Privacy Policy
Last updated: 20.06.2026
1. Who we are and how to contact us
Brightskins is operated by HILLMARK CONSULTING LTD, Company number 16592223, registered office at 66 Paul Street, London, England EC2A 4NA, United Kingdom. Website: Brightskins.
For privacy, data protection, support, order, complaint, KYC, sanctions, or fraud-prevention questions, contact support@brightskins.store. We may ask you to verify your identity before discussing account-specific information.
2. Scope of this Privacy Policy
This Privacy Policy applies when you visit Brightskins, browse CS2 skins, sign in with Steam, create or manage an account session, buy or sell digital in-game items, submit a Steam Trade Offer URL, make or receive payments, contact support, submit feedback, make a complaint, request a refund, respond to compliance checks, or otherwise use our website and services.
Brightskins is a marketplace-style service for Counter-Strike 2 digital in-game items. The service depends on Steam account data, Steam Trade Offers, payment providers, fraud-prevention tools, hosting providers, support tools, and other third-party systems. This policy explains how personal data is used in that operational context.
We process personal data in line with the UK GDPR, EU GDPR where applicable, the Data Protection Act 2018, PECR, applicable UK consumer protection law, and our legal and payment-provider obligations.
3. Personal data we collect
- Account and Steam data: SteamID, display name, avatar, public Steam profile information, Steam authentication response data, account status, login/session identifiers, and profile links.
- Marketplace and order data: item names, item IDs, item images, price, currency, cart contents, order ID, order status, delivery status, selected CS2 skins, supplier or marketplace reference, timestamps, refund status, and dispute history.
- Trade Offer data: Steam Trade Offer URL, partner ID and token contained in that URL, delivery attempts, accepted or failed trade state, trade-hold information, Steam restrictions, and evidence needed to verify delivery.
- Checkout and payment-related data: email address, first and last name, phone number, country, city, postal code, billing or address details where requested, payment reference, payment status, payment-provider risk signals, and chargeback or dispute data.
- Support, feedback, and complaint data: messages, attachments, screenshots, order evidence, complaint records, support thread content, user-submitted reviews, moderation notes, and outcome records.
- Compliance and safety data: fraud signals, device and behavioural risk signals, sanctions or PEP screening results, suspicious transaction notes, KYC documents where requested, source-of-funds information where necessary, account review notes, and law-enforcement or payment-provider correspondence.
- Technical and usage data: IP address, approximate location derived from IP, browser type, device identifiers, operating system, screen and language settings, cookies, local storage, session storage, referral URLs, page events, error logs, security logs, and timestamps.
4. Sources of personal data
- You provide data directly when you sign in, place an order, submit a Trade Offer URL, complete checkout, contact support, respond to compliance requests, or make a complaint.
- Steam provides or confirms authentication and public account data when you use Steam sign-in or Steam trade functionality.
- Payment providers, banks, card networks, fraud-prevention vendors, KYC providers, sanctions-screening providers, hosting providers, analytics providers, and support tools may provide status, risk, verification, and operational data.
- We generate data internally when we create orders, monitor delivery, investigate support tickets, detect suspicious behaviour, keep logs, or apply our policies.
5. Legal bases
- Contract: to create an account through Steam, process orders, deliver digital items, provide support, and administer Trade Offers.
- Legal obligation: to keep accounting records, respond to lawful requests, and meet AML, fraud-prevention, sanctions, consumer-law, and tax requirements.
- Legitimate interests: to prevent fraud, secure the service, manage disputes and chargebacks, improve Brightskins, and protect legal rights.
- Consent: for non-essential cookies, analytics, marketing cookies, and direct marketing where consent is required.
6. How we use personal data
- To operate the Brightskins marketplace, display CS2 skin listings, maintain cart state, create orders, calculate prices, and manage order status.
- To authenticate users through Steam, create account sessions, connect orders to the correct Steam account, and manage access to profile, support, feedback, and checkout features.
- To process payments, confirm payment status, reconcile transactions, manage refunds, respond to chargebacks, and provide evidence to payment providers where required.
- To deliver digital items by Steam Trade Offer, verify delivery, troubleshoot failed or expired offers, and investigate incorrect Trade Offer URL or account issues.
