Privacy Policy

Cloud Idler ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

Account information

• Email address (used for authentication and account recovery)
• Discord account ID (if you sign up via Discord OAuth)

Steam credentials

• Steam username and password (encrypted with AES-256-GCM, used solely to maintain idle sessions)
• Steam refresh tokens (encrypted, used to maintain sessions without re-authentication)
• Steam ID (your public 64-bit Steam identifier)

Usage data

• Games selected for idling and their App IDs
• Session start/stop times and duration
• Total hours farmed per account
• Account settings and preferences

Technical data

• IP address (used for rate limiting, not stored long-term)
• Browser type and version (standard HTTP headers)

We use your information exclusively to:

• Provide and maintain the Service (logging into Steam on your behalf to idle games)
• Authenticate your identity and manage your account
• Track usage for billing purposes (idle hours consumed)
• Display your idling statistics on your dashboard
• Send essential service communications (e.g., account security alerts)
• Prevent abuse and enforce rate limits
• Improve the Service based on aggregated, anonymized usage patterns

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your data for advertising.

Encryption

All Steam credentials (passwords and refresh tokens) are encrypted using AES-256-GCM before storage. The encryption key is stored separately from the database and is never exposed in application logs or error reports.

Infrastructure

• Authentication is handled by Supabase Auth with industry-standard JWT tokens.
• All data is transmitted over HTTPS/TLS.
• The database is hosted on Supabase with row-level security (RLS) policies ensuring users can only access their own data.
• The backend runs on Fly.io with encrypted storage.

Access controls

Access to production systems is restricted to authorized personnel only. We follow the principle of least privilege for all system access.

• Account data is retained for as long as your account is active.
• When you delete your account, all associated data (credentials, settings, statistics) is permanently deleted.
• Steam credentials are deleted immediately upon account deletion.
• Aggregated, anonymized statistics (e.g., total community hours) may be retained indefinitely.
• Server logs containing IP addresses are automatically purged after 30 days.

We use trusted third-party service providers to help operate the Service, including for:

• User authentication and identity management
• Database and data storage
• Server infrastructure and hosting
• Payment processing and subscription management
• Error monitoring and service reliability
• OAuth login providers (e.g., Discord)

These providers only process data as necessary to perform their services on our behalf and are contractually obligated to protect your information. We do not share your Steam credentials with any third party. Each provider maintains their own privacy policy governing their handling of data.

Depending on your jurisdiction, you may have the following rights:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Request correction of inaccurate personal data.
• Deletion — Request deletion of your personal data (you can do this directly from your dashboard).
• Portability — Request your data in a machine-readable format.
• Objection — Object to processing of your personal data in certain circumstances.
• Restriction — Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at support@cloudidler.com. We will respond within 30 days.

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

We use essential cookies and local storage for authentication session management. We do not use tracking cookies, analytics cookies, or advertising cookies. No third-party cookies are set by our service.

Your data may be processed in countries other than your country of residence. By using the Service, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place for any international data transfers.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Cloud Idler is not affiliated with, endorsed by, sponsored by, or connected to Valve Corporation or Steam in any way. Steam and the Steam logo are registered trademarks of Valve Corporation. All Steam-related data accessed through the Service is obtained through your authorized account credentials.

For privacy-related inquiries, contact us at:

Email: support@cloudidler.com