Privacy Policy
CS Glory LLC
Effective Date: April 3, 2026 Last Updated: May 22, 2026 (Rev. 3)
1. Introduction
CS Glory LLC ("CS Glory," "we," "us," or "our") operates the CS Glory competitive matchmaking platform at csglory.com, api.csglory.com, and cdn.csglory.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the Service.
We are committed to transparency and to processing your data lawfully, fairly, and in a limited manner. This policy is written in plain language in compliance with GDPR Article 12.
Data Controller: CS Glory LLC 30 N Gould St, Ste R, Sheridan, WY 82801, United States Email: privacy@csglory.com
Data Protection Officer: We have assessed our processing activities under GDPR Article 37 and determined that a DPO is not required at our current scale. Privacy inquiries should be directed to privacy@csglory.com.
EU/EEA Representative (GDPR Article 27): [TO BE APPOINTED - see Legal Review] [Representative Name and Address] [Representative Email]
2. Data We Collect
2.1 Account Data (Collected at Registration)
| Data | Source | Purpose |
|---|---|---|
| Steam ID (SteamID64) | Steam OpenID | Account identity, inventory verification |
| Steam display name | Steam Web API | Profile display |
| Steam avatar URL | Steam Web API | Profile display |
| System-generated email identifier | Generated from Steam ID ({steamId}@steam.local) | Internal account record (required by auth framework; not a real email address; not used for communication) |
| Email address (optional for basic access; required for competitive matchmaking) | User-provided | Email verification, account recovery, data export delivery, waitlist communications |
2.2 Profile Data (User-Provided, Optional)
| Data | Purpose |
|---|---|
| Username | Unique display identity |
| Bio | Profile personalization |
| Region | Matchmaking region preference |
| CS years playing | Profile display |
| Favorite map | Profile display |
| Preferred role | Profile display |
| Twitter handle | Social links on profile |
| Discord handle | Social links on profile |
| Friend request policy (everyone / friends-of-friends / nobody) | Privacy control |
| Notification preferences (match alerts, friend requests, promotional) | Communication control |
2.3 Gameplay Data (Generated Through Use)
| Data | Purpose |
|---|---|
| Elo rating, rating deviation, volatility | Skill-based matchmaking |
| Match history (maps, scores, results) | Statistics, leaderboards |
| Detailed match statistics (kills, deaths, assists, headshots, damage, utility usage, weapon stats, bomb actions, clutches, MVPs, etc.) | Statistics, leaderboards, performance tracking |
| Match demo recordings | Replay viewing, anti-cheat review |
| Match highlight clips (via Allstar) | Highlight viewing |
| Win/loss record, placement status | Ranking system |
| Penalty and cooldown history | Competitive integrity enforcement |
2.4 Social Data (Generated Through Use)
| Data | Purpose |
|---|---|
| Friends list | Social features |
| Direct messages (chat text) | Communication between users |
| Notifications | Feature delivery |
| Party membership | Matchmaking |
2.5 Inventory Data
| Data | Source | Purpose |
|---|---|---|
| Steam inventory items (CS:GO skins) | Steam Web API | Skin loadout feature |
| CS Glory-granted items | Service | Inventory system |
| Equipped loadout (T-side, CT-side, badge) | User-configured | In-game skin application |
2.6 Technical Data (Collected Automatically)
| Data | Purpose |
|---|---|
| IP address | Session security, rate limiting, anti-cheat, abuse prevention |
| User agent string | Session security, debugging |
| Session token (cookie) | Authentication |
| Presence status (online/offline) | Social features |
| Device/hardware identifiers | Collected only if hardware-level enforcement is applied (e.g., repeated ban evasion). Not collected by default. |
2.7 Email Verification Data
| Data | Purpose |
|---|---|
| Email verification token | Verifying email ownership (stored in KV, 24-hour TTL, deleted after use) |
| Email verified status | Gating access to competitive features |
2.8 Analytics Data (Production Only)
We use PostHog EU for product analytics, sent directly to eu.i.posthog.com so analytics requests are outside the .csglory.com authentication cookie scope. PostHog collects:
| Data | Purpose |
|---|---|
| Page views | Usage analytics |
| Page leave events | Usage analytics |
| Client-side exceptions | Error monitoring |
| Device type, browser, OS | Product improvement |
PostHog is configured with person_profiles: "identified_only", meaning analytics data is only associated with identified (logged-in) users. Anonymous visitors generate anonymous analytics events without personal identifiers.
