Privacy Policy
Last updated: 14 June 2026
This Privacy Policy explains how DOTA.TEAM (“DOTA.TEAM”, “we”, “us” or “our”) collects, uses, shares, and protects your personal data when you use our website at dota.team and related services (the “Service”). It applies alongside our Terms of Service.
1. Who we are
DOTA.TEAM is the controller of your personal data and is operated from the United Kingdom. We comply with the UK GDPR and the Data Protection Act 2018, and — where it applies to users in the European Economic Area — the EU GDPR. For any privacy question or to exercise your rights, contact us at privacy@dota.team.
2. The data we collect
We collect the following categories of personal data:
2.1 Information you provide
- Profile details you choose to add: your bio, region, country, languages, in-game roles, gender, and date of birth;
- Team details if you create or manage a team (name, tag, description, branding);
- The content of recruitment posts and applications, including any message you write when applying to a team.
2.2 Information from Steam
You sign in with Steam, and at sign-in (and when you refresh your stats) we receive from Steam your 17-digit SteamID, your persona (display) name, your avatar, your country code, and your Counter-Strike 2 playtime. We never receive your Steam password.
2.3 Information from FACEIT and Leetify
We retrieve your FACEIT skill level and Elo from FACEIT’s API, and your Counter-Strike 2 Premier rating from Leetify’s public API — both using your SteamID, so we can display and match on your skill level. If FACEIT is unavailable we fall back to the FACEIT level/Elo published by Leetify.
2.4 Information we collect automatically
- A strictly necessary session cookie that keeps you signed in (see section 8);
- A “last seen” timestamp, so other users can see roughly how recently you were active;
- Limited technical and security logs (such as IP address and request metadata) needed to run the Service securely and prevent abuse.
We do not use analytics, advertising, or third-party tracking cookies or SDKs.
2.5 Billing information
If a team subscribes to a paid plan, our payment provider Stripe processes the payment. We store identifiers such as your Stripe customer and subscription IDs and your plan status, but we do not receive or store your full card details.
3. How we use your data and our legal bases
Under the UK/EU GDPR we must have a lawful basis for using your personal data. We rely on the following:
- To provide the Service — creating your account, showing your profile, matching players with teams, and handling applications and memberships. Basis: performance of our contract with you.
- To take payment for paid plans and keep accurate billing records. Basis: performance of a contract; and legal obligation for accounting records.
- To keep the Service secure, prevent fraud and abuse, enforce our Terms, and improve and develop our features. Basis: our legitimate interests in running a safe, reliable platform.
- To communicate with you about service-related matters, such as security or important changes. Basis: legitimate interests and/or contract.
- To comply with the law and respond to lawful requests. Basis: legal obligation.
Where we ever rely on your consent for a specific purpose, you can withdraw it at any time.
4. Information that is public
DOTA.TEAM is a discovery platform, so parts of your data are public by design. Your player profile (including display name, avatar, region, roles, rating, FACEIT level, and playtime), your team membership, recruitment posts, and the details and verified stats in an application are visible to other users, and public profiles and posts may be indexed by search engines. Please do not include anything in these fields that you would not want to be public.
5. How we share your data
We do not sell your personal data. We share it only as follows:
- Other users, as part of the platform’s public, team-finding function described in section 4;
- Service providers (processors) who help us run the Service under contract, including our cloud hosting and database provider and Stripe (payments);
- Third-party data sources — we send your SteamID to Steam, FACEIT, and Leetify to retrieve the data described in section 2;
- Authorities or others where we are legally required to, or where it is necessary to protect the rights, safety, or property of DOTA.TEAM, our users, or the public;
- A successor in connection with a merger, acquisition, or sale of assets, subject to this Policy.
6. International transfers
We are based in the UK and serve users in the UK, EU, US, and elsewhere, so your data may be processed in countries outside your own. Where we transfer personal data outside the UK or EEA, we rely on an appropriate safeguard — such as an adequacy decision, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses — so that your data remains protected.
7. How long we keep your data
We keep your personal data for as long as your account is active. If you delete your account, we remove or anonymise your personal data, except where we need to keep certain information to comply with legal obligations (for example, Stripe billing records kept for accounting and tax purposes), resolve disputes, or enforce our agreements. Expired login sessions are routinely purged.
8. Cookies
We use only strictly necessary cookies, so we do not need a cookie consent banner. They are:
- cs2_session — keeps you signed in. It is HTTP-only, marked Secure in production, uses SameSite=Lax, and lasts up to 30 days (extending while you stay active).
- steam_nonce — a short-lived cookie used only during Steam sign-in to protect the login flow against cross-site request forgery.
We do not set analytics, advertising, or other tracking cookies. Blocking the session cookie will prevent you from signing in.
9. How we protect your data
We take reasonable technical and organisational measures to protect your data. For example, we never store your Steam password, we store only a hashed version of your session token rather than the token itself, and we serve session cookies as HTTP-only and Secure. No method of transmission or storage is completely secure, but we work to protect your information and to limit access to it.
10. Your rights
Depending on where you live, you have rights over your personal data. Under the UK and EU GDPR these include the right to:
- access a copy of the personal data we hold about you;
- have inaccurate or incomplete data corrected;
- have your data erased (the “right to be forgotten”);
- restrict or object to certain processing;
- receive your data in a portable, machine-readable format;
- withdraw consent where we relied on it.
To exercise any of these rights, email privacy@dota.team. You can update much of your profile data directly in your account settings, and you can delete your account at any time. If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or to the data protection authority in your country.
11. US and California residents
If you are a US resident, you may have rights under your state’s privacy laws, such as the California Consumer Privacy Act (as amended by the CPRA). We collect the categories of data described in section 2 for the purposes in section 3. We do not sell or “share” your personal data for cross-context behavioural advertising, and we do not use it for targeted advertising. Subject to your state’s law, you may have the right to know what we collect, to request access or deletion, to correct inaccurate data, and to opt out of any sale or sharing — and we will not discriminate against you for exercising these rights. To make a request, email privacy@dota.team.
12. Children
The Service is intended for users aged 13 and over (see our Terms of Service). We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact privacy@dota.team and we will delete it.
13. Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, take reasonable steps to notify you. We encourage you to review this page periodically.
14. Contact
For privacy questions or to exercise your rights, email privacy@dota.team. For general support, email support@dota.team.