CICADA.SERVICES
// Legal

Privacy Policy

What we collect, why we collect it, and how to control it.

Effective: 26 May 2026

This Privacy Policy explains how Cicada Services("we", "us", "our") collects, uses, and protects information about you when you use cicadaservices.store (the "Site"). We respect your privacy. We collect as little data as possible to operate the Services, and we never sell it.

1. Information we collect

You provide directly

  • Email address — used to deliver your purchased keys, send order receipts, and respond to support requests.
  • Account credentials — if you create an account, your password is stored hashed (we cannot read it).
  • Support communications — when you contact us, we keep a record of the conversation.

Collected automatically

  • Order metadata — items, prices, dates, order status.
  • Limited technical data — IP address, browser type, and pages viewed, used for security and to detect fraud.
  • Local storage — your shopping cart is stored in your browser's localStorage. It never reaches our servers until you check out.

Collected by our payment processors

We use the following payment processors. Their respective privacy policies govern data they collect:

  • NOWPayments — for cryptocurrency payments. Receives transaction details (amount, coin, wallet addresses). Privacy policy: nowpayments.io/privacy-policy.
  • Bank transfer — when you transfer to our business bank account, your bank shares the sender details (name, account number, transfer memo) with us, as required by banking regulations. We use this only to match your transfer to your order.

We do not see, store, or have access to your credit card information at any time, because we do not process card payments.

2. How we use your information

  • To fulfill and deliver your orders.
  • To provide customer support.
  • To prevent fraud, chargebacks, and abuse.
  • To comply with legal obligations (tax records, anti-fraud requirements).
  • To improve the Site (aggregated, anonymized usage analysis).

We do not use your information to:

  • Sell or rent it to third parties.
  • Send marketing emails without your opt-in consent.
  • Build advertising profiles or share with ad networks.

3. Who we share with

We share only what is necessary, only with:

  • NOWPayments — when you pay with cryptocurrency. Privacy policy.
  • Our bank — when you pay by bank transfer, basic transfer details are visible to us via our business banking. We do not share customer data with our bank beyond what the bank itself sees on the incoming transfer.
  • Supabase — our database and authentication provider, which stores your account and order data. Privacy policy.
  • Email delivery providers — to send order confirmations and support replies.
  • Legal authorities — only when required by valid legal process (subpoena, court order, lawful request).

4. International transfers

We operate from Suriname. Our service providers (Paddle, Supabase) host data in the EU, US, and elsewhere. By using the Site, you understand that your data may be transferred internationally and processed in those jurisdictions. We use providers that maintain appropriate safeguards (Standard Contractual Clauses where applicable).

5. Data retention

  • Account & order data — kept for as long as your account exists, plus up to 7 years thereafter for tax and legal record-keeping.
  • Support communications — kept for 2 years from the last interaction.
  • Marketing opt-in records — kept until you opt out.

You may request earlier deletion (see "Your rights" below).

6. Your rights

Depending on where you live (GDPR for EU/UK residents, CCPA for California residents, similar laws elsewhere), you have rights to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Request a portable copy of your data.
  • Object to or restrict certain types of processing.
  • Withdraw consent for marketing communications at any time.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email support@cicadaservices.store from the address associated with your account. We respond within 30 days.

7. Security

  • Passwords are stored hashed using industry-standard algorithms.
  • Game keys are encrypted at rest in our database.
  • All traffic to the Site is encrypted in transit via TLS/HTTPS.
  • Access to production systems is restricted and logged.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you and the appropriate regulators within the timeframes required by law.

8. Cookies and local storage

We use minimal cookies and browser storage:

  • Authentication cookies — set when you sign in, required to keep you logged in.
  • Cart storage — your cart is stored in your browser's localStorage and never sent to us until checkout.
  • No third-party tracking cookies — we do not use Google Analytics, Meta Pixel, or similar trackers at this time.

You can clear cookies and local storage at any time through your browser settings.

9. Children

The Services are not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a child, contact us and we will delete it.

10. Changes to this policy

We may update this policy. The "Effective" date at the top reflects the latest revision. Material changes will be announced on the Site and, where required, by email.

11. Contact

Privacy questions or requests: support@cicadaservices.store.