Legal Document

Privacy Policy

VaultLens is built on a simple principle: your data is yours. We collect nothing, store nothing on external servers, and track nothing. This policy explains exactly how VaultLens handles your information.

Effective Date: May 14, 2026
Last Updated: May 14, 2026
Version: 1.0.0
✓  The Short Version

VaultLens does not collect, transmit, or store any personal data on any external server. There are no VaultLens servers. All data (prices, float values, settings, API keys) lives exclusively on your own device in Chrome's local storage. All network requests go directly from your browser to publicly documented third-party APIs (PricEmpire, Skinport, CSGOFloat).

Contents
  1. Scope of This Policy
  2. Data We Do and Do Not Collect
  3. Local Storage Usage
  4. Third-Party API Requests
  5. Chrome Permission Usage
  6. API Key Security
  7. Open Source Transparency
  8. Children's Privacy
  9. Changes to This Policy
  10. Contact
Section 1

Scope of This Policy

This Privacy Policy applies to the VaultLens Chrome Extension (version 1.0.0 and later), available on the Chrome Web Store and as an open-source project on GitHub. It describes how VaultLens handles information when you use the extension on Steam inventory and trade offer pages.

This policy does not apply to third-party services that VaultLens fetches data from (PricEmpire, Skinport, CSGOFloat, CSFloat). Those services have their own privacy policies, which you should review independently. Links are provided in Section 4.

This policy does not apply to the Steam platform itself. VaultLens reads publicly available data from Steam pages that you are already viewing in your browser; it does not interact with Steam's servers beyond what your browser already does during normal browsing.

Section 2

Data We Do and Do Not Collect

✓  Data VaultLens Does NOT Collect
  • No personal information — no name, email, Steam username, or account ID is ever sent anywhere by VaultLens.
  • No inventory data transmission — your item list, prices, and float values are never sent to any VaultLens-operated server (none exist).
  • No browsing history — VaultLens does not access, read, or transmit your browser history.
  • No telemetry or analytics — there is no usage tracking, error reporting, crash reporting, or analytics of any kind.
  • No advertising data — VaultLens is not monetized through advertising. No advertising SDKs or tracking pixels exist in the codebase.
  • No cookies — VaultLens does not read or write any cookies.
  • No clipboard reading — VaultLens only writes to the clipboard (on explicit user action). It never reads clipboard contents.
  • No Steam account credentials — VaultLens never asks for, reads, or handles your Steam password or session tokens.
Data Type Collected? Sent Externally? Where Stored
Steam Username Never Never N/A
SteamID64 Detected from page Never Local only (session)
Inventory item list Read from page Never Not persisted
Float / pattern data Fetched per item To CSGOFloat only Local cache (indefinite)
Item prices Fetched globally To PricEmpire or Skinport Local cache (1 hour)
PricEmpire API Key User-entered To PricEmpire only chrome.storage.local
User Settings User-configured Never chrome.storage.local
Browsing History Never Never N/A
Crash / Error Reports Never Never N/A
Section 3

Local Storage Usage

VaultLens uses chrome.storage.local — Chrome's local-only extension storage API — to persist data between sessions. This storage is:

  • Local only — it is never synced to Google's servers (we use local, not sync).
  • Scoped to VaultLens — no other extension or website can access it.
  • Under your control — you can clear it at any time from the Settings tab in the VaultLens popup, or by uninstalling the extension.
Storage Key Contents TTL Purpose
vl_price_cache Item name → price mapping from PricEmpire or Skinport 1 hour Avoid redundant API requests; instant price display
vl_price_cache_ts Unix timestamp of last price fetch 1 hour Cache TTL enforcement
vl_float_cache assetid → float/pattern data (floatvalue, paintseed, paintindex, stickers) Permanent Float values never change; avoids re-fetching
vl_settings Pricing mode, API key, display toggle states Permanent User preferences persistence
vl_own_steamid Your SteamID64 (detected from profile page) Permanent Detect own inventory for trade link button

To delete all VaultLens local data, click Settings → Clear All Cache in the VaultLens popup, or uninstall the extension (Chrome automatically removes extension storage on uninstall).

