Loading...
Privacy

Privacy Policy

Last updated: October 17, 2025

Back to Legal

1. Introduction

At IdleMates, we take your privacy seriously. This policy outlines how we collect, use, store, and protect your data. We operate under GDPR compliance and follow industry best practices for security.

2. Data We Collect

Account Data

Email, Steam username (encrypted), Steam password (AES-256-GCM encrypted), shared_secret for 2FA (encrypted), account timestamps.

Session Data

Game AppIDs, session duration, accumulated hours, session status logs.

Technical Data

IP addresses (security), browser/device info, error logs (30-day retention), API request logs.

Payment Data

PayPal transaction IDs, subscription status, billing history. We never store credit card numbers (handled by PayPal).

3. How We Use Your Data

We use your data to:

  • Service Operation: Authenticate to Steam and run idling sessions
  • Account Management: Manage subscriptions, billing, and support
  • Communication: Send service updates and security alerts
  • Security: Detect fraud and prevent abuse

We NEVER: Sell your data, share with third parties for marketing, use for ads, or manually access your credentials.

4. Security

Encryption Standards

  • At Rest: AES-256-GCM envelope encryption
  • In Transit: TLS 1.3
  • Keys: Hardware-backed, monthly rotation
  • Zero Knowledge: Credentials decrypted only in memory

Additional: Regular security audits, rate limiting, DDoS protection, intrusion detection, MFA for admin access.

5. Data Retention

  • Active Accounts: Data retained while account exists
  • Deleted Accounts: Data deleted within 30 days
  • Logs: 30-day retention, then auto-purged
  • Billing: 7 years (legal requirement)

6. Your Rights (GDPR)

You have the right to:

Access: Export your data
Rectification: Correct information
Erasure: Delete your data
Portability: Machine-readable export

Exercise rights: Email privacy@idlemat.es (30-day response)

7. Cookies & Tracking

Essential Cookies: Session authentication (required)

Analytics: Self-hosted only (no Google Analytics)

No Ads: Zero advertising cookies or remarketing

8. Third-Party Services

  • Stripe: Payment processing
  • Steam: Authentication and idling
  • Cloud: Hosting (encrypted)

9. Contact

Email: privacy@idlemat.es

Support: support@idlemat.es

Governed by EU law and GDPR regulations.

IdleMates © 2025 · Committed to your privacy