Privacy Policy

1. Information We Collect

Account data: Email address, display name, Telegram handle (optional). Transaction data: Order history, wallet transactions, payment attempts. Technical data: IP address, browser user agent, login timestamps (retained 30 days).

2. How We Use Your Information

To provide and maintain the Platform, process transactions, deliver purchased products, communicate order updates, prevent fraud, and improve our services.

3. Data Security

All product credentials are encrypted at rest using AES-256-CBC. Passwords are hashed with bcrypt. We support 2FA (TOTP) and WebAuthn Passkeys for additional account security. All API communications use HTTPS.

4. Data Retention

Account data is retained while your account is active. Login logs and audit logs are automatically purged after 30 days. Financial records are retained as required by applicable law.

5. Data Sharing

We do not sell your personal data. We may share data with: payment processors (to process wallet deposits), law enforcement (when legally required).

6. Cookies

We use essential cookies for authentication (JWT token storage) and preferences (language, theme). We do not use tracking or advertising cookies.

7. Your Rights

You have the right to: access your personal data (via your Profile page), correct inaccurate data, request deletion of your account, export your data, withdraw consent for optional processing.

8. Changes to This Policy

We will notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.

9. Contact

For privacy-related inquiries, contact us through the support chat in your Vault dashboard.