Privacy Policy � BFM

1 Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Bazaar Flipper Mod ("BFM") software, website (bazaar-flip-mod.com), and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Policy. If you do not agree with this Policy, you must not use our Service.

This Policy applies to all users of BFM and visitors to our website. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

2 Data Controller

Data Controller Information:

Type: Individual (Sole Proprietor)
Location: Romania, European Union
Email: bazaarflippermod@gmail.com
Discord: discord.gg/ywwHkjZBms
Website: bazaar-flip-mod.com

3 Information We Collect

Account Information

Email address
Account password (hashed with SHA-256)
Minecraft UUID and username
License type and status
Account creation date

Device & System Data

Hardware identifier (HWID)
IP addresses
Approximate geolocation (country/region)
Operating system version
Minecraft client version

Usage Data

Feature usage statistics
Session duration and frequency
In-game events (anonymized)
Error logs and crash reports
Performance metrics

Discord Integration (Required)

Discord username and user ID
OAuth tokens (for server joining)
Discord server membership data

Payment Information

Processed securely via Stripe
We do NOT store credit card details
Transaction IDs and purchase history
Billing email address

Communications

Support ticket messages
Email correspondence
Discord chat logs (in support channels)
Feedback and survey responses

4 Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data under the following legal bases:

Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service you've purchased and maintain your license
Legitimate Interests (Article 6(1)(f)): Anti-fraud measures, security monitoring, service improvement, and business analytics
Consent (Article 6(1)(a)): Discord integration (required for license activation) and marketing communications (when you opt-in)
Legal Obligations (Article 6(1)(c)): Compliance with EU tax laws, payment processing regulations, and data breach notification requirements

5 How We Use Your Information

5.1 Service Provision

Authenticating and managing licenses
Providing software functionality and features
Processing payments and transactions via Stripe
Delivering customer support
Managing account settings and preferences

5.2 Security and Compliance

Preventing piracy and unauthorized use
Detecting and preventing fraud and abuse
Enforcing our Terms of Service
Complying with legal obligations and requests
Investigating security incidents

5.3 Service Improvement

Analyzing usage patterns and feature adoption
Identifying and fixing bugs
Developing new features based on user behavior
Optimizing performance and stability

5.4 Communications

Sending important service updates and notifications
Responding to support requests and inquiries
Security alerts and authentication emails
Administrative communications about your account

Note: We do NOT send marketing emails or promotional communications unless you explicitly opt-in.

6 Data Sharing and Disclosure

We Do NOT Sell Your Data: We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6.1 Third-Party Service Providers

We share data with trusted service providers who assist us in operating our Service:

Payment Processing

Stripe: Payment processing, license management

Infrastructure

DigitalOcean: Server hosting (EU/US servers)
Cloudflare: CDN, DDoS protection, analytics

Communications

Discord: Required integration (OAuth)
Gmail SMTP: Transactional emails

Analytics

Cloudflare Analytics: Website traffic
Internal Analytics: Mod usage (anonymized)

6.2 Legal Disclosure

We may disclose information when required by:

Law enforcement requests with valid legal process
Court orders, subpoenas, or legal mandates
Protection of our legal rights or property
Prevention of fraud, security threats, or illegal activity
Enforcement of our Terms of Service

6.3 Business Transfers

In the event of a merger, acquisition, or asset sale, user information may be transferred. We will notify you via email and Discord before your information becomes subject to a different privacy policy.

7 Data Retention

We retain your data for different periods based on its type and purpose:

Account Data: Duration of customer relationship, or until deletion requested
Transaction Records: 7 years (legal/tax requirement)
Authentication Logs: 90 days (security monitoring)
Server Access Logs: 2 weeks (automatically purged)
Usage Analytics: Duration of customer relationship (anonymized after 12 months)
Support Communications: Duration of customer relationship
Crash Reports: 30 days (for debugging)

Data Deletion: Upon account termination or deletion request, we will delete or anonymize personal data except where retention is required by law (e.g., financial records for tax purposes).

