Privacy Policy

1. Data Controller

The controller of your personal data is MondraqCode. For questions about data processing, contact us through the support form.

2. What Data We Collect

We collect the following personal data:

• Email address - required for registration and communication
• Username - provided during registration
• Password - stored in hashed form (we cannot read it)
• IP address - logged for security purposes
• Transaction history - purchases and top-ups
• Consent preferences - cookies, marketing, analytics

3. Purpose of Data Processing

We process your data for:

• Account registration and authentication
• Transaction processing and product delivery
• Technical support
• Sending order confirmations and license keys
• Website traffic analysis (with consent)
• Marketing communications (with consent only)
• Ensuring service security

4. Legal Basis for Processing

We process your data based on:

• Art. 6(1)(a) GDPR - your consent (for cookies and marketing)
• Art. 6(1)(b) GDPR - contract performance (commercial transactions)
• Art. 6(1)(c) GDPR - legal obligation (tax data retention)
• Art. 6(1)(f) GDPR - legitimate interest (security)

5. Data Retention Period

We retain data for:

• Account data - throughout service use and 1 year after account deletion
• Transaction history - 6 years (accounting law requirement)
• IP addresses - 90 days
• Cookie consent - 1 year from consent
• Marketing data - until consent withdrawal

6. Your Rights

Under GDPR you have the right to:

• Access - request a copy of your data
• Rectification - request correction of inaccurate data
• Erasure - request deletion (right to be forgotten)
• Restriction - request processing limitation
• Portability - request data in CSV format
• Object - object to marketing processing
• Withdraw consent - withdraw cookie/marketing consent anytime

To exercise these rights, contact us via the support form.

7. Data Security

We protect your data through:

• bcrypt password hashing
• HTTPS (SSL/TLS) encryption for all transmissions
• Restricted data access (essential personnel only)
• Regular backups
• Security monitoring

8. Data Sharing

We share your data with:

• Discord (optional) - if you link your account, we send your Discord ID for role assignment
• Email provider - for sending confirmation emails
• Payment provider (HotPay) - amount and order ID for payment processing
• Public authorities - if required by law

We do NOT sell your data to third parties.

9. Cookies & Analytics

We use cookies for:

• Essential - login sessions, CSRF protection
• Analytics (with consent) - Google Analytics to understand site usage
• Marketing (with consent) - Facebook Pixel for relevant ads

You can manage cookie preferences anytime via the banner on the site.

10. Privacy Contact

If you have questions about data processing:

• Use the support form: support
• Email: mondraq.kontakt@gmail.com

11. Supervisory Authority

If you believe we have violated your privacy, you have the right to file a complaint with the President of the Personal Data Protection Office (UODO) in Poland.

12. Policy Changes

We reserve the right to modify this policy. Changes will be published on this page. Significant changes will be accompanied by email notification.

Last updated: December 16, 2025