Privacy Policy

Last updated: October 31, 2025

1. Data Controller

Operation Harsh Doorstop ("we", "our", "us") operates operationharshdoorstop.com.

2. Data We Collect

2.1 Authentication Data (via Steam)

  • Steam ID - Unique identifier for authentication
  • Username - Your Steam display name
  • Avatar URL - Your Steam profile picture

We use Steam OpenID for authentication. We do not store your Steam password.

2.2 Subscription Data

  • Subscription tier - Which membership you've selected
  • Subscription history - Start/end dates of subscription periods
  • Payment data - Handled entirely by Steam (we only receive order confirmations)

2.3 Activity Data

  • Blog interactions - Comments and likes you post
  • Reward claims - Which rewards you've claimed and when
  • Login timestamps - When you created account and last logged in

2.4 Technical Data

  • Session cookies - To keep you logged in
  • Server logs - IP addresses (retained for 30 days)

3. Legal Basis for Processing

  • Contract - Necessary to provide subscription services
  • Consent - You consent when logging in via Steam
  • Legitimate Interest - Fraud prevention, security

4. How We Use Your Data

  • Authenticate your account
  • Provide subscription benefits (exclusive blog posts, rewards)
  • Process reward claims
  • Display your comments and likes
  • Communicate important updates

5. Data Sharing

We do not sell your data. We share data only with:

  • Steam (Valve Corporation) - For authentication and payment processing
  • MongoDB Atlas - Database hosting (encrypted)
  • DigitalOcean - Server hosting

6. Data Retention

  • Account data - Until you delete your account
  • Subscription history - 7 years (tax/legal requirements)
  • Blog comments - Until deleted by you or admin
  • Server logs - 30 days
  • Steam inventory cache - 7 days

7. Your Rights (GDPR)

  • Right to Access - Export your data anytime
  • Right to Deletion - Delete your account and data
  • Right to Rectification - Update your Steam profile
  • Right to Portability - Download data in JSON format
  • Right to Object - Opt out of non-essential processing

Manage your data →

8. Cookies

We use essential session cookies only (no tracking/advertising cookies).

  • session - Keeps you logged in (secure, httponly, essential)

9. Security

We implement industry-standard security:

  • HTTPS encryption for all traffic
  • Secure session management
  • Database access controls
  • Regular security updates

10. Contact

For privacy concerns or data requests: [email protected]

11. Changes to Policy

We'll notify users of material changes via blog post.

Back to Home