Steamlikes
Legal

Privacy Policy

Last updated: April 13, 2026

Steamlikes (“we”, “us”) is a platform by Korova Games that provides two services: Steamlikes Catalog, a free public Steam game discovery and analytics tool, and Steamlikes bot, an automated Steam sales and wishlist reporting service that delivers digests to Slack or Discord. This policy explains what data we collect across both services, how we use it, and how we protect it.

Steamlikes Catalog (public, no account required)

The Steamlikes catalog — including game pages, search, and “More Like This” data — is publicly accessible without creating an account. When you browse the catalog:

  • We do not require or collect any personal information.
  • We do not set authentication cookies for anonymous visitors.
  • Anonymous, cookie-free page-view analytics may be collected via Umami (page URL, referrer, browser, country). No personally identifiable information is stored.
  • All game data displayed comes from publicly available Steam APIs and is indexed by our crawler. No user-submitted data is involved.

Steamlikes bot — what we collect

When you create a Steamlikes bot account to receive automated Steam reports, we collect the following:

Account information

Your email address. We verify ownership via a one-time code (OTP) sent to that address — we do not store passwords.

Email consent timestamp

The moment you confirmed your email via OTP. This records explicit consent to receive product and transactional emails, in line with our login disclaimer.

Steam API key

The Steamworks Partner API key you provide. It is encrypted at rest using AES-256-GCM and never logged or transmitted in plaintext.

Steam App IDs

The game IDs you configure for reporting.

Slack / Discord channel metadata

For each delivery channel you connect we store the incoming webhook URL (encrypted at rest with AES-256-GCM), the workspace or server identifier (Slack team ID / Discord guild ID), and the display name of the target channel (for example, #general). We do not read, access, or store the content of any Slack or Discord messages — Steamlikes bot is outbound-only and only POSTs your report messages.

Report preferences

Your preferred daily report time (UTC hour).

Operational logs

Report delivery status, errors, and job durations — retained to keep the service running and diagnose issues.

What we do not collect

  • We do not collect payment card data.
  • We do not sell, rent, or share your data with third parties for marketing.
  • We do not store Steam financial data beyond what is needed to format and deliver your daily report.
  • We do not track anonymous catalog visitors with cookies or collect personal information from them.

How we use your data

  • To authenticate you and secure your Steamlikes bot account.
  • To fetch your Steam sales and wishlist data on your behalf and deliver the daily digest to your Slack or Discord.
  • To index publicly available Steam game data and power the Steamlikes catalog and search.
  • To operate, debug, and improve both services.

Subprocessors

Steamlikes and Steamlikes bot rely on the following third parties to operate. Each handles a specific slice of data and is governed by its own privacy policy.

Valve / Steam

We call public Steam Store APIs to index game data for the Steamlikes catalog, and the Steamworks Partner API (using your key) to fetch sales and wishlist data for Steamlikes bot reports. Your use of Valve's APIs is subject to Valve's terms.

Slack

Steamlikes bot reports you opt to deliver to a Slack workspace are posted via an incoming webhook. Slack receives your report text and the workspace/channel identifiers you selected during install. Governed by Slack's privacy policy.

Discord

Steamlikes bot reports you opt to deliver to a Discord server are posted via an incoming webhook. Discord receives your report text and the guild/channel identifiers you selected during install. Governed by Discord's privacy policy.

Resend

Used to send transactional email — OTP verification codes, daily reports to EMAIL delivery channels, and account notifications. Resend receives the recipient address and message contents. Governed by Resend's privacy policy.

Stripe

If you subscribe to a paid Steamlikes bot tier, Stripe handles the checkout and payment. Stripe receives your payment card details directly; we never see or store card data. Governed by Stripe's privacy policy.

Railway

The platform that hosts the application and the PostgreSQL databases storing game catalog data and your encrypted credentials/report history. Data is stored in the region specified in our infrastructure.

Cloudflare R2

Custom bot avatar images are stored in Cloudflare R2 object storage. R2 receives the image file you upload; no other personal data is sent. Governed by Cloudflare's privacy policy.

