CS2 Labs

Privacy Policy

Effective date: March 10, 2026

This Privacy Policy explains how CS2 Labs collects, uses, stores, and shares information when you use the website, create an account, build loadouts, publish content, or interact with analytics and third-party services.

This document is written to match the current product shape, including Better Auth session handling, Steam OpenID sign-in, analytics tooling, and cookie-based functionality. It is an operational policy, not legal advice.

Information We Collect

We collect information you provide directly, information created through your use of the service, and technical data generated when your browser or device interacts with CS2 Labs.

Depending on how you use the service, this can include account identifiers, Steam profile information returned through Steam OpenID, linked provider data, loadouts you save or publish, comments, likes, and operational analytics data.

  • Account and profile data such as your user ID, display name, email address where available, avatar, and linked provider identifiers.
  • Steam sign-in data such as Steam ID, username, and profile image returned during authentication.
  • User-generated content such as saved loadouts, published loadouts, comments, replies, and social interaction counts.
  • Technical and usage data such as page views, clicks, page paths, approximate device and browser information, referral data, and interaction events.

How We Use Information

We use information to operate the service, authenticate users, maintain accounts, save and display loadouts, support public community features, monitor performance, understand product usage, and improve the site over time.

We may also use information to investigate abuse, enforce our terms, prevent fraud, protect the security of the service, and comply with legal obligations.

Authentication and Account Data

CS2 Labs uses Better Auth for account and session management and supports Steam OpenID sign-in. Depending on deployment configuration, additional social providers such as Google or Discord may also be available.

When you sign in or link a provider, we store the identifiers and account records needed to recognize your account, maintain sessions, and support linking or unlinking flows.

  • Session cookies used to keep you signed in.
  • Temporary Steam authentication cookies used during sign-in or account-linking flows.
  • Provider account identifiers needed to connect your CS2 Labs account with Steam or other enabled providers.

Cookies, Local Storage, and Similar Technologies

CS2 Labs uses cookies and similar technologies for essential site functionality, authentication, user preferences, analytics, advertising, and performance measurement. This includes the use of session cookies, temporary login-flow cookies, analytics cookies, advertising tags, and browser storage.

We also use local storage for an anonymous actor key that helps attribute certain analytics and outbound listing telemetry events for signed-out visitors.

We use Google Privacy & messaging to present and manage cookie choices. You can reopen cookie settings from the site footer at any time.

  • Essential cookies for sign-in, session continuity, and security-related flows.
  • Steam sign-in cookies used to preserve redirect and account-linking intent.
  • Analytics and performance cookies associated with tools such as Google Analytics, where you have provided the required consent.
  • Advertising and measurement tags associated with Google Tag Manager, Google publisher ads, and Google Consent Mode.
  • Local storage entries used to maintain anonymous analytics context for outbound interaction telemetry.

Analytics and Telemetry

We use analytics and telemetry tools to understand how the site is used, measure feature adoption, evaluate navigation patterns, and improve product performance and usability.

Current and planned analytics tooling includes Vercel Web Analytics, Google Analytics via Google Tag Manager, and internal telemetry endpoints that record events such as outbound marketplace listing clicks. Vercel Web Analytics is configured as cookieless, anonymized analytics. Google Analytics runs only after the relevant Google Privacy & messaging consent is available.

  • Vercel Web Analytics for cookieless, anonymized traffic measurement.
  • Google Analytics / Google Tag Manager for consent-based traffic and page analytics.
  • Internal telemetry for outbound listing clicks and related interaction events.

Public Content and Community Features

If you choose to publish a loadout or participate in social features, some of your content becomes visible to other users and may be indexed or shared publicly depending on the route and visibility setting.

Public content can include your display name, avatar, published loadouts, likes, comments, replies, and related engagement information.

How We Share Information

We share information with service providers and third parties only as needed to operate the service, deliver authentication, host the site, run analytics, or comply with legal obligations.

We do not describe every infrastructure vendor here because deployments may change, but analytics providers, authentication sources, and hosting or database processors may receive information necessary to provide their services.

  • Steam as an authentication provider and source of profile data during sign-in.
  • Analytics, consent, and advertising providers such as Vercel, Google Privacy & messaging, Google Analytics, Google Tag Manager, and Google publisher ad services.
  • Hosting, database, logging, and infrastructure vendors acting as processors or subprocessors.
  • Third parties when required by law, valid legal process, or to protect users and the service.

Data Retention and Security

We retain information for as long as reasonably necessary to operate the service, maintain accounts, preserve community features, resolve disputes, enforce agreements, and meet legal obligations.

We use reasonable technical and organizational measures to protect information, but no internet service can guarantee absolute security.

Your Choices and Rights

You may be able to manage some information directly through your account, including connected providers and public loadout visibility. You can also ask us to review, delete, or help remove certain personal data or account-related information.

Requests should be sent to the contact listed below. Public content may remain visible until removed from the service, and some records may be retained where necessary for security, legal, or operational reasons.

Children and Regional Disclosures

CS2 Labs is intended for a general audience and is not directed to children under 13. If you believe a child has provided personal information to the service, contact us so we can review and take appropriate action.

Privacy rights can vary by jurisdiction. If laws in your region grant additional access, correction, deletion, or objection rights, contact us and we will review the request in line with applicable law.

Changes and Contact

We may update this Privacy Policy from time to time. When we do, we will update the effective date on this page and may provide additional notice when changes are material.

For privacy requests, data access or deletion requests, or questions about this Privacy Policy, contact contact@cs2labs.com.