readable format;
  • Restrict / Object – limit or object to processing based on legitimate interests;
  • Opt out of marketing – via “unsubscribe” links or profile settings;
  • Opt out of sale / sharing – toggle “Do Not Sell or Share My Data” in your Account (CCPA/CPRA users);
  • Shine the Light – request disclosure of direct-marketing data sharing (California).

Submit requests at privacy@exeskins.com or through the Privacy Center in your Account. We will verify your identity (or authorised agent) before fulfilling any request.

12. Security

We employ industry-standard technical and organisational measures—encrypted transport (TLS), hashed passwords, firewalls, role-based access controls—to protect Personal Data. No method of transmission or storage is entirely secure; you use the Services at your own risk.

13. Children’s Privacy

The Services are not directed to children under 18 years of age (or the minimum age in your jurisdiction). We do not knowingly collect data from minors. If you believe a child has provided data, please contact us and we will delete it.

14. In-Game Communications

ExeSkins does not monitor or record your voice/text communications inside Counter-Strike 2 (or any other game). Communications that occur on our Website or Extension are governed by this Policy.

15. Third-Party Links

Our Services may contain links to external sites we do not control. We are not responsible for their content or privacy practices. Review their policies before providing data.

16. Changes to This Policy

We may update this Policy periodically. Material changes will be announced by e-mail and/or an in-service banner at least seven (7) days before they take effect. The “Last updated” date at the top reflects the current version.

17. Contact Us

If you are in the EEA/UK and are dissatisfied with our response, you may lodge a complaint with your local supervisory authority.

18. Do Not Track Signals

Our Websites do not currently recognise or respond to browser-initiated “Do Not Track” signals.

19. Annex A — Definitions (Full List)

Affiliate, Account, Biometric Data, Business Partner, Cookies, Country, Device, Extension, Inference Data, Non-Identifiable Data, Personal Data, Service, Service Provider, Third-Party Social Media Service, Usage Data, User Content, Website, You – have the meanings set forth in Sections 2–4 and throughout this Policy.