Privacy Policy

Last Updated: January 2025

This Privacy Policy explains how CSWhale FlexKapG ("CSWhale", "we", "us" or "our") collects, uses, and protects your personal data when you use our website, the CSWhale marketplace operated by CSWhale LLC, and our Pro/Elite subscription services.

1. Data Controller

For all users located in the European Economic Area (EEA) or Switzerland, the data controller under the GDPR is:

CSWhale FlexKapG

Bergmanngasse 40
8010 Graz, Austria
Firmenbuchnummer: 659009g
Email: team@cswhale.com


Single point of contact (DSA Article 11/12):
team@cswhale.com

2. Categories of Personal Data We Collect

We collect the following personal data from you:

Account data: Name, email address, postal address, IP address, linked Steam ID
Transaction data: Marketplace activity history, order IDs, amounts, timestamps
Payment data: We do not collect or store full bank or card details. All financial information is processed exclusively by Stripe Connect. We only receive the last 4 digits of your IBAN or bank routing number from Stripe for display and payout status tracking
Technical data: Log files, device/browser type, and error reports (via Sentry)

3. Purposes and Legal Basis of Processing

Purpose Data Used Legal Basis (Art. 6 GDPR)
Providing marketplace services Account + transaction data Art. 6(1)(b) – contract performance
Processing subscription payments Account + subscription data Art. 6(1)(b) – contract performance
Fraud prevention and security IP address, logs, Steam ID Art. 6(1)(f) – legitimate interests
Error monitoring and fixing issues Logs and error reports Art. 6(1)(f) – legitimate interests
Legal and regulatory compliance All relevant data Art. 6(1)(c) – legal obligation

4. Processors and Data Transfers

We only share your data with trusted processors as necessary to operate the platform:

  • CSWhale LLC (U.S.) – infrastructure operator (bound by SCCs)
  • Stripe Connect (U.S./EU) – payment processing
  • Fly.io (EU region) – hosting infrastructure
  • Steam / Valve – in-game trade processing (limited technical identifiers only)
  • Sentry (U.S./EU) – error tracking (pseudonymised user IDs)

Where data is transferred to the U.S., we use the EU Standard Contractual Clauses (SCCs) under Art. 46 GDPR.

5. Data Retention

  • Account data is stored until your account is deleted
  • Transaction logs are stored for 7 years to comply with accounting obligations
  • Error logs are deleted after 30 days

6. Your Rights

You have the following rights under GDPR:

  • Right to access your data (Art. 15)
  • Right to correct inaccurate data (Art. 16)
  • Right to deletion ("right to be forgotten") (Art. 17)
  • Right to restrict processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, contact team@cswhale.com.

7. Cookies

We only use strictly necessary cookies to operate the site. We do not use tracking or advertising cookies.

8. Security

We implement appropriate technical and organizational security measures to protect your personal data, including encryption, access controls, and hosting within the EU on Fly.io.

9. Children

You must be at least 18 years old to use CSWhale. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Updates will be posted here with a new "Last Updated" date.

11. Contact

For all privacy-related questions or GDPR rights requests, contact:

Email: team@cswhale.com


CSWhale FlexKapG
Bergmanngasse 40
8010 Graz, Austria