2.9 Waitlist Data
| Data | Purpose |
|---|---|
| Email address | Pre-launch update notifications |
| Source (where you signed up) | Marketing attribution |
| Region | Regional launch planning |
2.10 Ban Data
| Data | Purpose |
|---|---|
| Steam ID | Cross-account ban enforcement |
| Ban reason and source | Moderation record |
| Confidence score | Anti-cheat accuracy tracking |
| Ban status and duration | Enforcement |
3. Legal Basis for Processing (GDPR)
For users in the EU/EEA/UK, we process personal data under the following legal bases:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and authentication | Performance of contract | Art. 6(1)(b) |
| Matchmaking and gameplay | Performance of contract | Art. 6(1)(b) |
| Elo rating and statistics | Performance of contract | Art. 6(1)(b) |
| Social features (friends, chat, parties) | Performance of contract | Art. 6(1)(b) |
| Skin loadout (Steam inventory reading) | Performance of contract | Art. 6(1)(b) |
| Premium subscription billing | Performance of contract | Art. 6(1)(b) |
| Email verification and transactional email | Performance of contract | Art. 6(1)(b) |
| Anti-cheat and competitive integrity | Legitimate interest | Art. 6(1)(f) |
| Ban enforcement and penalties | Legitimate interest | Art. 6(1)(f) |
| IP address logging for security | Legitimate interest | Art. 6(1)(f) |
| Rate limiting and abuse prevention | Legitimate interest | Art. 6(1)(f) |
| Public disclosure of confirmed cheaters | Legitimate interest | Art. 6(1)(f) |
| PostHog analytics | Consent | Art. 6(1)(a) |
| Waitlist email communications | Consent | Art. 6(1)(a) |
| Match demo and highlight storage | Legitimate interest | Art. 6(1)(f) |
| Anti-cheat AI model training (anonymized match data shared with ChrononLabs) | Legitimate interest | Art. 6(1)(f) |
Legitimate interest balancing tests have been conducted for each processing activity listed under Art. 6(1)(f). Records are available upon request to privacy@csglory.com.
4. How We Use Your Data
We use your data to:
- Provide the Service - create and manage your account, authenticate sessions, run matchmaking, host game servers, calculate Elo ratings, and deliver features you use
- Maintain competitive integrity - detect cheating, enforce bans, apply penalties, and prevent abuse. Anonymized match data is shared with our anti-cheat partner ChrononLabs to train AI models that improve cheat detection accuracy
- Improve the Service - analyze usage patterns, diagnose errors, and develop new features (analytics data only, with consent)
- Communicate with you - send service-related notifications (match results, friend requests, system notices) and, with consent, marketing communications
- Comply with legal obligations - respond to lawful requests from authorities, enforce our Terms of Service, and protect our rights
We do not:
- Sell your personal data
- Use your data for targeted advertising
- Share your data with data brokers
- Make automated decisions with legal or similarly significant effects on you without human review
5. Data Sharing
We share personal data only in the following circumstances:
5.1 Service Providers (Data Processors)
| Provider | Data Shared | Purpose | Location |
|---|---|---|---|
| Cloudflare, Inc. | All data transiting the Service | Infrastructure: Workers (compute), D1 (database), KV (caching/sessions), Durable Objects (real-time), Pages (hosting), CDN. Cloudflare acts as our data processor, except where it exercises independent judgment over data processing (e.g., bot detection, DDoS mitigation, security threat response), in which case Cloudflare is an independent controller. See Cloudflare's Privacy Policy for details. | Global (US-headquartered) |
| PostHog, Inc. | Analytics events, device info | Product analytics | EU (eu.posthog.com) |
| Valve Corporation (Steam Web API) | Steam ID | Authentication, inventory verification | US |
| Allstar Gaming, Inc. | Match demo data, Steam IDs | Highlight clip generation | US |
| Resend, Inc. | Email addresses, email content | Transactional email delivery (verification, data export links) | US |
| ChrononLabs | Anonymized match data, gameplay telemetry | Anti-cheat AI model training and development | [LOCATION TBD] |
Each processor is bound by a Data Processing Agreement (DPA) that restricts their use of your data to providing their service to us.
5.2 Public Data
The following data is publicly visible on the Service by design:
- Display name, username, and avatar
- Elo rating and tier/rank
- Match history (scores, maps, stats)
- Leaderboard position
- Join order number
- Ban status (for confirmed cheaters: Steam ID and ban reason). Ban records and public disciplinary notices are retained as a legitimate interest to prevent ban evasion and protect competitive integrity, and are exempt from standard account deletion requests under GDPR Art. 17(3)(e) (establishment, exercise, or defense of legal claims)
- Server browser: your display name and Steam ID are visible when you are connected to a game server (public server list)
5.3 Other Users
- Your friends can see your presence status (online/offline)
- Party members can see your matchmaking status
- Match opponents can see your in-game statistics during and after matches
- Direct messages are visible to the recipient
5.4 Affiliated Platforms (Ban Enforcement)
Ban records (Steam ID, ban reason, ban status) may be shared with other competitive gaming platforms for cross-platform enforcement of competitive integrity standards. We do not currently share ban data with any third parties. If we enter into ban-sharing agreements in the future, we will update this policy to name the specific platforms and obtain consent where required by law. This sharing is based on our legitimate interest in maintaining fair play across the competitive CS:GO ecosystem.
