GTFO
FeedbackSign in

Privacy Policy

How GTFO collects, uses, and protects your data across all services

1. Overview

This policy applies to all services operated under the GTFO platform: gtfo.gg (account hub), CS2 Widget (widget.gtfo.gg), and CS2 Configs (configs.gtfo.gg). GTFO is operated from Switzerland and processes data in accordance with the Swiss Federal Act on Data Protection (nDSG/FADP).

We are committed to collecting only the minimum data necessary to provide our services. GTFO is free, non-commercial, and does not sell or share personal data with advertisers.

2. Authentication & Account Data

All GTFO services use Steam OpenID for authentication. When you sign in, we retrieve the following from the Steam API:

  • Steam ID — your unique Steam identifier
  • Display name — your current Steam persona name
  • Avatar URL — your Steam profile picture

This data is stored in our database to provide your account. Display name and avatar can be re-synced from Steam at any time through your account settings. We never receive or store your Steam password.

3. Data Collected per Service

gtfo.gg (Account Hub)

  • Account profile (Steam ID, display name, avatar)
  • Social links (Twitch, YouTube, Instagram, X) — provided voluntarily
  • Feedback posts (title, content, type, images)
  • Session data (IP address, user agent) for authentication security

CS2 Widget (widget.gtfo.gg)

  • Widget configuration and overlay settings
  • GSI token (generated per user for CS2 Game State Integration)
  • Overlay ID (unique identifier for your overlay endpoint)
  • Share presets (publicly shared widget configurations)
  • Last GSI activity timestamp

Game State Integration (GSI): When CS2 sends game state data to your overlay, this data is processed in real-time and broadcast to your stream overlay. Raw GSI payloads are not stored in our database — only the timestamp of your last GSI activity is recorded.

Leetify integration: When a match starts, your Steam ID is sent to Leetify’s public API to retrieve match statistics. This data is cached temporarily in memory and is not persisted.

CS2 Configs (configs.gtfo.gg)

  • CS2 configuration data (video, audio, game, mouse, keyboard, network, launch options, binds)
  • Display name (chosen during onboarding)
  • Profile visibility preference (public or private)

4. Cookies & Sessions

We use the following cookies for authentication and session management:

  • Access token — short-lived JWT for API authentication (httpOnly, ~15 minutes)
  • Refresh token — long-lived session token (httpOnly, ~30 days)
  • Session identifier — links your browser to your account session

All authentication cookies are httpOnly and cannot be accessed by client-side JavaScript. We do not use advertising or tracking cookies.

5. Analytics

We use aggregated analytics to monitor service reliability and performance:

  • Vercel Analytics — aggregated page view and performance metrics
  • Google Analytics 4 — page views, session counts, and geographic summaries (where configured)

We do not use ad-tracking cookies or behavioral profiling. Analytics data is used solely to improve service quality.

6. Third-Party Services

The following external services receive data as part of normal operation:

  • Valve / Steam — OpenID authentication and profile data retrieval
  • Supabase — database hosting and real-time data delivery
  • Vercel — application hosting and edge delivery
  • Google Analytics — aggregated usage metrics (where configured)
  • Leetify — match statistics retrieval using your Steam ID (CS2 Widget only)

7. Data Retention

Your account data is retained for as long as your account exists. Session data (IP address, user agent) is stored for the duration of active sessions and cleaned up on logout or expiry.

Feedback posts remain visible after account deletion to preserve community contributions, but all personal identifiers are removed (anonymized).

8. Your Rights

Under the Swiss Federal Act on Data Protection (nDSG/FADP) and applicable international regulations, you have the right to:

  • Access — request a complete export of all data associated with your account
  • Deletion — permanently delete your account and all associated data
  • Rectification — update your profile information at any time
  • Portability — export your data in a structured, machine-readable format

All of these actions can be performed directly through your account settings. Data export includes your account profile, social links, and all service-specific data from CS2 Widget and CS2 Configs. Account deletion is immediate and irreversible, removing data across all three services.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • All connections encrypted via TLS/HTTPS
  • Authentication tokens use signed JWTs with short expiry windows
  • Sensitive cookies marked as httpOnly and secure

10. Children’s Privacy

GTFO does not knowingly collect data from children under 13 years of age. Access to our services requires a Steam account, which itself has age requirements. If you believe a child has provided us with personal data, please contact us at support@gtfo.gg.

11. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated through the platform’s announcement system. Continued use of the services after changes constitutes acceptance of the updated policy.

Last updated: March 2026