Privacy Policy

Last updated: May 30, 2026

1. Data Controller

Operation Harsh Doorstop ("we", "our", "us") operates operationharshdoorstop.com.

2. Data We Collect

2.1 Authentication Data (via Steam)

  • Steam ID - Unique identifier for authentication
  • Username - Your Steam display name
  • Avatar URL - Your Steam profile picture

We use Steam OpenID for authentication. We do not store your Steam password.

2.2 Subscription Data

  • Subscription tier - Which membership you've selected
  • Subscription history - Start/end dates of subscription periods
  • Payment data - Handled by Stripe (we never see raw card details; only receive confirmation of payment)

2.3 Activity Data

  • Blog interactions - Comments and likes you post
  • Reward claims - Which rewards you've claimed and when
  • Login timestamps - When you created account and last logged in

2.4 Technical Data

  • Session cookies - To keep you logged in
  • Server logs - IP addresses (retained for 30 days)

2.5 Contact Information

  • Email address — Provided voluntarily during account setup. Used for account verification, security notices, service communications, and notifications you explicitly opt into. Stored in our database and transmitted via Amazon Web Services SES for delivery. Never sold or shared for marketing purposes.

3. Legal Basis for Processing

  • Contract - Necessary to provide subscription services
  • Consent - You consent when logging in via Steam
  • Legitimate Interest - Fraud prevention, security

4. How We Use Your Data

  • Authenticate your account
  • Provide subscription benefits (exclusive blog posts, rewards)
  • Process reward claims
  • Display your comments and likes
  • Communicate important updates

5. Data Sharing

We do not sell your data. We share data only with:

  • Steam (Valve Corporation) - For authentication only
  • Stripe, Inc. - For payment processing (see Stripe Privacy Policy)
  • MongoDB Atlas - Database hosting (encrypted)
  • DigitalOcean - Server hosting
  • Amazon Web Services (AWS SES) - Transactional email delivery only. Your email address is passed to AWS SES solely to deliver service emails (verification links, notifications). AWS processes this data under their Privacy Notice. No marketing data is shared with AWS.

6. Data Retention

  • Account data - Until you delete your account
  • Subscription history - 7 years (tax/legal requirements)
  • Blog comments - Until deleted by you or admin
  • Server logs - 30 days
  • Steam inventory cache - 7 days

7. Your Rights (GDPR)

  • Right to Access - Export your data anytime
  • Right to Deletion - Delete your account and data
  • Right to Rectification - Update your Steam profile
  • Right to Portability - Download data in JSON format
  • Right to Object - Opt out of non-essential processing

Manage your data →

8. Cookies

We use essential session cookies only (no tracking/advertising cookies).

  • session - Keeps you logged in (secure, httponly, essential)

9. Security

We implement industry-standard security:

  • HTTPS encryption for all traffic
  • Secure session management
  • Database access controls
  • Regular security updates

10. Contact

For privacy concerns or data requests: [email protected]

11. Changes to Policy

We'll notify users of material changes via blog post.

12. Email Communications

We send the following types of email to users who have provided a verified email address:

  • Verification emails — Sent once when you add or change your email address. Required for account security. Cannot be opted out of.
  • Security notices — Sent in response to account security events. Cannot be opted out of while your account is active.
  • Product update notifications — Sent when significant new features or content are released. You may unsubscribe at any time by emailing [email protected] with the subject "Unsubscribe" or by using the unsubscribe link in the email.
  • Opt-in feature notifications — Sent only when you have explicitly requested them (e.g., "Get Notified" for the Creators Platform launch). You can withdraw this consent at any time from your account dashboard.

All emails are delivered via Amazon Web Services Simple Email Service (SES) from [email protected]. We comply with the CAN-SPAM Act and applicable email marketing laws. Each marketing or notification email includes an unsubscribe mechanism.

To manage your email preferences or request removal from all mailing lists, contact us at [email protected].

Back to Home