- To verify identity, payment ownership, source of funds, sanctions status, account ownership, or eligibility where required by payment providers, sanctions rules, fraud-prevention controls, law, or our policies.
- To detect suspicious transactions, stolen accounts, bot use, chargeback abuse, sanctions evasion, money laundering, or other prohibited conduct.
- To communicate service updates, security notices, support responses, complaints outcomes, and legal policy changes.
- To maintain records, enforce our Terms and Conditions and Acceptable Use Policy, protect legal rights, and comply with law or lawful authority requests.
7. Cookies, analytics, and marketing
We use necessary cookies and similar technologies for Steam authentication, session handling, cart state, checkout, fraud prevention, security, and consent management. These are needed for the service to function.
We may use analytics or marketing cookies only where we have the required consent. You can find more detail about cookie categories, retention, and consent choices in the Cookie Policy.
8. Sharing personal data
We do not sell personal data. We share personal data only where needed to operate Brightskins, process payments, deliver digital items, prevent fraud, comply with law, handle disputes, or protect legal rights.
- Hosting, infrastructure, database, logging, security, and content delivery providers.
- Payment processors, acquiring banks, card networks, payment gateways, fraud-prevention vendors, chargeback management tools, and financial partners.
- KYC, AML, sanctions-screening, PEP-screening, source-of-funds, identity verification, and risk-review providers where checks are required.
- Steam-related systems and links that are necessary for authentication, Trade Offers, account verification, and delivery.
- Email, support, complaint, analytics, and communication providers.
- Professional advisers, auditors, insurers, courts, regulators, law enforcement, payment networks, and counterparties where necessary for legal, compliance, accounting, dispute, or enforcement purposes.
Where data is transferred outside the United Kingdom or European Economic Area, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, or equivalent lawful transfer mechanisms where required.
9. Automated checks and account review
We may use automated and manual checks to identify fraud, stolen payment methods, stolen Steam accounts, sanctions risk, suspicious transaction patterns, bot activity, chargeback abuse, and policy violations. These checks may affect whether an order is accepted, delayed, cancelled, refunded, manually reviewed, or reported.
We do not disclose the full detail of our fraud rules, risk scores, vendor signals, or security methods because doing so could weaken our controls. You may contact support if you believe an account or order decision is incorrect.
10. Retention
- Account and session data is kept while your account is active or as needed for security and legal records.
- Order, payment, complaint, refund, and chargeback records may be retained for up to six years, or longer where required for legal proceedings or regulatory duties.
- KYC, sanctions, fraud, and AML records are retained only for as long as necessary for compliance, risk management, dispute handling, and law enforcement cooperation.
- Security logs, abuse-prevention records, delivery evidence, and technical logs are retained for the period reasonably needed to protect the service, investigate disputes, and meet legal obligations.
- Cookie, local storage, analytics, and marketing retention periods are described in the Cookie Policy.
11. Security
We use administrative, technical, and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, and disclosure. These measures include access controls, session controls, logging, fraud monitoring, and limiting access to staff and providers who need the data.
No online service can guarantee absolute security. You are responsible for protecting your Steam account, email account, device, password, Steam Guard, and Trade Offer URL.
12. Your rights
Subject to legal conditions, you may request access, correction, deletion, restriction, portability, objection to processing, and withdrawal of consent. You may also complain to the UK Information Commissioner's Office or another competent data protection authority.
We may refuse or limit a request where an exemption applies, including where data must be retained for fraud prevention, legal claims, accounting, sanctions, AML, complaint handling, chargeback evidence, or law-enforcement cooperation. We may need to verify your identity before responding.
13. Age restrictions and children
Brightskins is intended for users aged 18 or older, or the age of majority in the user's jurisdiction if higher. We do not knowingly provide marketplace services to children.
14. Changes and contact
We may update this Privacy Policy when our service, legal requirements, or compliance processes change. The latest version will be posted on Brightskins.
Privacy contact: support@brightskins.store. Postal contact: HILLMARK CONSULTING LTD, 66 Paul Street, London, England EC2A 4NA, United Kingdom.
Brightskins is an independent marketplace experience and is not affiliated with or endorsed by Valve Corporation, Steam, Counter-Strike, or CS2.