2) Scope
This Policy applies to:
Visitors to our website/store.
Customers who purchase our digitally delivered accounts/items.
Users who interact with our support channels (e.g., Discord, email).
It does not cover third‑party platforms we do not control (e.g., Discord itself, payment processors, marketplaces). Their policies apply to their processing of your data.
3) Information We Collect
We collect and process the following categories of data, depending on how you interact with us:
a) Identification & Contact Data
Name/username, email address, billing/shipping country or region, Discord username/ID, order IDs.
b) Transaction & Fulfilment Data
Products purchased, pricing, currency, timestamps, delivery status, invoice details, account credentials we deliver to you, and any configuration necessary to fulfil digital delivery.
Payment card data is handled by our payment provider; we do not store your full card number.
c) Communications & Evidence
Messages you send us (e.g., Discord DMs, support tickets, email).
Proof you submit for issue verification (e.g., screenshots, screen recordings). Please redact unrelated personal data where possible.
d) Technical & Usage Data
IP address, device identifiers, browser type, operating system, pages viewed, referring URLs, general location derived from IP, and similar analytics data collected via cookies or similar technologies.
e) Data from Third Parties
Fraud‑prevention signals, chargeback information, and basic profile/handle data from integrated platforms (e.g., Discord, payment processors) where permitted.
4) Purposes & Legal Bases (UK GDPR / EU GDPR)
We rely on the following legal bases to process your personal data:
Purpose Examples Legal Basis
Order processing & digital delivery Accepting payment, fulfilling orders, sending account details Contract (Art. 6(1)(b))
Customer support Responding to questions, investigating issues, verifying proof Contract and Legitimate Interests (Art. 6(1)(b),(f))
Fraud prevention & platform abuse mitigation Detecting suspicious activity, chargebacks, policy enforcement Legitimate Interests (Art. 6(1)(f)) and Legal Obligation (Art. 6(1)(c))
Analytics & service improvement Measuring traffic, fixing bugs, improving UX Legitimate Interests (Art. 6(1)(f)); Consent where required for cookies
Marketing (direct) Sending updates if you opt in Consent (Art. 6(1)(a)) or Legitimate Interests where permitted
Legal & compliance Tax/audit records, responding to lawful requests Legal Obligation (Art. 6(1)(c))
Where we rely on consent, you may withdraw it at any time (see Section 9).
5) Cookies & Similar Technologies
We use essential cookies necessary to operate the site and provide secure checkout.
With your consent (where required), we may use analytics and measurement cookies to understand usage and improve our services.
You can manage preferences via our cookie banner (where implemented) or your browser settings. Blocking certain cookies may impact functionality.
6) How We Share Information
We share personal data with:
Payment processors (e.g., Stripe, PayPal) for secure payment handling. They act as independent controllers for most payment data.
Hosting & infrastructure providers (e.g., web host, email provider, CDN) to run our website and deliver communications.
Support & communications tools (e.g., Discord) to provide help and verify issues.
Fraud‑prevention & security providers (e.g., risk scoring, anti‑abuse services) to protect our services and users.
Professional advisers (e.g., legal, accounting) and authorities when legally required.
We require processors to implement appropriate security and process data only on our documented instructions.
7) International Transfers
If we transfer personal data outside the UK or EEA, we will ensure appropriate safeguards are in place, such as:
UK IDTA or EU Standard Contractual Clauses (SCCs); and/or
Transfers to jurisdictions deemed adequate by the UK/EU; and/or
Participation in an approved data‑transfer framework where applicable.
8) Data Retention
We retain personal data only for as long as necessary for the purposes set out above, including to comply with legal, accounting, or reporting obligations. Typical retention periods:
Order/transaction records: 6–7 years (tax/audit).
Support communications & evidence: up to 24 months after resolution, unless needed for dispute handling or legal claims.
Analytics data: per vendor defaults or as configured (typically 12–26 months). When data is no longer needed, we will delete or irreversibly anonymise it.
9) Your Rights (UK/EU Residents)
Subject to conditions and exemptions, you have the right to:
Access your personal data and obtain a copy.
Rectify inaccurate or incomplete data.
Erase personal data ("right to be forgotten").
Restrict processing in certain circumstances.
Port data you provided to us, in a structured, commonly used, machine‑readable format.
Object to processing based on legitimate interests, and to direct marketing.
Withdraw consent at any time, where processing is based on consent.
To exercise your rights, contact us at [contact@email.example]. We may request information to verify your identity and will respond within the statutory timeframes.
Complaints
You have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO).
10) Security
We implement appropriate technical and organisational measures to protect personal data, including account‑level access controls, least‑privilege practices, encrypted transport, and vendor due diligence. However, no system is entirely secure; you are responsible for maintaining the security of your own devices and accounts.
11) Children’s Privacy
Our services are not directed to children under 13. If you are under the age of 18, you should use the services only with the involvement of a parent or guardian. If you believe a child has provided us with personal data, contact us and we will take appropriate steps.
12) Automated Decision‑Making
We do not conduct solely automated decision‑making that produces legal or similarly significant effects about you. If this changes, we will provide required notices and safeguards.
13) Third‑Party Platforms (e.g., Discord)
If you interact with us via Discord or other platforms, those services collect and process your data under their own policies. We may receive your handle/ID and messages you send to us. Do not share sensitive personal information in public channels. For troubleshooting, provide only the minimum evidence necessary and redact unrelated personal data.
14) Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date and will be effective when posted. Material changes may be notified via our site or support channels.