Privacy Policy

This Privacy Policy explains how SteamHelper processes personal data when you visit our website, use the backend services, sign in with Steam or install and use the SteamHelper browser extension. It is written for users, reviewers and business partners who need a complete description of how the product works in practice.

1. Controller

The controller responsible for the processing of personal data is Sellrock UG (haftungsbeschränkt), Kölner Str. 43a, 90425 Nürnberg, Germany. You can contact us at [email protected]. For product and support questions about SteamHelper, you can also contact [email protected].

Where SteamHelper acts on behalf of a business customer in the future, additional contractual data processing terms may apply. At the current public product stage, SteamHelper is primarily provided directly to end users as a browser extension and related web service.

2. Scope of this policy

This policy applies to the SteamHelper website, the production API at api.steamhelper.app, the browser extension and the app window shipped with the extension. It does not apply to websites and services operated by Valve Corporation, Steam, marketplace providers or other third parties. Those providers process data under their own terms and privacy policies.

SteamHelper is designed to be a companion tool for Steam users. It can read selected Steam pages on which it is installed, send item and account-related requests through the extension background service, and use our backend to provide prices, favorites, alerts and account-bound features. The extension does not ask for your Steam password and does not need your Steam password to function.

3. Data we process

Depending on how you use SteamHelper, we process technical website data such as IP address, request time, URL, user agent, language, referrer, security events and server logs. We process account-related data when you sign in with Steam, including your SteamID64, Steam persona name, avatar URL, profile URL, authentication state and backend session metadata.

For product features, we may process item-related data such as app id, context id, class id, instance id, asset id, market hash name, item name, wear or float metadata where available, selected listings, favorites, alert thresholds, notification settings, trade-offer identifiers, inventory totals and price lookup requests. These data points are used to display Steam inventory value, market comparisons, favorites, alerts, trade review context and related user-facing functions.

The extension may store settings, the backend session token, a cached public Steam profile and an optional Steam Web API key in browser storage. The key is used only in the extension background context for Steam API calls and is not displayed to content scripts. If you disconnect the key, the extension removes the stored key and remembers that you opted out so it does not silently re-read it.

4. Chrome Web Store data categories

For Chrome Web Store disclosure purposes, SteamHelper may handle the following user data categories: personally identifiable information, authentication information, location, web browsing activity, user activity and website content.

Personally identifiable information means Steam account identifiers and public Steam profile metadata such as SteamID64, persona name, avatar URL and profile URL. Authentication information means SteamHelper session state, Steam OpenID authentication results, selected Steam authentication cookies needed for user-facing Steam features and an optional Steam Web API key if the user chooses to store one in the extension.

Location means technical request metadata such as IP addresses in website, API, hosting, CDN, security and abuse-prevention logs. SteamHelper does not collect GPS coordinates or precise physical location from the device.

Web browsing activity and website content are limited to Steam Community, Steam Market, Steam Web API and SteamHelper pages or requests needed for the extension's visible features. This may include the Steam page URL, item names, inventory context, listing context, trade-offer context and other page content needed to render SteamHelper overlays, comparisons and controls.

User activity means actions inside SteamHelper or supported Steam pages, such as settings choices, favorites, alert thresholds, notification preferences, sign-in state, selected items, trade review interactions, market helper interactions and optional feature usage.

SteamHelper does not intentionally collect health information, payment card details, bank account details, creditworthiness data, private messages, emails, SMS, chat contents or unrelated personal communications. Item prices, market values and trade estimates shown by SteamHelper are product feature data and are not used as payment processing or creditworthiness data.

5. Steam login and authentication

SteamHelper uses Steam OpenID for sign-in. When you start login, the extension opens our backend authentication endpoint, Steam handles the OpenID confirmation, and our backend verifies the OpenID response. After successful verification, our backend issues a SteamHelper session token so the extension can call account-bound endpoints such as favorites and alerts.

We do not receive your Steam password. We do not ask you to enter your Steam password into SteamHelper. The Steam login page is operated by Steam, and your interaction with that page is subject to Valve's policies. SteamHelper stores only the resulting SteamHelper session token and the SteamID information needed to identify your account inside our service.

6. Browser extension data and permissions

The browser extension runs on selected Steam Community and Steam Market pages. Content scripts read page content that is necessary for visible SteamHelper features, for example item names on market listings, inventory cells, trade offer rows or price comparison areas. This data is used to render overlays, badges, sorting, value totals, favorites and review helpers on the page the user is viewing.

The extension does not collect unrelated browsing history and does not monitor arbitrary websites. It is limited to declared Steam-related URL patterns and to backend or Steam API hosts required by the product. Some user preferences are mirrored into Steam page localStorage so page-injected scripts can honor your settings without gaining access to extension storage.

SteamHelper requests storage to save settings, authentication state, cached profile data and optional feature data. It requests identity to complete the Steam OpenID browser-extension redirect. It requests cookies to read selected Steam session cookies in the extension background context for user-facing Steam features. It requests alarms and notifications for price alerts and optional gift-only checks. It requests declarativeNetRequest to add required first-party Origin and Referer headers for specific Steam trade-offer actions that a service-worker fetch cannot set directly.

