What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy expressly engages the GDPR and UK GDPR (enforced by EU supervisory authorities and the UK Information Commissioner's Office respectively), the CCPA (enforced by the California Privacy Protection Agency and California Attorney General), and the EU-U.S. Data Privacy Framework administered by the U.S. Department of Commerce and enforceable by the FTC. Valve's assertion of legitimate interests as a legal basis for certain processing activities may require evalu…

How does Steam's Steam Privacy Policy affect users?

The policy establishes that personal data categories—including playtime, game selections, device identifiers, and payment records—may be shared with third-party developers and service partners as part of platform operations. Anonymized or aggregated data may be shared with third parties without restriction. Users may manage optional tracking through cookie preference controls and Steam Client interface settings that limit personalization and marketing content delivery.

How often is Steam's Steam Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Steam updates this document?

Yes. Watcher subscribers ($9.99/month) can add Steam to their watchlist and receive same-day email alerts whenever this document or any other Steam document changes.

CA-D-000182

Steam Privacy Policy

Steam

Last change detected April 22, 2026 Privacy policy

SHA-256: 84404543429d320a012… 2 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Steam ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

9 Total

0 High severity

6 Medium severity

3 Low severity

Summary

Steam's Privacy Policy establishes the categories of personal data Valve collects from platform users, including account identifiers, payment information, gameplay statistics, device data, and communication records. The policy authorizes Valve to share collected data with Valve group companies, third-party game developers, payment processors, and service partners for purposes including game delivery, platform operation, and marketing personalization. Users may configure cookie preferences at store.steampowered.com/account/cookiepreferences/ and adjust Steam Client interface settings to control content recommendations.

Technical / Legal Breakdown

This document governs Valve Corporation's collection, processing, storage, and sharing of personal data across the Steam platform and associated services, asserting legal bases including contractual necessity, legal obligation, legitimate interests, and user consent consistent with GDPR Article 6 framing. The policy states that Valve collects a broad range of data categories including account credentials, payment information, device identifiers, game statistics, playtime, browser and behavioral tracking data, chat communications, and voice data from Steam's communication features, and the terms authorize sharing this data with Valve group companies, third-party game developers, payment processors, and other service partners. Notably, the policy discloses collection of hardware survey data and voice data from Steam communication features, asserts the right to process anonymized aggregated data and share it with third parties without restriction, and permits behavioral tracking across Steam websites and applications for marketing and analytics purposes, though several of these asserted rights may be constrained by GDPR, UK GDPR, or CCPA requirements depending on the legal basis applied. The policy expressly engages GDPR, UK GDPR, CCPA, and the EU-U.S. Data Privacy Framework, and Valve certifies adherence to the DPF Principles, which govern in case of conflict with this policy; EU and UK users hold specific rights including access, rectification, erasure, and objection, while California residents are entitled to CCPA disclosure and opt-out rights. Material compliance considerations include ensuring adequate legal bases for each processing activity, verifying that third-party data sharing arrangements meet applicable transfer mechanism requirements, and confirming that consent mechanisms for optional cookies and marketing communications meet applicable standards.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

2 important changes detected

2 versions captured · Last updated: April 2026

April 22, 2026

low

What changed Steam modified a single URL in its Privacy Policy on April 22, 2026. The change removes '/en' from the help link users can use to request access to or deletion of their personal data. The updated link now points directly to the wizard form without the language prefix. This is a technical correction with no material impact on users' data rights or privacy protections.

Why this matters This change has no material impact on your privacy rights or data protections. Steam modified a technical support URL to simplify access to the form users can submit to request access to or deletion of their personal data. The underlying right to request and delete your data remains unchanged; only the link address was updated.

View full change record →

April 18, 2026

low

What changed Steam updated a URL in its Privacy Policy on April 18, 2026, changing the form link users can use to request data access or deletion. The previous link directed to https://help.steampowered.com/wizard/HelpAccountDataQuestion, while the updated link now includes a language designation: https://help.steampowered.com/en/wizard/HelpAccountDataQuestion. This adds regional routing to the data request form, potentially ensuring users are directed to the correct language version of the support process.

Why this matters The updated policy directs users to a language-specific version of the data request form. The operational change is minimal: users requesting to access or delete their data through the form will be routed to the /en/ language variant of the support page. This is a technical clarification rather than a substantive change to user rights or data handling practices.

View full change record →

Recent Provision Changes Apr 22, 2026

10 provisions unchanged.

View full change record →

Medium — 6 provisions

Third-Party Data Sharing with Game Developers and Partners Compare →

When you play a game on Steam, information about your account and ownership may be shared with the game's publisher or developer and other Valve business partners who provide services to you.

Added May 10, 2026 Standard Seen across 246 platforms
Anonymous and Aggregated Data Sharing Without Restriction Compare →

Valve collects and analyzes data about how users behave on Steam, and may share this anonymized data with other companies without restriction.

Added May 10, 2026 Standard Seen across 246 platforms
Game Statistics and Device Data Collection Compare →

Steam automatically collects detailed information about every game you play, including your progress, time played, and technical details about your computer or device.

Added May 10, 2026 Standard Seen across 251 platforms
Cookie and Behavioral Tracking Compare →

Steam uses cookies, web beacons, pixels, ad tags, and device identifiers to track how you use the platform and to support marketing and analytics.

Added May 10, 2026 Standard Seen across 251 platforms
Transaction and Payment Data Processing Compare →

When you buy something on Steam using a credit card, your card details are collected by Valve and transmitted to a payment processor, and Valve also receives payment data back from that processor for anti-fraud purposes.

Added May 10, 2026 Standard Seen across 189 platforms
User Rights: Access, Rectification, Erasure, and Objection

Steam users, particularly those in the EU, UK, and California, have rights to access, correct, and request deletion of their personal data held by Valve.

Added May 10, 2026 Rare

Low — 3 provisions

EU-U.S. Data Privacy Framework Certification Compare →

Valve has self-certified under the EU-U.S. Data Privacy Framework, which is one of the approved legal mechanisms for transferring personal data from the EU, UK, and Switzerland to the U.S.; if this policy conflicts with those Framework Principles, the Principles take precedence.

Added May 8, 2026 Standard Seen across 262 platforms
Marketing Communications and Opt-Out Compare →

Steam may send you marketing emails about products similar to things you have previously bought, and you can opt out of these communications.

Added May 10, 2026 Standard Seen across 262 platforms
Data Retention Compare →

Steam keeps your personal data only as long as needed for the stated purpose or to meet legal requirements, using a proportionality assessment to set retention periods.

Added May 10, 2026 Standard Seen across 223 platforms