Privacy Policy
Doplr (“Doplr,” “we,” “us,” or “our”), operated as a sole proprietorship based in the United States, runs doplr.co and related websites, APIs, and applications (the “Services”). This Privacy Policy describes how we collect, use, disclose, store, and otherwise process personal information when you use the Services.
Summary for Steam and inventory users
Doplr is built for portfolio tracking and analysis, not buying or selling items. Sign-in uses Steam’s identity flow; we do not receive your Steam password. We do not operate a marketplace and do not use your Steam authorization to submit trade offers or move items on your behalf. Portfolio inputs you save (such as cost basis) are stored with your account. Self-serve account and data deletion is planned in Profile settings; until that ships, you may request deletion by emailing privacy@doplr.co.
1. Contact
Privacy and data rights requests: privacy@doplr.co
General product help: see our Support page.
2. Personal information we collect
Identifiers and account (Steam). When you sign in with Steam, we process identifiers and profile details Valve provides, such as your Steam ID, display name, and avatar URL, and session data (for example signed cookies or tokens) needed to keep you signed in.
Portfolio and commercial information. We store information you provide for portfolio features, including cost basis (item, purchase price, quantity, date), optional notes, and portfolio snapshots or related time-series data used for charts and history.
Inventory and market data. To show holdings and values, we process item and pricing information from Steam and third-party market or analytics sources. We may keep short-lived server-side caches to improve performance and reliability.
Technical data. We may process IP address, user agent, and similar connection metadata, strictly necessary cookies on the web (including a signed session cookie after Steam sign-in), and limited server logs for security and operations.
Support. If you email us, we process your message and address using Google Workspace for business email.
We do not embed advertising or cross-site analytics trackers (such as Meta Pixel or Google Analytics) in the Services as of the Effective Date. The iOS app stores your session token in the iOS Keychain; we do not embed analytics SDKs, ad networks, or session replay tools in the iOS app.
3. Purposes and legal bases (EEA and UK)
We use personal information to:
- Provide, operate, and improve the Services;
- Maintain security, prevent abuse, and enforce our terms;
- Comply with law and respond to lawful requests.
Where the GDPR or UK GDPR requires a legal basis, we rely on contract (providing the Services), legitimate interests (security, limited caching, product improvement balanced against your rights), and where applicable legal obligation or consent (for example if we add non-essential cookies in the future).
4. Cookies (web)
We use strictly necessary cookies and similar technologies for authentication and site operation, including the HTTP-only session cookie after Steam sign-in. We do not use those cookies for cross-site advertising.
5. Service providers
We use vendors that process personal information on our instructions, including hosting and deployment (Vercel), application data storage (Upstash), and business email (Google Workspace). We may add subprocessors (for example error reporting) as our stack evolves; we will update this Policy when we do.
6. International transfers
We are based in the United States and configure production storage so that customer portfolio and account data are hosted in the United States. If you access the Services from the EEA, UK, or Switzerland, your information may be transferred to the US. Where required, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, for the UK, the International Data Transfer Agreement or Addendum (or equivalent approved mechanisms), together with supplementary measures our providers support.
7. Disclosure
We disclose personal information to service providers as described above, to professional advisors as needed, to comply with law, and to protect rights and safety. We do not sell your personal information for money. We do not use your personal information for cross-context behavioral advertising across unrelated third-party apps or websites as described in this Policy as of the Effective Date.
8. Retention
We retain account and portfolio data while your account is active and for a short period afterward unless you delete it earlier. When you delete your data or account, we delete or anonymize personal information without undue delay, subject to backup rotation and legal hold. Aggregated or de-identified statistics may remain.
9. Security
We use HTTPS, access controls, and provider security features appropriate to our infrastructure. No method of transmission or storage is completely secure.
10. Your rights
EEA and UK. You may have the right to access, rectify, erase, restrict, or object to certain processing, and to data portability where applicable. You may lodge a complaint with your local supervisory authority.
United States (including California). Depending on your state, you may have rights to know, delete, and correct certain personal information. We do not sell personal information for money. If our practices change in ways that trigger additional opt-out rights under state law, we will update this Policy and provide any required controls.
To exercise rights, contact privacy@doplr.co. We may verify your request in a reasonable manner.
11. Account and data deletion
Self-serve deletion will be available from Profile settings in the app and web experience; we will document the exact control once it ships. Until then, email privacy@doplr.co to request permanent deletion of your stored portfolio data and account-associated information. You can sign out at any time from the Profile area of the app.
12. Third-party sources
We obtain pricing and related data from third parties (including, for example, PriceEmpire and CSROI). Requests for item imagery may pass through an image proxy (for example wsrv.nl) for format conversion. Those parties receive only what is needed for each request and are governed by their own policies. Steam is operated by Valve Corporation; use of Steam is subject to Valve’s terms and privacy policy.
13. Children
The Services are not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.
14. Changes
We may update this Policy from time to time. We will post the revised version with a new “Last updated” date. Material changes may be communicated as required by law or noted on the Services.
15. Disclaimer
Doplr is not affiliated with, endorsed by, or sponsored by Valve Corporation. Counter-Strike 2 and CS2 are trademarks of Valve Corporation.
This Policy is provided for transparency. It is not legal or investment advice. If you have questions about how we handle data, contact privacy@doplr.co.