Host permissions are used for the SteamHelper API, Steam Community, the Steam Web API, the Chrome extension redirect origin and a currency-rate endpoint. These hosts support authentication, item pricing, inventory, market, trade, favorites, alerts, notifications and exchange-rate context. SteamHelper does not request access to every website.

The extension does not use remote code. Executable extension code is packaged in the uploaded extension file. Responses from the SteamHelper API, Steam, Steam Web API and other declared hosts are treated as data for user-facing features, not as code to execute in the extension.

7. Purposes and legal bases

We process personal data to provide SteamHelper, authenticate users, remember settings, calculate inventory context, retrieve and cache price information, manage favorites, deliver price alerts, support optional notification channels, protect the service, debug errors and respond to support requests. Where processing is necessary to provide requested features, the legal basis is Art. 6(1)(b) GDPR. For security, abuse prevention, logging, product maintenance and service improvement, the legal basis is Art. 6(1)(f) GDPR.

Where we are required to retain accounting, tax or legal records, the legal basis is Art. 6(1)(c) GDPR. Where a feature requires consent, for example optional marketing or non-essential tracking if introduced in the future, the legal basis is Art. 6(1)(a) GDPR. SteamHelper currently does not rely on consent-based advertising or behavioral ad tracking.

8. Chrome Web Store Limited Use disclosure

SteamHelper uses data received through Chrome extension APIs, browser storage, Steam pages and Steam-related network requests only to provide or improve the extension's single purpose: helping Steam users understand inventory value, compare item prices, manage favorites and alerts, and review Steam-related actions more safely.

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

We do not sell extension user data, do not transfer it to advertising networks or data brokers, do not use it to determine creditworthiness, and do not use web browsing activity for personalized advertising. We do not use or transfer user data for purposes unrelated to SteamHelper's single purpose.

Human access to user data is limited to cases where the user requests support and access is necessary, access is necessary for security or abuse prevention, the data is aggregated and anonymized for internal operations, or access is legally required.

9. Recipients and service providers

We share personal data only where this is necessary to operate SteamHelper, where you initiate the transfer, where a service provider processes data on our behalf, or where we are legally required to do so. We do not sell personal data.

Depending on the feature and deployment, recipients may include hosting and infrastructure providers, DNS and security providers, email or support providers, payment processors if paid plans are introduced, Steam or Valve services used during authentication or Steam API calls, and market data providers such as SteamWebAPI.com where item price data is requested. Service providers are selected with a focus on security and contractual protection.

10. Cookies, local storage and extension storage

Our website and backend may use strictly necessary cookies or comparable technologies for security, session integrity, language preferences and abuse prevention. The browser extension uses browser.storage.local for settings, authentication state and optional feature data. Steam pages may also use their own cookies and local storage, which are controlled by Steam.

SteamHelper may read selected Steam cookies, such as steamLoginSecure and sessionid, through the extension background context where the user has granted the required browser permission. This is used for features that must act in the user's Steam session, such as public profile lookup, profile privacy settings, inventory requests or gift trade-offer checks. SteamHelper does not use those cookies to obtain your Steam password.

11. International transfers

We prefer infrastructure in Germany or the European Economic Area where reasonable. If data is processed outside the EEA, for example by a security, payment, support, infrastructure or market-data provider, we rely on an adequacy decision, Standard Contractual Clauses, supplementary safeguards or another legally recognized transfer mechanism where required.

12. Retention and deletion

We retain personal data only for as long as needed for the purposes described in this policy or as required by law. Session and security logs are kept for a limited operational period unless a longer retention is required to investigate abuse, protect the service or comply with legal obligations. Favorites, alerts and account-bound settings remain stored until you remove them, disconnect your account or request deletion, subject to legal retention obligations.

Data stored locally by the extension remains in your browser until you delete it, sign out, disconnect a key, clear extension data or uninstall the extension. Backup copies may remain for a limited period and are overwritten or deleted in normal backup rotation.

13. Your rights

Under the GDPR, you may have the right to access, rectification, erasure, restriction of processing, data portability, objection to processing based on legitimate interests, withdrawal of consent and complaint to a supervisory authority. To exercise your rights, contact [email protected] or [email protected].

If we cannot identify you from the information in your request, we may ask for additional information reasonably necessary to verify the request. Rights may be limited where statutory retention obligations, security needs or the rights of other users require continued processing.

14. Security

We use technical and organizational measures designed to protect personal data, including TLS encryption in transit, access controls, separation of backend services, authentication tokens, restricted operational access, logging and regular updates. No system can be guaranteed to be perfectly secure, but we design SteamHelper so sensitive Steam credentials such as passwords are not collected by us.

15. Children

SteamHelper is intended for users who are allowed to use Steam and the Chrome Web Store under the rules that apply to them. We do not knowingly provide SteamHelper directly to children who cannot validly use the product. If you believe that a child has provided personal data to us, please contact us so we can review and delete the data where appropriate.

16. Changes to this policy

We may update this Privacy Policy when SteamHelper changes, when our infrastructure changes or when legal requirements change. The current version is published at this URL. Material changes will be reflected by updating the date above and, where appropriate, by providing a more prominent notice.