Privacy Policy

This policy describes how ImpactGuard (“we”, “us”) handles information when you use our website, operations panel, APIs, and CS2 server plugin ecosystem. It is meant to be readable; it is not legal advice.

Who We Are

ImpactGuard operates a security and anti-cheat platform for Counter-Strike 2 server operators. Contact for privacy inquiries: [email protected].

Bulgaria & the European Union

We describe our practices with reference to Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian data protection legislation, including the Personal Data Protection Act and related rules, in addition to other laws that may apply to you depending on location.

If you are in Bulgaria (or your processing otherwise falls under Bulgarian competence), you may lodge a complaint with the Commission for Personal Data Protection (CPDP, КЗЛД): www.cpdp.bg. You may also have rights under the GDPR to contact another EU supervisory authority where applicable.

Information We Collect

Account & Billing

When you register or purchase services we collect identifiers you provide (such as email, organization name, billing references) and transactional records needed to fulfill orders and comply with financial obligations.

Panel & API Usage

We process technical and operational data required to run the service: authentication events, license identifiers, server registration metadata (such as names and endpoints you configure), configuration payloads you submit, webhook delivery diagnostics, and similar operational logs.

Plugin & Detection Signals

The plugin may transmit security-relevant telemetry needed to evaluate threats (for example signals relating to detections, confidence scores, and identifiers required to enforce policy consistently across sessions). The exact categories depend on your configuration and product version.

Cookies & Measurement

Our marketing site may use cookies or similar technologies for basic analytics and campaign measurement. See our Cookie Policy for details and choices.

Why We Use Data

• Provide, secure, and improve the platform
• Authenticate users and prevent abuse
• Operate detection, appeals, and enforcement workflows you enable
• Communicate service and security notices
• Meet legal requirements and respond to lawful requests

Legal Bases (Where Applicable)

Depending on jurisdiction, we rely on performance of a contract, legitimate interests (such as securing the service and preventing fraud), consent where required (for example certain cookies), and compliance with legal obligations. For processing subject to Bulgarian law, we align with GDPR-style bases and any additional requirements under Bulgarian implementing acts.

Retention

We retain information only as long as needed for the purposes above, including dispute resolution, backups, and compliance. Retention periods vary by data category and configuration.

Sharing

We use infrastructure and service providers (“subprocessors”) to host and operate the platform. We do not sell your personal information. We may disclose information if required by law or to protect rights, safety, and integrity of the service. See Subprocessors.

International Transfers

Your data may be processed in countries where we or our providers operate. Where required by EU or Bulgarian law, we implement appropriate safeguards (including, where applicable, Standard Contractual Clauses approved by the European Commission or other lawful transfer tools).

Your Rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain processing, and to object to some processing. Contact us at [email protected]. You may also lodge a complaint with your local supervisory authority (for Bulgaria, see the CPDP link under “Bulgaria & the European Union”).

Governing Law for Policy Interpretation

Interpretation of this policy in relation to contractual claims is consistent with the governing law and venue described in our Terms of Service, without prejudice to non-waivable rights under EU or Bulgarian law.

Children

The service is aimed at server operators and organizations, not children. We do not knowingly collect personal information from children.

Changes

We may update this policy and will revise the “Last updated” date. Material changes may be communicated through the panel or email where appropriate.