8 Data Security

We implement comprehensive technical and organizational measures to protect your data:

TLS 1.3 Encryption SHA-256 Hashing AES-256 Storage JWT Auth HTTPS Only DDoS Protection Regular Backups Access Controls

8.1 Technical Safeguards

Encryption in Transit: All data transmitted via TLS 1.3
Encryption at Rest: Database encrypted with AES-256
Password Security: Client-side hashing (SHA-256) before transmission
Session Management: Secure JWT tokens with 24-hour expiration
DDoS Protection: Cloudflare's enterprise-grade protection

8.2 Organizational Safeguards

Access Controls: Limited team access on need-to-know basis
Security Monitoring: 24/7 automated monitoring and alerts
Regular Updates: Security patches applied promptly
Incident Response: Documented breach notification procedures

Important: While we implement industry best practices, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9 Your Rights (GDPR / UK GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

Request a copy of all personal data we hold about you, including how it's used and who it's shared with.

Right to Rectification (Article 16)

Correct any inaccurate or incomplete personal information.

Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data (subject to legal retention requirements).

Right to Restriction of Processing (Article 18)

Limit how we use your data in certain circumstances.

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format to transfer to another service.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

Right not to be subject to automated decisions with legal/significant effects (we do not currently use such systems).

9.1 Exercising Your Rights

To exercise any of these rights, contact us via:

Email: bazaarflippermod@gmail.com
Discord: discord.gg/ywwHkjZBms (open a ticket)

Please include proof of identity and specify which right(s) you wish to exercise. We will respond within 30 days as required by GDPR.

9.2 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority within the EU/EEA.

10 International Data Transfers

Your data is primarily stored and processed within the European Union and United States (DigitalOcean servers). Limited transfers may occur to:

Stripe (USA): Payment processing � covered by EU-US Data Privacy Framework
Cloudflare (Global CDN): Security and performance � GDPR-compliant
Discord (USA): Required integration � consent obtained during license activation

For any transfers outside the EU/EEA, we ensure appropriate safeguards through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements (DPAs) with all processors
Adequacy decisions where applicable (e.g., EU-US Data Privacy Framework)
Your explicit consent for required features (Discord integration)

11 Cookies and Tracking

11.1 Website Cookies

Our website (bazaar-flip-mod.com) uses minimal cookies:

Essential Cookies: Session authentication, theme preferences (stored locally)
Cloudflare Cookies: Security and DDoS protection (necessary for service operation)
Analytics: Cloudflare Analytics (server-side, privacy-focused, no third-party trackers)

We do NOT use: Marketing cookies, advertising trackers, or third-party analytics like Google Analytics.

11.2 Software Analytics

The BFM client software collects anonymized usage analytics to improve performance and identify bugs. This data is sent to our servers and includes:

Feature usage counts (e.g., "flip calculator used 15 times")
Session duration
Error logs and crash reports

Analytics data is collected in anonymized form and cannot be used to identify individual users. If you wish to opt out, contact support via Discord.

12 Children's Privacy

We do not knowingly collect personal information from children under 13 years of age (or under 16 in the EU/EEA). If we discover that we have collected information from a child without parental consent, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information without consent, please contact us immediately at bazaarflippermod@gmail.com.

13 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request categories and specific pieces of personal information collected
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do NOT sell personal information, so opt-out is not applicable
Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact bazaarflippermod@gmail.com with "CCPA Request" in the subject line.

14 Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this Policy
Notify you via email (if you have an account)
Post an announcement in our Discord server
Display a notice on our website

Your continued use of the Service after changes constitutes acceptance of the updated Policy. We encourage you to review this Policy periodically.

15 Contact Information

For privacy-related questions, concerns, or to exercise your rights:

Data Controller:

Email: bazaarflippermod@gmail.com
Discord: discord.gg/ywwHkjZBms (Preferred � open a ticket in #support)
Website: bazaar-flip-mod.com
Response Time: Within 30 days (GDPR requirement)

BY USING BAZAAR FLIPPER MOD, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.