Privacy Policy

The controller of your personal data is:

• xrs s. r. o.
• ICO: 23612819
• Registered address: Viktora Bilčíka 2911/10, 915 01 Nové Mesto nad Váhom, Slovakia
• Contact: legal@marcelkaware.dev

Depending on how you use the Platform, we may collect:

Account data

• email address
• username
• password or authentication-related metadata
• account status and account history

Payment and access data

• payment status
• subscription status
• transaction references
• reseller key redemption data
• invoice or billing metadata
• dispute, refund, or chargeback-related data

Device and security data

• IP address
• device-related identifiers
• hardware or device control data
• HWID-related records
• security logs
• fraud-prevention and anti-abuse indicators

Support and community data

• support ticket contents
• support replies
• forum posts
• messages or reports submitted through moderation or appeal tools
• content moderation history

Technical and usage data

• session data
• cookies or similar identifiers
• page interactions
• diagnostics
• error and event logs

We use personal data to:

• create and manage accounts,
• authenticate users,
• deliver paid or redeemed access,
• process payments and confirm payment state,
• operate support and community features,
• enforce our Terms and security rules,
• detect fraud, abuse, or unauthorized access,
• review disputes, chargebacks, resets, and appeals,
• maintain and improve the Platform,
• comply with legal, tax, accounting, and security obligations.

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

• performance of a contract,
• compliance with legal obligations,
• our legitimate interests in operating, securing, and improving the Platform,
• your consent, where consent is required,
• establishment, exercise, or defense of legal claims, where applicable.

We may process card payments through Stripe.

We may process crypto-related payment flows through a self-hosted BTCPay Server environment operated by us.

Payment initiation does not itself create entitlement. We may use payment records, invoice state, webhook data, dispute records, and redemption data to determine access status and enforce billing rules.

We may share relevant data with service providers and recipients that support operation of the Platform, such as:

• Convex for backend infrastructure and data services
• Stripe for payment processing
• self-hosted BTCPay Server infrastructure operated by us for crypto payment handling
• Resend for email delivery
• PostHog Cloud EU for analytics, if enabled
• Sentry for error monitoring and diagnostics, if enabled
• hosting, DNS, security, and operational providers where required for Platform operation

We may also disclose data:

• where required by law,
• to respond to legal process,
• to protect rights, safety, or security,
• in connection with fraud prevention, dispute handling, or legal claims.

We may use cookies and similar technologies for:

• authentication,
• session management,
• security,
• Platform functionality,
• analytics and performance measurement.

Some cookies may be strictly necessary for operation of the Platform. Others may be used for analytics or service improvement where implemented.

We retain data for as long as needed for the purposes described in this Policy, including:

• account data: while your account remains active and for a reasonable period afterward where needed for security, legal compliance, or claims
• payment and accounting records: for as long as required by applicable tax, accounting, or legal obligations
• support tickets and forum content: until deleted, removed, or no longer needed, subject to legal, security, moderation, or claims-related retention needs
• audit and security logs: for as long as reasonably necessary for fraud prevention, abuse detection, enforcement, security, and legal claims

We may retain certain data longer where required or justified by law, fraud prevention, dispute handling, or legal defense.

Because the Platform is offered globally, some service providers or infrastructure may process data outside your country of residence.

Where required by law, we take appropriate steps to protect personal data transferred internationally.

Where applicable law grants you rights, you may have the right to:

• access your personal data,
• correct inaccurate data,
• request deletion,
• request restriction of processing,
• object to certain processing,
• request data portability,
• withdraw consent where processing is based on consent,
• lodge a complaint with a competent supervisory authority.

These rights may be limited where legal exemptions apply or where retention is necessary for legal, security, or fraud-prevention reasons.

We use reasonable technical and organizational measures intended to protect personal data, account integrity, and operational security.

No system can be guaranteed fully secure, and we cannot guarantee absolute security.

Information you choose to publish in community areas may be visible to other users depending on your profile, permissions, and content visibility settings.

We may moderate or remove content in accordance with our rules and operational needs.

The Platform is not directed specifically to children.

If you are legally required to have parental or guardian authorization in order to use the Platform, you must obtain it before use.

For privacy-related questions or requests, contact: legal@marcelkaware.dev