隐私 政策

最后更新: May 4, 2026

ZhexCheats ("we", "us", "our") respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it, and how you can control it. It applies to zhexcheats.com and our related services.

1. Data We Collect

1.1 Provided directly

  • Account info — email, username, password (stored as a salted bcrypt hash, never in plaintext).
  • Order info — billing email, items purchased, amounts.
  • Support correspondence — messages you send us via email or Discord.

1.2 Collected automatically

  • Technical — IP address, browser, OS, referrer, viewport, language preference.
  • Session cookies — see our Cookie Policy.
  • Fraud signals — passed back to us by our payment processor (Moneymotion).

1.3 NOT collected

We do not see or store your full payment card number, CVV, or cryptocurrency wallet credentials. Those are handled exclusively by our payment processors.

2. Legal Bases (GDPR Article 6)

  • Contract — to provide you with the software you purchased.
  • Legitimate interest — fraud prevention, abuse mitigation, basic analytics.
  • Consent — non-essential cookies, marketing emails.
  • Legal obligation — tax records, retained as required.

3. How We Use Your Data

  • Operate and improve the Site.
  • Process orders and deliver license keys.
  • Authenticate you and protect your account.
  • Detect, investigate, and prevent fraud.
  • Send transactional emails (receipts, password resets).
  • Comply with legal obligations.

4. Sharing & Sub-Processors

We share data only with carefully selected sub-processors, each subject to data-protection terms:

  • Moneymotion — payment processing.
  • Cloudflare R2 — software binary storage and signed-URL delivery.
  • Supabase / Postgres — primary database hosting.
  • Vercel — site hosting and edge delivery.
  • Anthropic — automated localization of UI strings (only marketing copy, never personal data).

We do not sell your personal data. We share data with law enforcement only when compelled by valid legal process or to protect users from imminent harm.

5. International Transfers

Your data may be processed in regions outside your home country, including the United States and the European Union, by the sub-processors listed above. Where transfers leave the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.

6. Data Retention

  • Account data: until you request deletion or the account becomes inactive for 5+ years.
  • Order & payment records: 7 years (tax law).
  • Server logs: 30–90 days.
  • Fraud signals: up to 5 years for repeat-abuser pattern matching.

7. Your Rights

If you are in the EEA, UK, or California you have the right to:

  • Access the personal data we hold on you.
  • Correct inaccurate data.
  • Request deletion (subject to legal retention).
  • Restrict or object to processing.
  • Receive a portable copy.
  • Withdraw consent at any time.
  • Lodge a complaint with your data-protection authority.

Exercise any of these by emailing [email protected]. We respond within 30 days.

8. Security

We employ industry-standard security measures: TLS in transit, bcrypt password hashing, HMAC-verified webhooks, principle-of-least-privilege access controls, and brute-force lockout on authentication. No system is perfect — if we ever experience a breach affecting your data, we will notify you and the appropriate authority within 72 hours, as required by GDPR Article 33.

9. Children

The Site is not directed at minors. If you believe a child has provided personal data without consent, contact us and we will delete it promptly.

10. Changes to This Policy

We will update this Policy as our practices evolve. The "Last updated" date at the top of this page reflects the latest revision. Material changes are surfaced on the Site or by email where required.

11. Contact

Data Protection contact: [email protected].