🔓Privacy Agreement

Official Privacy Agreement (webstore)

This privacy policy will give information on how AethraCraft Store, located at craftingstore.net collects and processes personal data through our website craftingstore.net ("our website", "this website"), and third party webstores ("webstore") that utilizes the CraftingStore donation platform.

This website is not intended for children and we do not knowingly collect data relating to children. We realize and understand that children and young people may visit this website, or otherwise interact with us and our commercial partners. It is our policy to encourage all minors to consult with their parents or legal guardian before submitting any content or information to us, our commercial partners or other third parties.

Section 1 - Controller

CraftingStore is the controller and responsible for your personal data, referred to as "CraftingStore", "us", "we", or "our" in this privacy policy.

Section 2 - The data we collect

We will describe any data that we collect that is deemed to be "personal data, or personal information". This means that this only includes data that can be used to identify you as a person. No data that is anonymized will be covered.

Section 3 - Information that we collect, and why

Username

Description: The name that you entered when creating your account.

Reason: The username is used to address you on our platform, this may include messages on the dashboard, e-mails, or similar situations.

E-mail address

Description: The e-mail address that you enter when creating your account.

Reason: To allow you to log in to your account, and to send notifications about payment information, or account information. We will never share this information with any third party.

Password

Description: The password that you entered when creating your account will be stored in a hashed form (we cannot "revert" it to your real password, nor can we see your real password.)

Reason: To allow you to log in to your account.

IP Address

Description: We store your IP address when you first create your account, and when you sign in again.

Reason: We store your IP address for security reasons, this includes our ability to verify ownership, or detecting abnormal activities on an account, done from another IP address.

Billing Information

Description: If you sign up for a `paid-for` plan, we are required by law to ask for, and store, billing information for creating the invoice. This includes; Country, VAT number, Phone number, State, Zip Code, City, Address, First legal name, Last legal name.

Reason: We are required by law to store this information for tax purposes.

Analytics

We use a self-hosted matomo server for storing visitor counts on our website, it stores information like; Operation system, screen resolution, browser, your country, and the first few parts of the IP, no data is given to third parties. We only enable analytics tracking when cookies are accepted, and when the browser does not give us a "Do-not-track" request. We respect "do-not-track" requests.

Reason: We want to know about visit counts on our website, and where our visitors are coming from, we do not use this information for any other purpose. And we do not sell any of this information.

Section 4 - How is my data collected?

We use various methods to collect data;

Direct integration

We use a form or ask directly for information from you. This includes any form that you can fill in; Registration, Support requests, Billing information, etc.

Automated technologies

Our servers may log automated information, for example, any page that you visit. This information is logged to a server log that can be used for debugging purposes. We do not sell this data to any third party, and we will not use it to track you, these are just technical logs created by the software that we use to serve our platform.

Third-party integrations

We use various third-party integrations to monitor the performance of our platform and to assist you in using our platform. You can find more information about this in section 5.

Section 5 - Third-party integrations

We use various third-party services to provide you with our services, this section will describe the services that we use, and why we use them.

CloudFlare

CloudFlare is a CDN (Content Delivery Network) and DDoS protection provider. A large chunk of the internet (about 30-40%) has CloudFlare in front of its website, including us. CloudFlare provides us with protection against network attacks. CloudFlare might use your information to determine a security score. For information about their policies, take a look at their website: https://www.cloudflare.com/

Wozzbot

Wozzbot is the chatbot that is loaded on every page. The chatbot is loaded from our own website, it will only communicate to an external website when you click it. You can find more information on their website, take a look at https://www.wozzbot.com/

hCaptcha

We use the hCaptcha anti-bot service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI"). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the "invisible mode" may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI's privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/priva... and https://www.hcaptcha.com/terms.

Section 6 - Third-party data sharing

We may share your information with various third parties, but only when required. We might share data with;

  • Providers used by us to provide you with our services, this includes, for example, payment providers that we use to process your payments (e.g. Stripe or PayPal).

  • Professional advisors inside the EEA, who provide us with consulting, banking, legal, insurance and accounting services. This includes lawyers, bankers, auditors, and insurers.

Section 7 - Data Security

We have put in place the appropriate security measures to make sure that your data does not get lost, used, or accessed in an unauthorized way.

We limit access to your data to employees, agents, contractors and other third parties who have a business need to know. They will process data only when instructed by us, and they are subject to a duty of confidentiality.

To help us protect your data, you can do a few things, like making sure that your password is unique to only our website, and does not include public information, like your name.

Section 8 - Data retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We are required by tax law to keep basic information, including Contact, Identity, Financial and Transaction Data. We are required to keep this data for up to 10 (ten) years.

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access – You have the right to request copies of your personal data.

  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

You will not have to pay a fee to access your data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If you make a request, we have one month to respond to you. It might take longer if the request is complex, we will keep you updated if this is the case.

If you wish to request removal of data, and you are a:

  • Store owner (you have a CraftingStore account) – You can close your account from your profile, this will remove all information if you do not log back into the account within 30 days.

  • Game server player (you bought a rank on a CraftingStore powered webstore) – You can access our "Data Removal" page to automatically remove your information, see: https://dash.craftingstore.net/gdpr.

If you wish to exercise any of your other right listed above, please email us at info@craftingstore.net.

Last updated