Privacy Policy
Last updated: 30 May 2026
This Privacy Policy explains what personal data steam-widget.com ("we", "us", "our") collects, how it is used, and your rights under the General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Data Controller
The data controller for this service is sharky.codes. For any privacy-related enquiries, contact us at [email protected].
2. Data We Collect
2.1 Widget Views (Hit Counters)
Every time a Steam widget image is loaded, we record a hit event. The following data is stored for each hit:
| Field | Description | Legal basis |
|---|---|---|
steam64id | The Steam64 ID whose widget was viewed | Legitimate interest (usage analytics) |
datetime | Timestamp of the view event | Legitimate interest |
purpose | Optional free-text tag supplied by the embedder (e.g. github_readme) | Legitimate interest |
ip | IPv4 address of the viewer | Legitimate interest (abuse prevention) |
IP addresses are personal data under GDPR. They are stored solely to detect and prevent abusive automated traffic, are not shared with third parties, and are nullified (set to null) after 90 days by an automated daily job. The hit record itself (timestamp, Steam ID, purpose) is retained for analytics; only the IP field is erased. This is the least-destructive approach that satisfies GDPR requirements while preserving aggregated usage data.
2.2 Steam Profile Data
When a Steam profile is looked up on this service — either by the profile owner or by a third party embedding a widget — we cache the following data retrieved from the Steam Web API:
| Field | Description | Legal basis |
|---|---|---|
steam64id | Permanent Steam account identifier | Legitimate interest |
name | Steam display name (public profile data) | Legitimate interest |
Only public Steam profiles are processed. We do not access private profile information. This data originates from Valve's public Steam Web API and is refreshed periodically as long as the profile is active on this service.
2.3 Playtime Tracking (Opt-in)
Playtime tracking is entirely opt-in. It is activated only when you explicitly authenticate with Steam and choose to enable tracking. The following data is recorded periodically for tracked profiles:
| Field | Description |
|---|---|
steam64id | Your Steam account identifier |
game / gamename | App ID and display name of the game played |
datetime | Timestamp of the recorded session |
delta_playing_time | Minutes played since last check |
total_playing_time | Cumulative minutes played (from Steam) |
Legal basis: consent — you may withdraw consent at any time by disabling tracking on the Play Tracking page. Disabling tracking stops all future data collection for your profile.
3. Cookies & Session Storage
This service sets one cookie:
| Cookie | Purpose | Lifetime | Accessible from JS |
|---|---|---|---|
steamId |
Stores your Steam64 ID after a Steam login so it can be pre-filled in the generator and tracking forms on your next visit. Strictly functional — no tracking or profiling. | 7 days | Yes (required for pre-fill feature) |
The cookie is set with the Secure and SameSite=Lax flags.
No advertising, analytics, or cross-site tracking cookies are set by this service.
You can clear the cookie at any time through your browser settings without losing any data.
4. Third-Party Services
| Service | Purpose | Data sent | Privacy info |
|---|---|---|---|
| Steam Web API (Valve) | Fetch public profile & game data | Steam64 ID | Valve Privacy Policy |
| Bunny Fonts (bunny.net) | Load web fonts (Sora, JetBrains Mono) — GDPR-compliant EU CDN, no IP logging for profiling | Your IP address is sent to Bunny's EU servers for font file delivery only | Bunny.net Privacy Policy |
| jsDelivr CDN | Load icon font (Material Symbols) — open-source CDN, no advertising use of data | Your IP address is sent to jsDelivr's servers for font file delivery only | jsDelivr Privacy Policy |
| Umami Analytics (self-hosted) | Privacy-friendly, cookieless page analytics | Anonymised page views — no cookies, no cross-site tracking, no personal identifiers | Umami Privacy |
No Google services are used for font or asset delivery. Google Fonts CDN has been replaced with privacy-focused alternatives to eliminate IP transmission to Google's infrastructure.
5. Data Retention
| Data type | Stage 1 (short-term) | Stage 2 (long-term) |
|---|---|---|
| IP address in hit records | Nullified (set to null) after 90 days — record preserved, personal identifier erased | — |
| Raw hit record (steam64id, datetime, purpose) | Retained for profile metrics during 90-day–2-year window | Entire record deleted after 2 years by automated daily job |
| Steam profile cache (name, steam64id) | Retained while the profile uses the service; deleted on request or when tracking is disabled | |
| Playtime tracking records | Retained while tracking is enabled; deleted when tracking is disabled or on request | |
steamId cookie |
Expires after 7 days; clearable at any time via browser settings | |
6. Your Rights Under GDPR
If you are located in the European Economic Area (EEA) or UK, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate data.
- Right to erasure — request deletion of your personal data ("right to be forgotten").
- Right to restriction — ask us to limit how we use your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to withdraw consent — disable playtime tracking at any time via the Play Tracking page.
To exercise any of these rights, e-mail us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
7. Data Security
Data is stored on servers with access controls and transmitted exclusively over HTTPS. We follow industry-standard practices to protect your personal data against unauthorised access, alteration, disclosure, or destruction.
8. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after any changes constitutes acceptance of the updated policy.