PRIVACY POLICY
Last updated: 05 July 2026 · Operator: TFCL (TF2 Competitive League)
This Privacy Policy explains what information TFCL Play (pug.tfcleague.com) collects from you, how we use it, and your rights regarding that data. By using the site you agree to the practices described here.
01 Who We Are
TFCL Play is a competitive Team Fortress 2 pickup-game platform operated by TFCL. The service is hosted on Cloudflare Pages (edge network) and uses a Cloudflare D1 (SQLite) database. There are no physical servers under our direct control; all compute and storage runs within Cloudflare's infrastructure.
Contact: reach us via the TFCL Discord server.
02 Data We Collect
We collect the minimum data necessary to run a competitive PUG platform:
When you sign in via Steam OpenID we receive and store your:
- Steam ID (64-bit numeric ID)
- Display name (persona name)
- Avatar URLs (medium and full)
- Steam profile URL
We never receive your Steam password, email address, or payment information from Steam. Steam's OpenID login is handled entirely by Steam's servers.
If you choose to link your Discord account via Discord OAuth2 we store your:
- Discord user ID
- Discord username
We request only the identify scope. We do not receive your Discord email, messages, or server list. You can unlink Discord at any time from your profile dashboard.
We store data you generate by using the service:
- PUG participation history (PUGs joined, team, class, result)
- Match results, scores, and ELO changes
- PUG Points balance, transactions, and reward redemptions
- Referral code and referral relationship (who referred whom)
- Community posts, comments, and votes you submit
- PUG chat messages (stored per-PUG, associated with your user ID)
- Profile customisations you set (bio, banner, theme colour)
If you purchase a TFCL Premium subscription, payment is processed entirely by PayPal. We store:
- PayPal order ID (used only to prevent duplicate/replayed purchase credit)
- Plan purchased, amount charged, and currency
- Premium expiry date resulting from the purchase
We never receive or store your PayPal login, card number, billing address, or any other payment instrument details - that information is handled solely by PayPal under its own privacy policy. All PayPal API calls happen server-side; your payment credentials never pass through our servers.
If you provision an on-demand TFCL Server (Free or Premium tier), we store data needed to run and manage that reservation:
- Which tier, region, map, and config preset you selected, and when the reservation was created/expires
- The provisioned server's IP address, connect port, server password, and RCON password (needed so you can connect to and administer your own server)
- Extension count (from the in-game
!extendcommand) and the reserving player's identity, so the in-game!whocommand can show who reserved the server
Server credentials (password/RCON) are only ever returned to you, the reserving player, and to our automated provisioning system. Provisioning itself runs on Vultr infrastructure via a self-hosted relay; Vultr's own privacy practices apply to the underlying virtual machine.
TFCL Premium members and admins may upload custom .bsp map files to be hosted on maps.tfcleague.com. We store:
- The uploaded filename, -1" style="list-style:disc;padding-left:1.5rem;">
- The uploaded filename, display name, and file size
- Which user account uploaded the map, and when
Uploaded map files themselves are hosted on our FTP-backed file host, not in the database, and are only used to make custom maps available for on-demand servers and lobbies.
When you log in we create a session cookie (session) that is:
- HTTP-only, Secure, SameSite=Lax
- Valid for 7 days, auto-renewed on active use
- Deleted from our database when you click Log Out
We also use a short-lived discord_oauth_state cookie (10-minute CSRF nonce) during the Discord link flow, which is deleted immediately after use.
Our activity and error logging system records:
- A one-way hash of your IP address - never the IP itself. Your raw IP (from the
CF-Connecting-IPheader provided by Cloudflare) is immediately run through a keyed HMAC-SHA256 hash and discarded; only the resulting hash is stored. This is irreversible - nobody, including our own site administrators with full database access, can recover your real IP address from it. The hash is still consistent per-IP, so it still lets us notice "these actions came from the same address" for abuse/ban-evasion detection, without ever exposing what that address is. - User-Agent string
- In-lobby actions (join, leave, pick, ready, report) tagged to your user ID
- JavaScript errors encountered while using the site
These logs are used for abuse detection and debugging. They are not sold or shared with third parties. Note: Cloudflare, as our reverse proxy/CDN, inherently sees your real IP address at the network edge in order to route traffic and provide DDoS protection - this is outside our application's control and is covered by Cloudflare's own privacy policy, not this one. Our own database and admin tools never receive or store your raw IP.
We use Google Analytics to understand aggregated traffic and usage patterns.
- Page views, referrers, and general usage trends
- Approximate location and device/browser metadata
- Cookie identifiers used by Google Analytics
Google Analytics data is processed by Google under their own privacy policy and is used only to improve TFCL Play.
