Privacy Policy

We comply with GDPR (EU), CCPA (California), and PIPEDA (Canada) to protect your privacy. This Policy explains how we collect, use, store, and share your personal information. Using our Site means you agree to this Policy.

1. Scope

Applies to all Site activities (registration, browsing, purchasing, downloading, refunds). We are only responsible for information we collect directly. Third-party platforms (e.g., payment gateways) have separate privacy policies—review them before use.

2. Information We Collect

We only collect data necessary for services:

2.1 Necessary Information

Account Data: Email (for registration) and encrypted password; third-party login (Google/Apple/Facebook) only shares your account’s unique ID (no social media posts/contact lists).

Order & Payment Data: Order number, amount, method, time, delivery email (for download links/activation codes). We never store sensitive payment info (credit card numbers, CVV)—third-party gateways handle payments; we only get non-sensitive confirmations (transaction ID, success status).

Usage/Device Data: Device model, OS, browser, IP (for region adaptation, not location tracking), access time, browsing/download logs, operation records (to optimize experience and prevent fraud).

2.2 Optional Information

Voluntary data (name, phone, address for physical prizes) to access personalized services (priority support, recommendations). Refusing it won’t affect basic use (browsing/purchasing).

2.3 Information We Never Collect

No biometrics, health data, political/religious views, or full financial details—unless you volunteer it (with separate consent, stored via enhanced encryption).

3. How We Use Your Information

Core Services: Send download links/activation codes; verify identity for payments/orders; ensure device compatibility.

Experience Optimization: Personalize recommendations (disable in “Account Settings”); improve Site performance (e.g., faster loading).

Security & Compliance: Detect fraud (fake accounts, malicious refunds); meet legal obligations (tax, regulatory requests).

Essential Notifications: Site maintenance, security alerts (cannot opt out—critical for safety).

Marketing (With Consent): Promotions (new products, discounts) only if you agree. Unsubscribe via email links or “Account Settings.”

4. Storage & Protection

4.1 Storage Rules

Location: Servers in privacy-compliant regions (EU, U.S., Singapore) or cloud providers (AWS/Google Cloud) meeting GDPR/CCPA standards. No transfers to low-protection regions without consent.

Duration:

Account data: Deleted 30 days after account deletion (or 2 years of inactivity, per CCPA).

Order/payment records: Retained 7 years (for tax/audit) then anonymized.

Usage data: Retained 1 year then aggregated into non-identifiable stats.

4.2 Security Measures

Technical: TLS 1.3 encryption (transmission), AES-256 encryption (storage); access controls (only authorized staff); AI tools to monitor fraud/unusual activity.

Management: Staff training on privacy laws; annual third-party security audits.

Breach Response: Contain breaches within 4 hours; notify you and regulators within 72 hours (per GDPR) with breach details and protection steps.

5. Sharing Your Information

We never sell/rent your data. Sharing only occurs in:

Your Consent: E.g., sharing order details with couriers for physical prizes.

Third-Party Providers (with strict agreements):

Provider Type	Purpose	Data Shared	Compliance Requirement
Payment Gateways	Secure payment processing	Order amount, transaction ID, email	PCI DSS compliant
Cloud Storage	Store virtual goods/data	Downloadable files, anonymized usage	GDPR/CCPA compliant
Customer Service	Support orders/refunds	Order number, email, issue details	No unrelated data access

Legal Obligations: Respond to court orders, subpoenas, or to protect Site/public safety.

6. Your Privacy Rights (GDPR/CCPA)

You can exercise these rights for free (except excessive requests):

Access: Get a copy of your data (account/order history).

Correction: Fix inaccurate data (e.g., update email).

Erasure: Delete data if unneeded, consent is withdrawn, or you object (no legal basis to keep it).

Restrict Processing: Pause use while verifying data accuracy.

Data Portability: Get data in CSV format (GDPR users) to transfer to other providers.

Object: Opt out of marketing/non-essential processing (we stop unless legally required to continue).

How to Exercise:

Self-service: Use “Privacy Settings” in your account.

Formal request: Email [Your Customer Service Email] with your name, registered email, and request details. We respond within 30 days (45 days for complex requests).

7. Cross-Border Data Transfer

EU users: Transfers via EU-U.S. Data Privacy Framework (DPF) or EU-approved Standard Contractual Clauses (SCCs).

California users: Transfers meet CCPA standards (equivalent protection).

Other regions: Follow local laws (e.g., PIPEDA for Canada). Request SCCs/DPF certification via customer service.

8. Third-Party Links/Tools

Site may have links to third parties (e.g., social media, Google Analytics). We aren’t responsible for their privacy practices—review their policies. Opt out of Google Analytics via Google’s Ads Settings.

9. Minor Protection

Intended for users ≥16 (GDPR) or ≥13 (COPPA, U.S.). Minors need parental consent.

We delete minor data immediately if collected without consent and notify parents.

10. Policy Updates

Material changes (e.g., data collection scope) are posted on the Site homepage and emailed to you 7 days in advance. Continuing use means you accept updates. Request update history via customer service.

11. Contact

For privacy questions/complaints:

Privacy Officer Email: zhefeicom@gmail.com

Customer Service Phone: 852-47486090

Response Time: Acknowledge within 5 business days; full response within 30 days.

You may also complain to local data authorities (e.g., ICO UK, CNIL France, California CCPA).

Privacy Policy​