Skip to content

Preview environment - sandbox data, payments and Steam delivery are disabled.

Privacy Policy

DRAFT — pending legal review. Phase 13.16 ships the rendering infrastructure with placeholder copy. Replace this body with the reviewed final version before public launch.

Last updated: 2026-05-05

1. What We Collect

We collect: (a) account information (email, username, language preference), (b) payment metadata (transaction id, amount, status — never your card number), (c) Steam account information you explicitly link (SteamID, trade URL), (d) request metadata (IP, user agent, timestamps) for security and fraud prevention.

2. Why We Collect It

Strictly to operate the Service: process orders, prevent fraud, comply with legal obligations, and improve product quality. We do not sell or rent personal data to third parties.

3. Legal Bases (GDPR-style)

Where applicable, we rely on: (a) performance of contract to fulfill orders you place, (b) legal obligation to retain transaction records under tax and anti-money-laundering rules, and (c) legitimate interest to operate fraud-detection systems proportionate to the risk.

4. Sharing

We share data only with: (a) payment providers we use to process your payment, (b) Steam (Valve Corporation) when you initiate a trade or link your account, and (c) law-enforcement when compelled by valid Uzbek legal process.

5. Retention

We retain account data while your account is active. After you delete your account, transactional records (orders, payments) are retained for the period required by Uzbek tax and audit laws — typically five years — after which they are anonymized or deleted.

6. Your Rights

You have the right to: (a) access the data we hold about you (via the Data Export tool in Settings), (b) correct inaccurate data, (c) delete your account (via Settings → Delete Account; async finalization runs asynchronously), and (d) object to specific processing where legally permitted.

7. Cookies

We use a small number of cookies: (a) essential session cookies (required to log in and stay logged in — cannot be disabled), (b) functional consent cookies (remembers your choice to accept or reject non-essential cookies). We do not currently use analytics or advertising cookies; if that changes, we will update this policy and our cookie banner.

8. Security

Passwords are not used; authentication is via emailed one-time codes. Sessions live in a Redis store with HMAC-signed cookies. Sensitive data is encrypted at rest. Access by ggmarket employees is logged.

9. Children

The Service is not intended for users under 18. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it.

10. International Transfers

Personal data is hosted within data centers we have selected to balance latency and resilience. Where data is processed outside the Republic of Uzbekistan, we apply contractual safeguards consistent with applicable law.

11. Changes to This Policy

We may update this policy. Material changes will be notified by email and posted here with a new "last updated" date.

12. Contact

Privacy questions can be sent to privacy@ggmarket.uz. We aim to respond within 30 days.

Back to home