← Back to Floatly

Privacy Policy

Effective date: March 22, 2026

1. Introduction

Delyxa AS ("we", "us", "our") operates Floatly (https://floatly.io). This Privacy Policy describes how we collect, use, store, and share your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you register, we collect:

  • Email address
  • Password (hashed, never stored in plain text)
  • Display name
  • Organization/team name

2.2 Steam & Marketplace Credentials

To operate trading bots, you provide:

  • Steam account credentials (encrypted at rest with AES-256-GCM)
  • Steam shared secrets and identity secrets (encrypted at rest)
  • Marketplace API keys (encrypted at rest)

These credentials are used solely to execute actions you configure (listing items, accepting trades, syncing inventory). We never access your credentials for any other purpose.

2.3 Trading Data

We automatically collect:

  • Trade history (items, prices, timestamps, marketplace)
  • Inventory snapshots
  • Account balances and transaction records
  • Profit/loss calculations and accounting entries

2.4 Usage Data

We collect standard usage information:

  • IP address
  • Browser type and version
  • Pages visited and feature usage
  • Error logs and performance metrics

3. How We Use Your Information

  • To provide and operate the Service (trading automation, inventory sync, accounting).
  • To authenticate your identity and secure your account.
  • To generate financial reports and analytics for your dashboard.
  • To communicate service updates, security alerts, and billing notices.
  • To detect and prevent fraud, abuse, or unauthorized access.
  • To improve the Service based on aggregated, anonymized usage patterns.

4. Data Storage & Security

  • All sensitive credentials are encrypted at rest using AES-256-GCM with per-organization encryption keys.
  • Passwords are hashed using bcrypt.
  • All data is transmitted over TLS (HTTPS).
  • Database access is restricted to application services only.
  • We conduct regular security reviews of our credential handling and storage.

While we implement industry-standard security measures, no system is completely secure. You are responsible for maintaining the security of your own credentials and devices.

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Third-party marketplaces — only as necessary to execute trades and sync data on your behalf (e.g., sending your API key to CSGOEmpire to list an item).
  • Infrastructure providers — hosting, database, and email services that process data on our behalf under strict contractual obligations.
  • Law enforcement — if required by law, subpoena, or valid legal process.

6. Data Retention

  • Account data is retained for the duration of your active subscription.
  • Trading history and accounting records are retained for 7 years for tax and compliance purposes.
  • Upon account deletion, personal data is removed within 30 days. Anonymized, aggregated data may be retained indefinitely.
  • Encrypted credentials are permanently deleted upon account deletion or credential removal.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and associated data.
  • Export your data in a machine-readable format.
  • Object to certain processing activities.

To exercise these rights, contact us at legal@floatly.io. We will respond within 30 days.

8. Cookies

We use the following cookies:

  • Authentication cookies — HTTP-only secure cookies for session management and token refresh. These are essential for the Service to function.

We do not use advertising or tracking cookies. We do not use third-party analytics that track individual users.

9. Children's Privacy

The Service is not directed at anyone under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. International Data Transfers

Your data may be processed in the United States or other jurisdictions where our infrastructure providers operate. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for cross-border data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The "Effective date" at the top reflects the latest revision.

12. Contact

For privacy-related questions or data requests, contact us at legal@floatly.io.