Umami

Umami collects anonymous page-view analytics (page URL, referrer, browser, country) across both Steamlikes and Steamlikes bot to help us understand usage patterns. Umami does not use cookies and does not collect personal data. Governed by Umami's privacy policy.

Sentry (optional)

If enabled, Sentry receives anonymized error reports to help us fix bugs. Personal data is scrubbed from events before transmission via a custom beforeSend filter.

PostHog (optional)

If enabled, PostHog (EU instance) receives aggregate usage events (page views, feature usage) so we can prioritize improvements. Linked to a hashed user identifier, never to an email. Session recording is disabled by default.

Data retention and deletion

Steamlikes bot accounts: Your data is retained for as long as your account is active. You can delete your account and all associated data at any time from Settings — encrypted keys and webhook URLs are removed immediately.

Steamlikes catalog: Game data indexed from public Steam APIs is retained indefinitely and updated periodically by our crawler. This data is publicly available and does not contain personal information.

If you or a workspace admin uninstalls Steamlikes bot from a Slack workspace, Slack notifies us via an app_uninstalled event and we automatically delete every Slack delivery channel tied to that workspace from our database. The same cleanup runs when a Slack user revokes their access token. You do not need to take any action on our side for the data to be removed.

Security

All sensitive credentials (Steam API keys, webhook URLs) are encrypted at rest with AES-256-GCM. All connections to Steamlikes and Steamlikes bot are served over HTTPS.

Your rights

You may request a copy of your data or ask us to delete it at any time by contacting us. If you are in the EU/EEA, you have additional rights under GDPR including the right to rectification and the right to lodge a complaint with your supervisory authority.

Cookies & tracking

Steamlikes catalog: No cookies are set for anonymous visitors. Umami analytics is cookie-free.

Steamlikes bot: A session cookie (HttpOnly, SameSite=Lax, Secure in production) is set when you log in. This cookie is essential for authentication and cannot be disabled without losing access to the app. PostHog (EU instance) may set a first-party cookie for session attribution; session recording is disabled by default.

We do not use any third-party advertising or tracking cookies on either service.

Slack OAuth scopes

When you install Steamlikes bot to a Slack workspace, we request the following bot scopes:

  • channels:read, groups:read — to list available channels for the routing UI
  • chat:write, chat:write.public — to post report messages
  • chat:write.customize — to display a custom bot name and avatar on report messages

We do not request any identity or message-reading scopes. Steamlikes bot is outbound-only.

Age requirements

Steamlikes bot is intended for use by game developers and publishers who hold a Steamworks Partner account. You must be at least 16 years old (or the age of digital consent in your jurisdiction) to create an account. If you are under 18 you must have your parent or legal guardian's consent to use this service. We do not knowingly collect data from anyone under 16. If we learn that a user is under 16, we will promptly delete their account and all associated data. The Steamlikes catalog is publicly accessible and does not require account creation.

Data portability

Under GDPR Article 20 you have the right to receive a copy of your data in a structured, commonly used, machine-readable format. To request an export, email support@steamlikes.co. We will respond within 30 days with a JSON file containing your account profile, tracked apps, report history, and delivery channel metadata. Encrypted fields (Steam API keys, webhook URLs) are excluded from exports for security.

Data Processing Agreement

If your organization requires a Data Processing Agreement (DPA) with Standard Contractual Clauses (SCCs), please contact us at support@steamlikes.co. We will provide a signed DPA within 10 business days at no additional cost.

Data retention schedule

Active accounts: data is retained for as long as your account is active. Deleted accounts: all data is removed from the production database immediately upon account deletion; database backups are rotated on a 7-day cycle and fully purged within 14 days of deletion. OTP verification codes expire within 15 minutes and are automatically cleaned up by a scheduled job within 24 hours. Rate-limit counters are purged hourly. Catalog game data is retained and updated indefinitely.

Contact

For privacy-related inquiries about either service:

support@steamlikes.co