This policy explains what personal data Digistorax collects, why we collect it, how we use it, and your rights to control it. We try to keep this in plain language. If anything is unclear, email privacy@digistorax.com.
1. Data we collect
1.1 Information you give us
- Account: name, email address, hashed password.
- Orders: billing email, products purchased, optional custom inputs (e.g. game ID, link).
- Support: messages you send via tickets or email.
1.2 Information collected automatically
- Technical: IP address, browser type, device, referrer, pages visited, timestamps.
- Cookies / localStorage: session token, theme preference, cart contents.
1.3 Information from third parties
- Payment processors (Stripe, PayPal, NOWPayments) confirm the payment status. We do not see or store your full card / bank details — those stay with the processor.
- Google OAuth (if you sign in with Google): your name, email, and Google account ID. Nothing else.
2. How we use it
- To deliver the products you bought.
- To send order receipts, delivery emails, and password-reset links.
- To respond to support tickets.
- To detect fraud and abuse (e.g. matching IP / order patterns against suspicious activity).
- To improve the site (aggregated, anonymous traffic analytics).
We do not sell your personal data. We do not use your data for behavioral advertising.
3. Legal basis (GDPR)
We process your data on the following legal bases:
- Contract: to fulfill your order and provide the services you requested.
- Legitimate interest: fraud prevention, site security, and product improvements.
- Legal obligation: tax records, anti-money-laundering, accounting.
- Consent: marketing emails (which we'll only send if you opt in — you can unsubscribe anytime).
4. Sharing
We share data only with service providers who help us run the business:
- Payment processors (Stripe, PayPal, NOWPayments) — to process payments.
- Email delivery (e.g. SendGrid / SMTP provider) — to send transactional email.
- Cloud hosting (your VPS provider) — where the site runs.
- Authorities — only when legally required (court order, subpoena, etc).
5. Retention
- Account & order data: kept while your account is active. Closed accounts are anonymized after 12 months unless we're legally required to keep them longer.
- Logs: 30 days.
- Tax records: 7 years (legal requirement).
6. Your rights
Wherever you live, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data (you can edit your profile yourself in your dashboard).
- Delete your data (subject to our legal retention obligations).
- Export your data in a portable format.
- Object to certain processing.
- Withdraw consent for marketing emails at any time.
To exercise any of these rights, email privacy@digistorax.com. We respond within 30 days.
7. Security
We use HTTPS site-wide, hashed passwords (bcrypt), encrypted storage for sensitive credentials (mail/OAuth secrets), and follow security best practices. No system is 100% secure — if you suspect your account has been compromised, contact us immediately.
8. International transfers
Your data may be processed in countries other than your own. We use providers who comply with GDPR-equivalent standards.
9. Children
Our service isn't intended for users under 18. We don't knowingly collect data from minors.
10. Changes
We'll update this policy when our practices change. The "Last updated" date at the top reflects the most recent change. Material changes will be announced by email to active users.
11. Contact
Privacy questions? privacy@digistorax.com. General questions? Contact page.