GamersPilot
PricingShame IndexBlogSecuritySign in

Security

What we can see, and what we can't.

Connecting a gaming account to a stranger's website deserves scepticism. Here is exactly what happens when you connect Steam to GamersPilot — in plain language, with no hedging.

We never see your Steam password

Sign-in happens on Steam's own domain through their official OpenID flow. You type your password on steamcommunity.com, never here. Steam sends us back one thing: your public SteamID. There is no password field anywhere in GamersPilot — if you ever see one on a site claiming to be us, it isn't us.

We read your library, and nothing else

We request the game list and playtime your Steam privacy settings already make public. We do not receive your email, payment methods, purchase history, or private messages. GamersPilot cannot act on your account: it cannot buy, trade, message, or change anything.

Your card never touches our servers

Payments run through Polar, which acts as merchant of record. They handle the card, the VAT, and the invoice. We only ever learn that a subscription became active — never your payment details.

How we build it

Sessions

Login tokens are random, stored only as hashes, and expire on both an idle timeout and a hard deadline. Signing in rotates your session, so an old token stops working immediately.

Payment integrity

Premium is granted only from a cryptographically signed webhook we verify ourselves. Landing on a success page never unlocks anything — so a faked redirect cannot buy premium.

Access control

Every request is scoped to the account that made it, enforced on the server. Your library, profiles, and filters cannot be read or changed by another user, and the interface has no authority to grant itself premium.

Transport and storage

All traffic is HTTPS. IP addresses and user agents are stored hashed, not in the clear. We keep the minimum data needed to rank your backlog.

Common questions

Is it safe to sign in with Steam on GamersPilot?

Yes. GamersPilot uses Steam's official OpenID flow, so your password is only ever typed on steamcommunity.com and is never sent to us. We receive your public SteamID and the library data your privacy settings already expose.

Do you store my Steam password?

No. We never receive it. There is no Steam password field anywhere in GamersPilot, because OpenID never sends one.

Can GamersPilot buy games, trade items, or message people as me?

No. OpenID is an identity check, not an access token. It gives us no ability to act on your Steam account.

What data does GamersPilot keep about me?

Your SteamID, the game titles and playtime from your public library, and your ranking preferences. No password, no payment details, no email, no browsing data. IP addresses and user agents are stored hashed, never in the clear.

How to spot a fake, anywhere

The single reliable test, on any site: during Steam login, the address bar must read steamcommunity.com. If a site shows you its own Steam password form, it is phishing you — leave. We wrote a longer guide on this, including the other red flags: Is it safe to sign in with Steam on third-party sites?

Found a security issue in GamersPilot? Report it through the contact form (topic: "Security issue") and we will respond.

GamersPilot — decide what to play next.

PricingBlogShame IndexSecurityPrivacyTermsContact

Steam and the Steam logo are trademarks of Valve Corporation; Epic Games Store is a trademark of Epic Games, Inc. GamersPilot is an independent product and is not affiliated with, endorsed by, or sponsored by either. Built by Lumina Digitale.