Skip to content
Market Cap$9.82M
Movers 24h46
Items80
Portfolios Created301

Privacy Policy

Last updated: April 2026

What We Collect

When you use SboxFolio, we collect the following information:

  • Steam ID — automatically provided during Steam OpenID authentication
  • Email address — only collected when signing in via Google OAuth or Discord OAuth
  • Display name and avatar URL — provided by your OAuth provider
  • Portfolio data — items you add, quantities, buy prices, buy dates, and personal notes
  • Language preference — your selected language for the interface

What We Don't Collect

We explicitly do NOT collect:

  • Passwords — we never store your password. Authentication is handled via OAuth providers.
  • Payment information — we do not process or store payment data of any kind
  • Steam credentials — we only receive your Steam ID during authentication
  • Personal documents or browsing history outside SboxFolio — we never see what you do on other sites
  • Any data sold to third parties — we do not sell, trade, or rent personal data

Analytics

We use two privacy-conscious analytics services to understand how the site is used and to fix problems:

  • Google Analytics 4 (G-YCEQ8W9VPY) — page views, navigation paths, and acquisition channel (where visitors arrived from). GA4 sets first-party cookies (_ga, _ga_*). It uses a device-level identifier but does not receive your email, Steam ID, or portfolio contents from us.
  • Cloudflare Web Analytics — auto-enabled because the site sits behind Cloudflare's CDN. It collects page loads, country, and device type without cookies and without any identifier that can be linked to you personally.

You can block both by using a browser extension that blocks third-party scripts (e.g. uBlock Origin) — the site will keep working.

How Data Is Used

We use your data solely for:

  • Portfolio tracking and display in your account
  • Price calculations and P&L analysis
  • Optional public portfolio sharing (only if you enable this feature)

We do not sell, trade, or share your data with third parties. We do not use your data for advertising or marketing purposes.

Cookies

SboxFolio itself sets only a single cookie:

  • Session cookie (Auth.js) — encrypted JWT that keeps you signed in. Strictly necessary; disabling it prevents login.

Google Analytics 4 (see the Analytics section above) additionally sets _ga and _ga_* cookies on your device. These can be cleared any time from your browser; the site will keep working without them.

Third-Party Services

SboxFolio relies on the following third-party services:

  • Neon — PostgreSQL database hosting (encrypted at rest)
  • Vercel — web hosting and CDN
  • Cloudflare — CDN edge and DDoS protection; also auto-enables Cloudflare Web Analytics (cookieless, aggregated).
  • Google Analytics 4 — aggregated usage analytics (cookies, no PII shared by us).
  • Steam Web API + sboxcharts + SCMM — market prices, item metadata, and inventory verification. Steam authentication uses OpenID.
  • Google OAuth & Discord OAuth — optional sign-in providers.
  • ProxyWing — residential proxy we use server-side to fetch Steam inventory data. No client traffic goes through it.

Each service has its own privacy policy. We recommend reviewing them to understand how they handle your data.

Data Retention

We retain your data as long as your account exists. If you delete your account, all associated data will be permanently removed from our systems within 30 days. This includes portfolio data, preferences, and all personally identifiable information.

Data Deletion

You can request the complete deletion of your account and all associated data at any time. To do so, contact us on Telegram: @ProstoXleb. We will process your request within 30 days and confirm deletion once complete.

Security

We take security seriously:

  • HTTPS everywhere — all connections are encrypted in transit
  • Encrypted JWT sessions — session tokens are signed and encrypted
  • No plaintext passwords — we never store passwords. Authentication is delegated to OAuth providers
  • Database encryption — data stored in Neon PostgreSQL is encrypted at rest

Changes

We may update this Privacy Policy at any time. Changes will be posted on this page with an updated "Last updated" date. Continued use of SboxFolio following any changes constitutes your acceptance of the new policy.

Contact

If you have questions about this Privacy Policy or your data, please contact us on Telegram: @ProstoXleb