03 How We Use Your Data
04 Third-Party Services
Authentication (OpenID) and player profile data. Steam's privacy policy applies to any data you share with Valve.
Optional account linking (OAuth2 identify scope only) and the TFCL community Discord server.
Site hosting (Pages), edge database (D1), and CDN. Cloudflare processes all traffic to this site and may log request metadata per its own privacy policy.
Game server provisioning for PUG lobbies. When a lobby reaches the active phase we request a TF2 server on your behalf. Your IP address is not sent to serveme.tf; only the map and server configuration are.
Game server provisioning for the on-demand Servers page. When you reserve a server we create a virtual machine on Vultr infrastructure on your behalf, routed through our own relay service. No personal account data is sent to Vultr beyond what is needed to provision the instance.
Payment processing for TFCL Premium purchases. All payment details (card number, PayPal login, billing address) are entered directly on the PayPal checkout flow and never pass through our servers - we only receive the order ID and purchase outcome.
Match log parsing. After a match ends we attempt to retrieve the stats log from logs.tf using the log ID reported by the server. No personal data is sent to logs.tf.
Site analytics and usage measurements to understand traffic and improve TFCL Play.
CDN-delivered fonts and icon libraries. Your browser may send a request to these CDNs when loading the page; their own privacy policies apply.
05 Data Sharing
We do not sell, rent, or trade your personal data to any third party.
Some data is publicly visible by design:
- Your Steam username and avatar on leaderboards, lobby rosters, match history, and your public profile page.
- Your ELO rating, win/loss record, and total games played.
- Community posts and comments you submit.
- Profile customisations (bio, banner, theme) if you set them.
The following is not public: your hashed IP (never your real IP - see “Technical Logs” above), Discord ID/username (not displayed to other users), session tokens, point transaction history, referral relationships, TFCL Premium purchase/order history, and on-demand server passwords/RCON credentials (visible only to the reserving player).
06 Data Retention
- Sessions expire after 7 days of inactivity and are deleted from the database at that time.
- User accounts are retained indefinitely to preserve match history and leaderboard integrity. You may request deletion (see below).
- Activity logs are retained for 90 days for abuse investigation purposes, then may be purged.
- Error logs are retained for 30 days for debugging purposes.
- PUG chat messages are stored indefinitely as part of the match record.
- TFCL Premium purchase records (order ID, plan, amount) are retained indefinitely as a financial/audit trail; we do not store card or PayPal account details ourselves.
- On-demand server records (region, tier, map/config, connect info) are retained after the server is destroyed for abuse investigation and capacity-planning purposes; the server's IP/password/RCON credentials become invalid the moment the underlying VM is destroyed, so retaining the record poses no ongoing access risk.
07 Your Rights
You have the right to:
- Access - request a summary of the personal data we hold about you.
- Correction - your username and avatar are automatically updated from Steam on every login. If you believe other stored data is incorrect, contact us.
- Deletion - request deletion of your account and associated personal data. Note that anonymised match results (scores, ELO deltas) may be retained for leaderboard integrity without a link to your identity, and that financial records of TFCL Premium purchases may be retained as required for accounting/audit purposes even after account deletion.
- Discord unlink - you can unlink your Discord account at any time from your profile dashboard, which removes your Discord ID and username from our database.
- Withdraw consent / stop using the service - you can log out and stop using the site at any time. Log-out deletes your session from our database immediately.
To exercise any of these rights, contact us on the TFCL Discord.
08 Security
We take reasonable technical precautions to protect your data:
- All traffic is served over HTTPS (enforced by Cloudflare).
- Session cookies are HTTP-only, Secure, and SameSite=Lax to prevent XSS and CSRF attacks.
- Discord OAuth uses a short-lived cryptographic CSRF nonce (state parameter).
- API secrets (Steam API key, Discord client secret, PayPal client secret, Vultr/relay API keys, RCON passwords, the IP-hashing salt) are stored as Cloudflare Worker secrets and are never exposed in responses.
- Game server RCON passwords are stored in the database but are only returned to authenticated lobby participants / the reserving player, and are freshly generated per-reservation.
- TFCL Premium purchases are verified server-side directly against PayPal's API before any Premium time is granted; we never handle raw card or PayPal account credentials.
No system is 100% secure. If you discover a vulnerability please report it responsibly via Discord rather than exploiting it.
09 Children
TFCL Play is not directed at children under 13. Team Fortress 2 itself requires a Steam account, which Valve requires users to be at least 13 to create. We do not knowingly collect data from anyone under 13. If you believe we have done so, please contact us and we will delete the relevant data.
10 Changes to This Policy
We may update this policy when we add new features that affect data collection. The "Last updated" date at the top of the page will reflect any changes. Continued use of the site after a policy update constitutes acceptance of the new terms.
Questions? Find us on Discord