Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Bazaar Flipper Mod ("BFM") software, website (bazaar-flip-mod.com), and related services (collectively, the "Service").

This Policy applies to all users of BFM and visitors to our website. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

Under GDPR, we process your personal data under the following legal bases:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service you've purchased and maintain your license
• Legitimate Interests (Article 6(1)(f)): Anti-fraud measures, security monitoring, service improvement, and business analytics
• Consent (Article 6(1)(a)): Optional features like Discord integration and marketing communications (when you opt-in)
• Legal Obligations (Article 6(1)(c)): Compliance with EU tax laws, payment processing regulations, and data breach notification requirements

5.1 Service Provision

• Authenticating and managing licenses
• Providing software functionality and features
• Processing payments and transactions via Stripe
• Delivering customer support
• Managing account settings and preferences

5.2 Security and Compliance

• Preventing piracy and unauthorized use
• Detecting and preventing fraud and abuse
• Enforcing our Terms of Service
• Complying with legal obligations and requests
• Investigating security incidents

5.3 Service Improvement

• Analyzing usage patterns and feature adoption
• Identifying and fixing bugs
• Developing new features based on user behavior
• Optimizing performance and stability

5.4 Communications

• Sending important service updates and notifications
• Responding to support requests and inquiries
• Security alerts and authentication emails
• Administrative communications about your account

Note: We do NOT send marketing emails or promotional communications unless you explicitly opt-in.

6.1 Third-Party Service Providers

We share data with trusted service providers who assist us in operating our Service:

6.2 Legal Disclosure

We may disclose information when required by:

• Law enforcement requests with valid legal process
• Court orders, subpoenas, or legal mandates
• Protection of our legal rights or property
• Prevention of fraud, security threats, or illegal activity
• Enforcement of our Terms of Service

6.3 Business Transfers

In the event of a merger, acquisition, or asset sale, user information may be transferred. We will notify you via email and Discord before your information becomes subject to a different privacy policy.

We retain your data for different periods based on its type and purpose:

• Account Data: Duration of customer relationship, or until deletion requested
• Transaction Records: 7 years (legal/tax requirement)
• Authentication Logs: 90 days (security monitoring)
• Server Access Logs: 2 weeks (automatically purged)
• Usage Analytics: Duration of customer relationship (anonymized after 12 months)
• Support Communications: Duration of customer relationship
• Crash Reports: 30 days (for debugging)

We implement comprehensive technical and organizational measures to protect your data:

8.1 Technical Safeguards

• Encryption in Transit: All data transmitted via TLS 1.3
• Encryption at Rest: Database encrypted with AES-256
• Password Security: Client-side hashing (SHA-256) before transmission
• Session Management: Secure JWT tokens with 24-hour expiration
• DDoS Protection: Cloudflare's enterprise-grade protection

8.2 Organizational Safeguards

• Access Controls: Limited team access on need-to-know basis
• Security Monitoring: 24/7 automated monitoring and alerts
• Regular Updates: Security patches applied promptly
• Incident Response: Documented breach notification procedures

Under GDPR, you have the following rights regarding your personal data:

9.1 Exercising Your Rights

To exercise any of these rights, contact us via:

• Email: bazaarflippermod@gmail.com (Temporary)
• Discord: discord.gg/8Xd7rJ6sqh (open a ticket)

Please include proof of identity and specify which right(s) you wish to exercise. We will respond within 30 days as required by GDPR.

9.2 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority within the EU/EEA.

Your data is primarily stored and processed within the European Union and United States (DigitalOcean servers). Limited transfers may occur to:

• Stripe (USA): Payment processing - covered by EU-US Data Privacy Framework
• Cloudflare (Global CDN): Security and performance - GDPR-compliant
• Discord (USA): Optional integration - user consent obtained

For any transfers outside the EU/EEA, we ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements (DPAs) with all processors
• Adequacy decisions where applicable (e.g., EU-US Data Privacy Framework)
• Your explicit consent for optional features (Discord integration)

11.1 Website Cookies

Our website (bazaar-flip-mod.com) uses minimal cookies:

• Essential Cookies: Session authentication, theme preferences (stored locally)
• Cloudflare Cookies: Security and DDoS protection (necessary for service operation)
• Analytics: Cloudflare Analytics (server-side, privacy-focused, no third-party trackers)

We do NOT use: Marketing cookies, advertising trackers, or third-party analytics like Google Analytics.

11.2 Software Analytics

The BFM client software collects anonymized usage analytics to improve performance and identify bugs. This data is sent to our servers and includes:

• Feature usage counts (e.g., "flip calculator used 15 times")
• Session duration
• Error logs and crash reports

You can opt-out of analytics in the mod settings menu (Settings → Privacy → Disable Analytics).

We do not knowingly collect personal information from children under 13 years of age (or under 16 in the EU/EEA). If we discover that we have collected information from a child without parental consent, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information without consent, please contact us immediately at bazaarflippermod@gmail.com.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request categories and specific pieces of personal information collected
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do NOT sell personal information, so opt-out is not applicable
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact bazaarflippermod@gmail.com with "CCPA Request" in the subject line.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Policy
• Notify you via email (if you have an account)
• Post an announcement in our Discord server
• Display a notice on our website

Your continued use of the Service after changes constitutes acceptance of the updated Policy. We encourage you to review this Policy periodically.

For privacy-related questions, concerns, or to exercise your rights: