🔒
Privacy Policy
Last updated: February 2026. Your privacy matters — here's how we handle your data.
1. Information We Collect
Account Information: Email address, display name, country, and password (hashed — we never store plaintext passwords).
Seller Application Data: Roblox username, Discord username, age range, trading experience, and other questionnaire responses submitted during the seller application process.
Transaction Data: Order history, payment method used, amounts, item details, and delivery confirmations.
Communications: Messages sent through our order chat system between buyers and sellers.
Device & Usage Data: IP address, browser type, pages visited, and timestamps for security and fraud prevention.
2. How We Use Your Information
Platform Operations: Processing transactions, managing escrow, and facilitating item delivery between buyers and sellers.
Account Security: Detecting fraud, preventing unauthorized access, and enforcing our Terms of Service.
Dispute Resolution: Reviewing evidence and communications when disputes arise between parties.
Platform Improvement: Analyzing usage patterns to improve features, fix bugs, and enhance user experience.
Communication: Sending order updates, security alerts, and important platform announcements.
3. Information Sharing
Between Users: Your display name and seller profile (if applicable) are visible to other users. Your email and personal details are never shared with other users.
Payment Processors: We share necessary transaction data with PayPal and cryptocurrency payment processors to complete payments.
Legal Requirements: We may disclose information when required by law, court order, or to protect our rights and safety.
No Selling of Data: We do not sell, rent, or trade your personal information to third parties for marketing purposes.
4. Data Security
Encryption: All data is transmitted over HTTPS/TLS. Passwords are hashed using bcrypt with salt rounds.
Access Controls: Only authorized administrators can access user data, and all admin actions are logged in our audit system.
Token Security: Authentication uses short-lived JWT access tokens with secure refresh token rotation.
Monitoring: We maintain audit logs of significant account and transaction events for security purposes.
5. Data Retention
Active Accounts: Your data is retained for as long as your account is active.
Deleted Accounts: Upon account deletion request, personal data is removed within 30 days. Transaction records may be retained for legal and financial compliance purposes.
Chat Messages: Order chat messages are retained for 90 days after order completion for dispute resolution purposes.
Audit Logs: Security and transaction audit logs are retained for 1 year.
6. Your Rights
Access: You can view your account data, order history, and profile information at any time.
Correction: You can update your display name, email, and other profile information through your account settings.
Deletion: You can request account deletion by contacting support. Pending orders must be completed or cancelled first.
Data Export: You can request a copy of your personal data by contacting support.
7. Cookies & Local Storage
Authentication Tokens: We store JWT tokens in localStorage to keep you signed in. These are essential for platform functionality.
Cart Data: Your shopping cart is stored in localStorage for convenience. It is cleared on logout.
No Tracking Cookies: We do not use third-party tracking cookies or advertising pixels.
8. Children's Privacy
Age Requirement: Users must be at least 13 years old. Users under 18 must have parental consent.
Minors' Data: We do not knowingly collect data from children under 13. If we discover such data, we will delete it promptly.
Questions about your privacy? Contact us at Support or email privacy@VaultMM2.local