Privacy Policy

This privacy policy will give information on how CraftingStore, located at collects and processes personal data through our website ("our website", "this website"), and third party webstores ("webstore") that utilizes the CraftingStore donation platform.

This website is not intended for children and we do not knowingly collect data relating to children. We realize and understand that children and young people may visit this website, or otherwise interact with us and our commercial partners. It is our policy to encourage all minors to consult with their parents or legal guardian before submitting any content or information to us, our commercial partners or other third parties.

Section 1 - Controller

CraftingStore is the controller and responsible for your personal data, referred to as "CraftingStore", "us", "we", or "our" in this privacy policy.

Section 2 - The data we collect

We will describe any data that we collect that is deemed to be "personal data, or personal information". This means that this only includes data that can be used to identify you as a person. No data that is anonymized will be covered.

Section 3 - Information that we collect, and why

Steam ID

Description: This is the steam64 ID of your steam account. It is used as the primary identifier of the recipient of the products.

Reason: Steam64 ID registered for transactions through the completion of Steam OAuth to verify ownership of the steam account.

E-mail address

Description: The e-mail address that you enter when completing checkout.

Reason: To send notifications about payment information, or account information. We will never share this information with any third party.

IP Address

Description: We store your IP address when you first create your account, and when you sign in again.

Reason: We store your IP address for security reasons, this includes our ability to verify ownership, or detecting abnormal activities on an account, done from another IP address.

Section 4 - How is my data collected?

We use various methods to collect data;

Direct integration

We use a form or ask directly for information from you. This includes any form that you can fill in for checkout.

Automated technologies

Our servers may log automated information, for example, any page that you visit. This information is logged to a server log that can be used for debugging purposes. We do not sell this data to any third party, and we will not use it to track you, these are just technical logs created by the software that we use to serve our platform.

Third-party integrations

We use various third-party integrations to monitor the performance of our platform and to assist you in using our platform. You can find more information about this in section 5.

Section 5 - Third-party integrations

We use various third-party services to provide you with our services, this section will describe the services that we use, and why we use them.


CloudFlare is a CDN (Content Delivery Network) and DDoS protection provider. A large chunk of the internet (about 30-40%) has CloudFlare in front of its website, including us. CloudFlare provides us with protection against network attacks. CloudFlare might use your information to determine a security score. For information about their policies, take a look at their website:


We use the hCaptcha anti-bot service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI"). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the "invisible mode" may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI's privacy policy and terms of use, please visit the following links: and

Section 6 - Third-party data sharing

We may share your information with various third parties, but only when required. We might share data with;

  • Providers used by us to provide you with our services, this includes, for example, payment providers that we use to process your payments (e.g. Stripe or PayPal).
  • Professional advisors inside the EEA, who provide us with consulting, banking, legal, insurance and accounting services. This includes lawyers, bankers, auditors, and insurers.
  • When we are required by law to share information, including, but not limited to, authorities acting as processors based in The Netherlands who require reporting.

Section 7 - Data Security

We have put in place the appropriate security measures to make sure that your data does not get lost, used, or accessed in an unauthorized way.

We limit access to your data to employees, agents, contractors and other third parties who have a business need to know. They will process data only when instructed by us, and they are subject to a duty of confidentiality.

To help us protect your data, you can do a few things, like making sure that your password is unique to only our website, and does not include public information, like your name.

Section 8 - Data retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We are required by tax law to keep basic information, including Contact, Identity, Financial and Transaction Data. We are required to keep this data for up to 10 (ten) years.

Section 9 - Your legal rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access – You have the right to request copies of your personal data.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions. You can request to remove your data from your profile.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

You will not have to pay a fee to access your data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If you make a request, we have one month to respond to you. It might take longer if the request is complex, we will keep you updated if this is the case.

If you wish to request removal of data, and you are a:

    • Game server player (you bought a rank on a CraftingStore powered webstore) – You can access our "Data Removal" page to automatically remove your information, see:

    If you wish to exercise any of your other right listed above, please email us at [email protected].