5.5 Legal Requirements
We may disclose your data if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
5.6 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email or prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.
6. International Data Transfers
CS Glory is operated from Israel and the United States, with infrastructure provided by Cloudflare across its global network. Your data may be processed in:
- Israel - Operations, development (EU adequacy decision in effect; Israel's Protection of Privacy Law Amendment 13 (2025) aligns with GDPR standards)
- United States - Cloudflare infrastructure, Steam API, Allstar, Resend
- European Union - PostHog analytics (EU instance), Cloudflare edge nodes
- Other regions - Cloudflare edge locations for performance
For transfers of EU/EEA personal data outside the EU/EEA, we rely on:
- Adequacy decisions - Israel is recognized as providing adequate data protection by the European Commission
- Standard Contractual Clauses (SCCs) adopted by the European Commission (for US-based processors)
- Binding Corporate Rules of our processors where available
You can request a copy of the safeguards in place by contacting privacy@csglory.com.
7. Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | Service provision |
| Session data | Until session expiry (KV TTL) | Authentication |
| Profile data | Until account deletion | Service provision |
| Gameplay statistics | Duration of platform operation, anonymized after account deletion | Leaderboard integrity, Elo accuracy. Reviewed annually for continued necessity. |
| Match history | Duration of platform operation, anonymized after account deletion | Historical record, competitive integrity. Reviewed annually for continued necessity. |
| Match demos | 90 days after match completion | Replay viewing, anti-cheat review |
| Match highlight clips | Duration of platform operation or until user requests deletion | User-accessible highlights |
| Chat messages | 1 year | Moderation, dispute resolution |
| Friends list | Until account deletion or friendship removal | Social features |
| Notifications | 90 days | Delivery, history |
| Ban records | Duration of platform operation (exempt from deletion requests per GDPR Art. 17(3)) | Competitive integrity, repeat offense tracking, ban evasion prevention |
| Penalty records | 1 year after expiry | Escalation tracking |
| Analytics events | Per PostHog retention settings (default: 1 year) | Product improvement |
| Email verification tokens | 24 hours (auto-deleted from KV) | Email ownership verification |
| Data export files | 24 hours (auto-deleted from KV) | Data portability |
| Waitlist emails | Until launch or unsubscription | Pre-launch communications |
| IP addresses (session table) | Until session expiry | Security |
| Server telemetry | 30 days | Operations monitoring |
When data reaches the end of its retention period, it is either deleted or irreversibly anonymized.
8. Your Rights
8.1 Rights for All Users
Regardless of location, you may:
- Access your data by contacting privacy@csglory.com
- Delete your account and associated personal data
- Correct inaccurate profile information through your account settings
- Export your data in a machine-readable format upon request
8.2 Additional Rights for EU/EEA/UK Users (GDPR)
Under the General Data Protection Regulation, you also have the right to:
- Restrict processing - request that we limit how we use your data in certain circumstances
- Object to processing - object to processing based on legitimate interest, including for anti-cheat purposes (we will cease processing unless we demonstrate compelling legitimate grounds that override your interests)
- Withdraw consent - withdraw consent for analytics (PostHog) or marketing communications at any time, without affecting the lawfulness of processing before withdrawal
- Data portability - receive your data in a structured, commonly used, machine-readable format (JSON) and transmit it to another controller
- Lodge a complaint - file a complaint with your local data protection authority
8.3 Additional Rights for California Users (CCPA/CPRA)
Under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), California residents have the right to:
- Know what personal information we collect, use, disclose, and sell
- Delete personal information we hold about you
- Opt out of sale/sharing - we do not sell or share your personal information for cross-context behavioral advertising
- Non-discrimination - we will not discriminate against you for exercising your CCPA rights
Categories of personal information collected (CCPA categories):
- Identifiers (Steam ID, username, email, IP address)
- Internet activity (gameplay data, analytics events, page views)
- Geolocation (region, derived from IP)
- Inferences (Elo rating, skill tier)
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
8.4 How to Exercise Your Rights
Contact privacy@csglory.com with your request. Include your CS Glory username or Steam ID for verification. We will respond within:
- 30 days for GDPR requests (extendable by 60 days for complex requests, with notice)
- 45 days for CCPA requests (extendable by 45 days with notice)
We will verify your identity before processing any request. For account-linked requests, verification will be performed through your authenticated session or Steam account.
