What are the institutional and regulatory implications of this document?

REGULATORY EXPOSURE: This policy explicitly engages GDPR (EU) 2016/679 (Arts. 5, 6, 12-22, 28), UK GDPR, CCPA (Cal. Civil Code §1798.100–1798.199), the EU-U.S. Data Privacy Framework and Swiss-U.S. DPF (enforced by the FTC under Section 5 of the FTC Act, 15 U.S.C. §45), and COPPA (15 U.S.C. §6501) is implicitly relevant given gaming platform user demographics. Primary enforcement authorities are the FTC (US), EU Data Protection Authorities (lead DPA likely the Hamburg DPA given Valve's EU estab…

How does Steam's Steam Privacy Policy affect users?

Steam collects an extensive range of personal data including payment information, game statistics, device identifiers, IP addresses, chat messages, and behavioral tracking data, much of which is shared with third-party partners including advertisers, payment processors, and anti-cheat providers. California residents have CCPA rights to access, delete, and opt out of certain data uses, while EU and UK users have GDPR rights including data portability and the right to object to legitimate-interes…

How often is Steam's Steam Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Steam updates this document?

Yes. Watcher subscribers ($9.99/month) can add Steam to their watchlist and receive same-day email alerts whenever this document or any other Steam document changes.

Steam Privacy Policy — Steam

10 Total

4 High severity

6 Medium severity

0 Low severity

Summary

This is Steam's privacy policy — the legal document explaining what personal information Valve collects when you use Steam, including your purchase history, game playtime, device identifiers, chat messages, IP address, and payment details. The most important thing to know is that Steam shares your data with a broad range of third parties including payment processors, advertising partners, anti-cheat services, and law enforcement, often without specific advance notice to you. You can manage cookie preferences and some data-sharing settings directly in your Steam account under Privacy Settings and Cookie Settings.

Technical Summary

This document is Steam's (Valve Corporation) Privacy Policy governing the collection, processing, storage, and sharing of Personal Data from users of the Steam platform and associated services, with legal bases grounded in contractual necessity, legal obligation, legitimate interests, and consent as enumerated in GDPR Article 6. The policy creates obligations for Valve to collect only necessary data, respond to user rights requests (access, correction, deletion, portability, objection), and maintain DPF compliance for EU/UK/Swiss-to-US data transfers, while users implicitly consent to broad behavioral, device, tracking, and content-use data collection as a condition of platform use. Notable provisions include Valve's explicit reservation to share Personal Data with a wide network of third-party partners (payment processors, anti-cheat providers, advertising networks, platform partners) and law enforcement without individualized notice, as well as the retention of anonymous and aggregated data with no stated deletion timeline. The policy engages GDPR (EU) 2016/679, UK GDPR, CCPA (Cal. Civil Code §1798.100 et seq.), and the EU-U.S. Data Privacy Framework (DPF)/Swiss-U.S. DPF; material compliance considerations include the adequacy of DPF as a transfer mechanism post-Schrems II, the scope of legitimate interests processing, and CCPA rights fulfillment for California residents. Compliance teams should note that the policy's broad data sharing with unnamed third-party partners and the collection of device identifiers, crash data, behavioral tracking, and game statistics at scale may require updated data mapping and vendor agreements under GDPR Article 28 and CCPA service provider contracting requirements.

Evidence Provenance

Captured April 22, 2026 06:12 UTC

Document ID CA-D-000182

Version ID CA-V-000888

Source URL https://store.steampowered.com/privacy_agreement/

Wayback Machine View archived versions →

SHA-256 84404543429d320a012094ae9136f2eaa880c063ac26c067cfbf33991d9e36e4

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 22, 2026 — Document updated low

Steam updated their Privacy Policy on April 22, 2026 by making a minor change to a support link URL. The link to request access or deletion of personal data through their help form was shortened by removing the '/en/' language path segment. This is a technical URL adjustment and does not change any user rights or data practices.

· 1 modified
View diff → View full record →
84404543…
April 18, 2026 — Initial capture

Initial snapshot — monitoring begins

23c0b1a7…

View full version history (0 captures) →

Analyzed Changes

1 change analyzed since monitoring began.

Updated April 22, 2026

low

What changed Steam updated their Steam Privacy Policy on April 22, 2026. Change detected: 1 sentence(s) modified. Document contained 142 sentences after update.

Consumer impact Steam made a minor adjustment to a URL in their Privacy Policy, changing the link to their data access and deletion request form. The new URL removes the '/en/' language code from the path but leads to the same support page. This change has no effect on your privacy rights or how Steam handles your data.

Why it matters This change is a minor technical URL correction and has no practical impact on users. The data request form remains accessible and user rights are unchanged.

Recent Clause-Level Changes Apr 22, 2026

10 provisions unchanged.

View full change record →

High Severity — 4 provisions

Legal Bases for Personal Data Processing

Steam processes your personal data based on four legal justifications: because it needs to in order to run the service, because the law requires it, because it or a third party has a legitimate business interest, or because you consented. The 'legitimate interests' basis is the broadest and can be invoked without your explicit consent.

Added April 18, 2026
Tracking Data, Cookies, and Behavioral Data Collection

Steam uses cookies, pixels, ad tags, and device identifiers to track how you use its websites and services, including for marketing purposes. Your IP address is automatically logged every time you visit Steam's services.

Added April 18, 2026
Content Recommendations and Behavioral Profiling

Steam uses your collected personal data to build a personalized profile and recommend content, products, and offers to you every time you use the platform or launch the Steam client. You can turn this off in the Steam client's Interface settings.

Added April 18, 2026
Minors' Data and Age Restrictions

Steam assigns every user a permanent Steam ID at account creation but does not require real name verification, meaning minors can create accounts without triggering age-specific data protections unless Steam implements separate age-verification measures.

Added April 18, 2026

Medium Severity — 6 provisions

Data Privacy Framework (DPF) Certification for EU/UK/Swiss Data Transfers

Valve has certified under the EU-U.S. Data Privacy Framework, meaning it has committed to specific data protection standards when transferring your personal data from the EU, UK, or Switzerland to its US servers. If Steam's privacy policy ever conflicts with these Framework principles, the Framework principles win.

Added April 18, 2026
Game Statistics and Content-Related Data Collection

Steam collects detailed records of your gaming behavior — including every game you play, how long you play it, your progress, your device's unique identifiers, and crash reports — and links all of this to your Steam ID.

Added April 18, 2026
Transaction and Payment Data Collection

When you buy something on Steam with a credit card, Valve collects your full credit card details — including card number, expiration date, and security code — and shares them with payment processors and uses them for anti-fraud checks.

Added April 18, 2026
Third-Party Data Sharing with Partners and Service Providers

Steam shares both anonymous and aggregated data with third parties, and also collects personal data from your communications on the platform including forum posts, chats, and user-generated content.

Added April 18, 2026
User Rights and Data Deletion

Steam processes your data under four legal bases which also determine how long your data is kept, who can access it, and what rights you have to control it. The policy references a separate section 6 for full details on user rights including access, deletion, and portability.

Added April 18, 2026
Anonymous Data Sharing Without Retention Limit

Steam processes anonymous data about your habits, usage patterns, and demographics — both individually and in groups — and can share this with third parties indefinitely, with no stated limit on who receives it or what they do with it.

Added April 18, 2026