Skip to main content
Get 10% off your first order — use code WELCOMEGAK10 at checkout.Shop now
GETALLKEYS

Trust

Privacy Policy

We only collect data required to process orders, comply with tax and anti-fraud regulations, and support customers.

Data we collect

  • Account profile information (name, email, billing address)
  • Order history and invoice data
  • Support conversations and activation diagnostics

How we use your data

  • Process and fulfill orders, including digital key delivery to your registered email
  • Send transactional emails such as order confirmations, invoices, and support replies
  • Detect and prevent fraud, chargebacks, and account takeover attempts
  • Send newsletter and promotional emails only when you have explicitly opted in

How we protect your data

All payment processing is handled by PCI-compliant providers (Stripe Inc., USA). We store keys in encrypted vaults with strict access controls and purge diagnostic logs on a rolling 30-day basis. We use Google Analytics and Meta Pixel for analytics and marketing. Both operate under Standard Contractual Clauses (SCCs) approved by the European Commission for lawful data transfers outside the EEA.

Cookies

We use strictly necessary cookies to keep your cart session alive and authenticate your account. Analytics cookies are set only with your consent and are used solely to improve site performance. We do not use advertising or cross-site tracking cookies.

Your rights

  • Access: request a copy of the personal data we hold about you
  • Rectification: ask us to correct inaccurate or incomplete data
  • Erasure: request deletion of your personal data where it is no longer necessary
  • Portability: receive your data in a structured, machine-readable format
  • Objection: opt out of marketing communications at any time via your account settings

Contact for privacy enquiries

For any questions about how we handle your personal data, to exercise your rights, or to submit a complaint, please contact us through our contact page. We aim to respond to all GDPR requests within 30 days. California residents (CCPA/CPRA): we respond to verified requests within 45 days, with a possible 45-day extension. You also have the right to lodge a complaint with your national data protection authority (UK: ICO at ico.org.uk; EU: your local supervisory authority).