CS2 Labs

Privacy Policy

Effective date: March 10, 2026

This Privacy Policy explains how CS2 Labs collects, uses, stores, and shares information when you use the website, create an account, build loadouts, publish content, or interact with analytics and third-party services.

This document is written to match the current product shape, including Better Auth session handling, Steam OpenID sign-in, analytics tooling, and cookie-based functionality. It is an operational policy, not legal advice.

Information We Collect

We collect information you provide directly, information created through your use of the service, and technical data generated when your browser or device interacts with CS2 Labs.

Depending on how you use the service, this can include account identifiers, Steam profile information returned through Steam OpenID, linked provider data, loadouts you save or publish, comments, likes, and operational analytics data.

  • Account and profile data such as your user ID, display name, email address where available, avatar, and linked provider identifiers.
  • Steam sign-in data such as Steam ID, username, and profile image returned during authentication.
  • User-generated content such as saved loadouts, published loadouts, comments, replies, and social interaction counts.
  • Technical and usage data such as page views, clicks, page paths, approximate device and browser information, referral data, and interaction events.

How We Use Information

We use information to operate the service, authenticate users, maintain accounts, save and display loadouts, support public community features, monitor performance, understand product usage, and improve the site over time.

We may also use information to investigate abuse, enforce our terms, prevent fraud, protect the security of the service, and comply with legal obligations.

Authentication and Account Data

CS2 Labs uses Better Auth for account and session management and supports Steam OpenID sign-in. Depending on deployment configuration, additional social providers such as Google or Discord may also be available.

When you sign in or link a provider, we store the identifiers and account records needed to recognize your account, maintain sessions, and support linking or unlinking flows.

  • Session cookies used to keep you signed in.
  • Temporary Steam authentication cookies used during sign-in or account-linking flows.
  • Provider account identifiers needed to connect your CS2 Labs account with Steam or other enabled providers.

Cookies, Local Storage, and Similar Technologies

CS2 Labs uses cookies and similar technologies for essential site functionality, authentication, analytics, and performance measurement. This includes the use of session cookies, temporary login-flow cookies, analytics cookies, and browser storage.

We also use local storage for an anonymous actor key that helps attribute certain analytics and outbound listing telemetry events for signed-out visitors.

You asked us to assume cookies are set up for this product, so this policy describes cookie usage as part of the live service model even if consent controls are still being refined.

  • Essential cookies for sign-in, session continuity, and security-related flows.
  • Steam sign-in cookies used to preserve redirect and account-linking intent.
  • Analytics and performance cookies associated with tools such as PostHog, Google Analytics, and Hotjar.
  • Local storage entries used to maintain anonymous analytics context for outbound interaction telemetry.

Analytics and Telemetry

We use analytics and telemetry tools to understand how the site is used, measure feature adoption, evaluate navigation patterns, and improve product performance and usability.

Current and planned analytics tooling includes PostHog, Google Analytics via the Google tag, Hotjar for behavioral analytics and session insights, and internal telemetry endpoints that record events such as outbound marketplace listing clicks.

  • PostHog for product analytics and event capture.
  • Google Analytics / Google tag for traffic and page analytics.
  • Hotjar for heatmaps, recordings, behavior insights, and similar usage analysis.
  • Internal telemetry for outbound listing clicks and related interaction events.

Public Content and Community Features

If you choose to publish a loadout or participate in social features, some of your content becomes visible to other users and may be indexed or shared publicly depending on the route and visibility setting.

Public content can include your display name, avatar, published loadouts, likes, comments, replies, and related engagement information.

How We Share Information

We share information with service providers and third parties only as needed to operate the service, deliver authentication, host the site, run analytics, or comply with legal obligations.

We do not describe every infrastructure vendor here because deployments may change, but analytics providers, authentication sources, and hosting or database processors may receive information necessary to provide their services.

  • Steam as an authentication provider and source of profile data during sign-in.
  • Analytics providers such as PostHog, Google Analytics, and Hotjar.
  • Hosting, database, logging, and infrastructure vendors acting as processors or subprocessors.
  • Third parties when required by law, valid legal process, or to protect users and the service.

Data Retention and Security

We retain information for as long as reasonably necessary to operate the service, maintain accounts, preserve community features, resolve disputes, enforce agreements, and meet legal obligations.

We use reasonable technical and organizational measures to protect information, but no internet service can guarantee absolute security.

Your Choices and Rights

You may be able to manage some information directly through your account, including connected providers and public loadout visibility. You can also ask us to review, delete, or help remove certain personal data or account-related information.

Requests should be sent to the contact listed below. Public content may remain visible until removed from the service, and some records may be retained where necessary for security, legal, or operational reasons.

Children and Regional Disclosures

CS2 Labs is intended for a general audience and is not directed to children under 13. If you believe a child has provided personal information to the service, contact us so we can review and take appropriate action.

Privacy rights can vary by jurisdiction. If laws in your region grant additional access, correction, deletion, or objection rights, contact us and we will review the request in line with applicable law.

Changes and Contact

We may update this Privacy Policy from time to time. When we do, we will update the effective date on this page and may provide additional notice when changes are material.

For privacy requests or questions, contact TODO: add a public support email before launch.