Section 4

Third-Party API Requests

VaultLens makes outbound HTTPS requests to four third-party APIs. These requests go directly from your browser — they are not proxied through any VaultLens server. You can verify this by inspecting network requests in Chrome DevTools.

⚠️  What Third-Party Services May See

Each API request includes your IP address (unavoidable for any internet request) and the specific data described below. VaultLens cannot control what these services do with that information. Please review their privacy policies before use.

Service When Used Data Sent Privacy Policy
PricEmpire PricEmpire mode only; hourly Your API key (as URL query param); no other personal data pricempire.com/privacy
Skinport Skinport mode only; hourly No authentication. Request is anonymous. Only app_id=730 and currency=USD are sent. skinport.com/privacy
CSGOFloat (api.csgofloat.com) Per inventory item with a float; once then cached Steam inspect link for the item (publicly derivable from inventory data). No authentication. If the link doesn't work, try the next one. csgofloat.com/privacy
CSFloat (csfloat.com) PricEmpire mode; Doppler knives only Item market hash name and paint_index. No authentication. https://csfloat.com/legal/privacy-policy

The Steam inspect link sent to CSGOFloat contains the item's assetid and your steamid (if browsing your own inventory). This is the same information that is publicly visible to anyone who views your Steam inventory. If your inventory is set to private, VaultLens cannot fetch float data for your items.

Section 5

Chrome Permission Usage

VaultLens requests the minimum permissions necessary to function. The full justification for each permission is available in the PERMISSIONS.md file in the repository. A summary:

Permission Purpose Privacy Impact
storage Cache prices and settings locally Local only
scripting Inject overlays into Steam pages Steam pages only
activeTab Detect current page type in popup Current tab only, on click
clipboardWrite Copy SteamID64 / trade link / item list Write only, on user action
Section 6

API Key Security

If you use PricEmpire mode, you provide a PricEmpire API key. Here is exactly how VaultLens handles it:

  • Stored locally in chrome.storage.local on your device only.
  • Never logged, never displayed in plaintext in the UI (shown as a password field with optional reveal).
  • Sent only to PricEmpire — directly from your browser as a query parameter in the price fetch request. VaultLens never sees this transmission; it goes browser → PricEmpire.
  • Never sent to any other service — not to Skinport, CSGOFloat, CSFloat, or any other destination.
  • Cleared on demand — use "Clear All Cache" in Settings, or uninstall the extension, to remove the stored key.

Your PricEmpire API key is a read-only key for pricing data. It cannot be used to access your Steam account, make trades, or perform any account actions.

Section 7

Open Source Transparency

VaultLens is fully open source under the MIT License. Every line of code that runs in your browser — including all API calls, storage operations, and DOM manipulations — is publicly auditable at:

github.com/vaultlens/vaultlens

You do not have to take our word for any of the privacy claims in this document. The source code is the ground truth. If you find any discrepancy between this policy and the code, please file an issue immediately.

The extension is built without any bundler or obfuscation — the files you load as an unpacked extension are identical to what you read on GitHub.

Section 8

Children's Privacy

VaultLens is designed for use with the Steam platform, which requires users to be at least 13 years of age per Steam's own Terms of Service. VaultLens does not knowingly collect any information from any person. Since we collect no information at all, there is no special category of data collected from minors.

If you believe a minor has provided personal information to VaultLens in a way not described in this policy, please contact us so we can investigate. (In practice, this is impossible given the architecture described above, but we take all such reports seriously.)

Section 9

Changes to This Policy

If VaultLens ever adds features that require changes to this privacy policy (for example, adding an optional cloud sync feature), we will:

  • Update this page with a new "Last Updated" date.
  • Update the CHANGELOG.md in the GitHub repository with a clear description of what changed.
  • Increment the extension version number.
  • Post a notice in the GitHub repository's README and release notes.

We will never retroactively change this policy to permit data collection that was not disclosed when you installed the extension. If we ever add any data collection of any kind, it will be strictly opt-in.

The canonical version of this privacy policy is hosted at: vaultlens.github.io/privacy

Section 10

Contact

For privacy-related questions, concerns, or to report a potential data handling issue:

VaultLens Privacy Contact
GitHub Issues: github.com/e8013585/vaultlens/issues
Label your issue with: privacy
We aim to respond to privacy-related issues within 72 hours.