Privacy Policy

This page is a plain-language summary of the data Steam Launch Forecaster collects, why, and how it’s handled. The product is a free single-game forecast plus paid tiers for ongoing tracking and Total Lift Attribution analysis.

What we collect

• Email + studio name (optional) — only if you submit the email-capture form on the landing page or via paid checkout. Stored to send you the product-update emails you signed up for.
• Stripe payment data — if you purchase a paid tier, Stripe handles the card transaction. We never see card numbers. We store the Stripe Checkout session ID, your email (from Stripe), and payment status.
• Forecast queries — we record (appid, predicted-cone, timestamp) per /forecast hit so we can re-validate calibration over time. No personal information is stored with these.
• Steamworks CSV uploads (Total Lift Attribution) — if you use /attribution, your uploaded daily-wishlist counts and campaign log are stored keyed to (your email, your appid). Used only to compute attribution analysis for you. Never shared, never used to train any model.
• Server access logs — standard web logs (IP, user-agent, path, status, timestamp) retained 30 days for operational debugging and abuse detection. Caddy is the reverse proxy.

What we don’t do

• No third-party advertising trackers (no Google Ads, Meta Pixel, etc.).
• No cross-site behavioral profiles.
• No selling email lists.
• No third-party analytics beyond Cloudflare’s built-in (which is what protects the site from abuse).

Subprocessors

• Stripe — payments processing (PCI-DSS compliant). stripe.com/privacy.
• Resend — transactional email delivery. resend.com/legal/privacy-policy.
• Hetzner — the VPS hosting this app (EU jurisdiction). hetzner.com privacy.
• Cloudflare — DNS + reverse proxy + abuse protection. cloudflare.com privacy.

Your rights

You can request a copy of any data tied to your email, or have it deleted, by emailing [email protected] from the same address. We’ll respond within 30 days. This complies with EU GDPR and California CCPA on a best-effort basis for a one-person operation; if you have a specific regulatory request, write the regulator’s requirement in plain language and we’ll honor it.

Cookies

None set by this app directly. Cloudflare may set a __cf_bm bot-management cookie for abuse detection — that one is operational, not advertising. There’s no consent banner because there’s nothing tracking-y to consent to.

Updates to this policy

If we change anything material, the "Last updated" date at the top changes and we’ll email paying customers about the change before it takes effect.

Questions: [email protected].