PeltPelt

Privacy Policy

Last updated: April 2026

Pelt LLC ("Pelt," "we," "us," or "our") operates the marketplace at pelt.gg ("Platform"). This Privacy Policy explains what information we collect, how we use it, how we share it, and what choices you have. By using the Platform, you agree to the practices described below.

1. What We Collect

Account Information (from Steam)

When you sign in, we receive the following from Steam via OpenID authentication:

  • Steam ID (64-bit identifier)
  • Display name and avatar URL
  • Profile visibility settings

Information You Provide

  • Steam trade URL
  • Steam Web API key (encrypted at rest using AES-256-GCM; see Security)
  • Email address (if provided for notifications or support)

Transaction Data

  • Purchase history, sale history, deposits, withdrawals, and all associated amounts, timestamps, and statuses.
  • Trade offer details (Steam trade offer IDs, item identifiers, trade statuses).

Automatically Collected Information

  • IP address
  • Browser type, version, and operating system
  • Device information
  • Pages visited, actions taken, and timestamps
  • Cookies: We use a session cookie (required) to maintain your authenticated session. We do not use tracking cookies, third-party analytics cookies, or advertising cookies.

2. Information from Third Parties

  • Steam (Valve): Profile information retrieved via OpenID authentication and the Steam Web API, including your public profile data, inventory information, and trade offer statuses.
  • Stripe (Payments): Limited transaction metadata (transaction ID, amount, status, last four digits of card) to reconcile your Pelt balance. Pelt does not receive, store, or have access to your full card number, CVV, or bank account details.
  • Stripe Identity (KYC): Verification status only (verified / unverified / rejected). Your identity documents (government-issued ID, selfie) are submitted directly to and processed by Stripe. Pelt does not store copies of your identity documents.

3. How We Use Information

We use collected information to:

  • Provide services -- operate the marketplace, display listings, facilitate trades, and manage your account and balance.
  • Process transactions -- handle deposits, purchases, sales, and withdrawals, including calculating and applying fees.
  • Verify identity -- confirm account ownership and complete KYC requirements for withdrawals.
  • Prevent fraud -- detect suspicious activity, enforce our Terms of Service, prevent abuse, and protect the integrity of the marketplace.
  • Improve the service -- analyze usage patterns to fix bugs, improve performance, and develop new features.
  • Communicate with you -- send trade notifications, account alerts, security notices, and important service updates.
  • Ensure security -- monitor for unauthorized access, protect against threats, and maintain the stability of the Platform.

4. How We Disclose Information

We do NOT sell your personal information. We share data only in the following circumstances:

  • Service providers: Stripe (payment processing and identity verification) and Steam / Valve (trade verification via the Steam Web API). These providers receive only the information necessary to perform their services.
  • Law enforcement: We may disclose information if required by law, subpoena, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
  • With your consent: We may share information with third parties when you have given us explicit consent to do so.

5. Retention

  • Transaction records are retained for a minimum of 7 years to comply with tax and legal obligations.
  • Account data (Steam profile information, trade URL, email) is retained for as long as your account is active.
  • KYC data is handled entirely by Stripe Identity. Pelt stores only the verification status. Stripe's retention of identity documents is governed by their privacy policy.
  • Encrypted API keys are permanently deleted upon account deletion or when you remove the key from your settings.
  • You may request deletion of your account and personal data by contacting support@pelt.gg. We will delete your data within 30 days, except where retention is required by law (e.g., transaction records for tax compliance).

6. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data (subject to legal retention obligations).
  • Export your data in a portable format.
  • Opt out of marketing communications at any time.
  • Object to certain types of processing.

To exercise any of these rights, contact us at support@pelt.gg. We will respond to verified requests within 30 days.

7. Children's Privacy

The Platform is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact support@pelt.gg and we will promptly delete the data.

Users between the ages of 16 and 18 may use the Platform only with the consent of a parent or legal guardian, as described in our Terms of Service.

8. Security

We take the security of your information seriously and implement industry-standard measures to protect it:

  • Encryption at rest: Steam Web API keys are encrypted using AES-256-GCM with unique initialization vectors per record.
  • Encryption in transit: All data transmitted between your browser and our servers is protected via HTTPS (TLS 1.2+).
  • Secure sessions: Sessions are managed with HTTP-only, secure, same-site cookies.
  • Database security: Database access is restricted, all queries are parameterized to prevent injection attacks, and sensitive fields are encrypted at rest.
  • Access controls: Internal access to user data is limited to authorized personnel on a need-to-know basis.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, contact support@pelt.gg immediately.

9. International Users

The Platform is hosted in the United States and our data is processed in the United States. If you are accessing the Platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Platform, you consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy, regardless of your location.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Post a notice on the Platform or send a notification to your account for material changes.

Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.

11. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at support@pelt.gg.

Pelt LLC
Chicago, IL
United States

Privacy Policy | Pelt