chainskins/blog
Back to posts
/
privacy policy

Privacy Policy

Last updated: January 2025 Applies to chainskins.net and the ChainSkins browser extension

ChainSkins is designed with a minimal data collection philosophy. We collect only what is strictly necessary to operate the Service. We do not sell, rent, or share your personal data with third parties for commercial purposes.

1. Who We Are

ChainSkins is an independently operated, non-commercial software project. References to "we", "us", or "the Operator" refer to the individual developer operating this Service.

This Privacy Policy applies to data collected through chainskins.net and the ChainSkins browser extension, in accordance with the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection law (LOPDGDD).

2. Data We Collect

We collect the following data when you use the Service:

  • Steam ID: Required to identify your Steam account and verify trade offer status. Collected when you connect your Steam account.
  • Wallet address: Your public Solana wallet address, required to execute smart contract transactions. This is public blockchain data.
  • Email address (optional): Only collected if you voluntarily provide it for trade notification purposes. You are never required to provide an email.
  • Trade data: Trade offer IDs and transaction hashes, stored to facilitate and verify individual trades.

What we do NOT collect:

  • Your private keys — these never leave your browser extension
  • Browsing history or behavior outside ChainSkins
  • Payment information
  • Any biometric or sensitive personal data

3. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR): Steam ID and wallet address are processed to execute the service you requested.
  • Consent (Art. 6(1)(a) GDPR): Email address and analytics cookies are processed solely based on your explicit, voluntary consent.
  • Legitimate interests (Art. 6(1)(f) GDPR): Trade and transaction data is retained to resolve disputes and ensure service integrity.

4. How We Use Your Data

  • To verify Steam trade offer status via the Steam API
  • To execute and record blockchain transactions
  • To send trade status notifications (email only, if provided)
  • To understand how visitors use the website (analytics, only with consent)
  • To detect and prevent fraud or abuse

We do not use your data for advertising, profiling, or any purpose not listed above.

5. Data Retention

  • Steam ID & wallet address: Retained while your account is active. Deleted upon verified account deletion request.
  • Trade records: Retained for up to 12 months for dispute resolution purposes, then deleted.
  • Email address: Retained until you withdraw consent or request deletion.
  • Analytics data: Retained according to Google Analytics default retention settings (up to 14 months).

Note: Blockchain transaction data (wallet addresses, transaction hashes) is permanently recorded on the Solana blockchain and cannot be deleted by us or anyone else — this is inherent to how public blockchains work.

6. Cookies

We use cookies and similar tracking technologies on chainskins.net. A cookie is a small text file stored on your device when you visit a website.

Types of cookies we use:

  • Essential cookies: Strictly necessary for the Service to function (e.g. session management). These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with the website. These are only placed with your prior explicit consent.

You can control and manage cookies through your browser settings at any time. Disabling analytics cookies will not affect your ability to use the Service.

Your consent is required before we place any non-essential cookies on your device. You will be asked for your consent via a cookie banner on your first visit.

7. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies to collect information about how visitors use our website, including pages visited, time spent, and general location data (country/city level).

Important facts regarding Google Analytics:

  • Data collected is transmitted to and stored on Google servers, which may be located in the United States
  • This constitutes a transfer of personal data outside the EU/EEA under GDPR
  • Such transfers are covered by Google's adherence to the EU-U.S. Data Privacy Framework
  • We have enabled IP anonymization in Google Analytics — your full IP address is never stored
  • Google Analytics cookies are only activated after you provide explicit consent via our cookie banner

You can opt out of Google Analytics tracking at any time by:

For more information on how Google processes your data, see Google's Privacy Policy.

8. Third-Party Services

The Service interacts with the following third-party services:

  • Valve/Steam API: To verify trade offer status. Your Steam ID is sent to Steam's API. Steam's own privacy policy applies.
  • Solana blockchain: Transaction data is publicly recorded on-chain. This is irreversible by nature.
  • Google LLC (Analytics): As described in section 7 above.

We do not share your data with advertisers or data brokers.

9. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data (where technically possible)
  • Right to restrict processing: Request we limit how we use your data
  • Right to data portability: Receive your data in a portable format
  • Right to withdraw consent: Withdraw consent for optional data (e.g. email, analytics) at any time

To exercise any of these rights, contact us using the details below.

10. Security

We implement reasonable technical measures to protect your data. However, no system is completely secure. Given the experimental nature of this Service, you should not use it with funds or accounts you cannot afford to have exposed.

11. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us immediately.

12. Contact & Data Controller

For any privacy-related requests or questions, contact: [email protected]