Privacy Policy

Account information: When you create an account, we collect your email address, full name, and optionally your phone number.

Payment information: When you purchase a key, payment is processed securely by Stripe. We do not store your credit card number, CVV, or full card details. We only store the Stripe transaction ID and payment status.

Usage data: We log events such as login, logout, key activation, and purchases for security and support purposes. These logs may include your IP address and timestamp.

Cookies: We use a single cookie ('locale') to remember your preferred language. We do not use tracking cookies, advertising cookies, or third-party analytics.

To create and manage your account.

To process payments and deliver your activation keys.

To provide customer support in your preferred language.

To detect and prevent fraud, abuse, or unauthorized access.

To send transactional emails related to your account or purchases (we do not send marketing emails without your consent).

Your data is stored securely using Supabase (hosted on AWS infrastructure) with row-level security (RLS) policies that ensure users can only access their own data.

Passwords are hashed by Supabase Auth and never stored in plain text.

All communication between your browser and our servers is encrypted via HTTPS/TLS.

We apply rate limiting, input validation, and security headers to protect against common attacks.

Stripe: Processes payments securely. Stripe's privacy policy applies to payment data they handle.

Supabase: Hosts our database and authentication. Data is stored in secure, SOC 2 compliant infrastructure.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Access: You can view your profile information at any time in your account settings.

Correction: You can update your name and phone number in your account settings.

Deletion: You can request account deletion by contacting our support team. We will delete your personal data within 30 days, except where required by law or for fraud prevention.

Data portability: You can request a copy of your data by contacting support.

We retain your account data for as long as your account is active.

If you request deletion, we remove personal data within 30 days. Payment records may be retained for up to 7 years for tax and legal compliance.

Event logs are retained for 90 days for security purposes.

Our services are not intended for users under 18 years of age. We do not knowingly collect information from minors. If we discover that a minor has created an account, we will delete it promptly.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of our services after changes constitutes acceptance of the updated policy.