8.5 Global Privacy Control (GPC)
We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we treat it as a valid opt-out of any data sharing that would constitute "sale" or "sharing" under applicable law.
9. Cookies and Tracking
For detailed information about cookies and similar technologies, see our Cookie Policy.
In summary:
| Cookie/Technology | Type | Purpose |
|---|---|---|
| BetterAuth session cookie | Strictly necessary | Authentication (httpOnly, secure, sameSite: lax, domain: .csglory.com) |
| PostHog cookies | Analytics (consent required) | Product analytics (production only) |
| localStorage: csglory-theme | Functional | Theme preference (modern/classic) |
| localStorage: csglory-region | Functional | Matchmaking region preference |
| localStorage: csglory-presence | Functional | Presence/online status preference |
| localStorage: Zustand auth state | Strictly necessary | Client-side auth state persistence |
10. Children's Privacy
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected personal data from a child under 16, we will delete that data promptly. If you believe a child under 16 has provided us with personal data, contact privacy@csglory.com.
11. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit - all data transmitted via HTTPS/TLS
- Secure cookies - httpOnly, secure, sameSite attributes on authentication cookies
- Session management - server-side session storage in Cloudflare KV with expiration TTLs
- Rate limiting - per-user and per-IP rate limiting on all API endpoints
- Access control - server-side authentication and authorization on all protected endpoints
- Infrastructure security - Cloudflare's enterprise security (DDoS protection, WAF, bot management)
No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@csglory.com.
12. Automated Decision-Making and AI Profiling
12.1 Anti-Cheat Detection
We use server-side anti-cheat measures that analyze gameplay data to detect cheating. Anonymized match data (gameplay telemetry with player identifiers removed) is shared with our partner ChrononLabs to train AI models that improve cheat detection accuracy.
Anti-cheat detections may result in account suspension. All permanent bans based on automated detection include manual human review before finalization. You are never permanently banned by an automated system alone without human oversight.
12.2 Your Rights Regarding Automated Decisions
Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. For anti-cheat enforcement:
- Low-confidence detections are queued for manual review with no automatic action
- Medium-confidence detections result in temporary suspension pending manual review
- High-confidence detections result in suspension with human review and the right to appeal (see Acceptable Use Policy Section 6)
You may contest any automated decision by contacting legal@csglory.com.
12.3 EU AI Act Disclosure
Our anti-cheat partner ChrononLabs develops AI models that analyze gameplay patterns to detect cheating. Under the EU AI Act (Regulation 2024/1689), AI systems that profile individuals may be classified as high-risk. We are monitoring the classification of anti-cheat AI systems and will comply with applicable EU AI Act obligations as they take effect (August 2, 2026), including transparency, human oversight, and record-keeping requirements.
12.4 California ADMT Disclosure
For California residents: Our anti-cheat system constitutes Automated Decision-Making Technology (ADMT) under CCPA regulations. Anti-cheat detections may result in account restrictions, which constitute a significant decision affecting your access to the Service. You have the right to opt out of ADMT-based decisions by requesting manual review of any automated detection at legal@csglory.com. Full ADMT compliance obligations take effect January 1, 2027.
13. Data Protection Impact Assessments
We have conducted Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals, including anti-cheat detection (including AI-based profiling), ban enforcement, and public disclosure of confirmed cheaters. These assessments are available to supervisory authorities upon request.
14. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
- We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33)
- We will notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Art. 34)
- Notification will include the nature of the breach, the data concerned, likely consequences, and measures taken
15. Third-Party Links
The Service may contain links to third-party websites or services (such as Steam profile pages). We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will post the updated policy with the new effective date
- We will provide at least 30 days' advance notice via email or a prominent notice on the Service
- For changes that affect processing based on consent, we will seek renewed consent where required
17. Contact
For questions, data requests, or complaints:
CS Glory LLC 30 N Gould St, Ste R, Sheridan, WY 82801, United States Email: privacy@csglory.com
For general legal inquiries: legal@csglory.com For abuse reports: abuse@csglory.com
EU/EEA Representative: [TO BE APPOINTED]
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. A list of EU DPAs is available at edpb.europa.eu.
CS Glory is not affiliated with, endorsed by, or sponsored by Valve Corporation. Counter-Strike, CS:GO, CS2, Steam, and the Steam logo are trademarks and/or registered trademarks of Valve Corporation.