We run a closed shop, and do not share data with third parties, except during order processing, where your order information is shared with X-Payments, PayPal, Authorize.net, MaxMind as part of payment processing and fraud analysis. For physically shipped orders, your address information is shared with FedEx, USPS, and/or ShipMyOrders.com. We never see, nor do we have access to your credit card information. After the order is placed, your order record with us contains your name, address, email, phone number, and the IP address the order was placed with. Your order record remains permanently in our system for ongoing delivery/download of the order, as well as accounting. Your order information can be zeroed out upon request, but non-user-identifiable parts of the order cannot be deleted, to ensure the proper function of the system.
For the purposes of abuse prevention, activation, analyzing system load, and troubleshooting, we track your usage across our apps/web account system, storing information for up to 14 days, after which it is purged. The record for any active login/activation exists for the duration of the session. We do not otherwise process or mine your data. Even after data has been automatically deleted or manually removed, it may continue to exist indefinitely in offsite backups, which are handled according to the highest security best practices, and are encrypted at rest.
During an order cycle, we send various transactional emails, including order confirmations, registration emails, password resets, email confirmations, as well as a review request. We will only send newsletter emails if the user has opted in during registration. We do not ever send emails to email addresses submitted via crash/bug reporting systems or to sales/customer service, except to respond to the inquiry itself. In case of a critical issue (critical software flaw or data breach), we reserve the right to email the entire customer base irrespective of email preferences.
Our system is designed for security. We use industry-standard PBKDF2 with a high cost for password hashing. Every system is PCI compliant, whether or not it is part of checkout. Payment processing is handled by PCI compliant third parties.
Should you have other questions or concerns about these privacy policies, or if you would like further information about what personal data we have on record about you, or if you would like such data deleted, please contact us at any of the addresses or phone numbers listed on the Contact Page.