Back to Shop

Privacy Policy

Last updated: November 14, 2025

This Privacy Policy describes how we collect, use, and protect your personal information when you use our 3D asset marketplace. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Information We Collect

We collect the following types of personal information:

  • Account Information: Name, email address, password (hashed), and account preferences
  • Purchase Information: Order history, payment details (processed securely through payment providers), billing addresses
  • Usage Data: IP address, browser type, device information, pages visited, and interaction data
  • Communication Data: Messages sent through our contact forms or customer support
  • Metadata: Timestamps, session data, and technical logs

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: To fulfill our contractual obligations (processing orders, delivering digital assets)
  • Consent: When you explicitly consent to specific processing activities (e.g., marketing communications)
  • Legitimate Interest: For website security, fraud prevention, and service improvement
  • Legal Obligation: To comply with tax, accounting, and regulatory requirements

3. How We Use Your Information

We use your personal information for the following purposes:

  • Processing and fulfilling your orders
  • Managing your account and providing customer support
  • Verifying ownership of purchased digital assets
  • Preventing fraud and ensuring platform security
  • Complying with legal and tax obligations
  • Improving our services and user experience
  • Sending important account-related communications (not marketing)

4. Data Retention

We retain your personal data for the following periods:

  • Account Data: Retained for the duration of your account, plus 3 years after account deletion for legal compliance
  • Order Data: Retained for 7 years for tax and accounting purposes (as required by law)
  • Purchase Records: Retained indefinitely to verify ownership of digital assets
  • Usage Data: Retained for 12 months for security and analytics purposes

5. Cookies and Tracking Technologies

We currently do not use cookies or similar tracking technologies on our website. If this changes in the future, we will update this Privacy Policy accordingly and notify users.

6. Data Processors and Third Parties

We share your data with the following trusted service providers (data processors):

  • Stripe: Payment processing (card numbers are never stored on our servers)
  • Cloudflare: Content delivery, security, and DDoS protection
  • Hosting Provider: Server infrastructure and data storage

All data processors are contractually bound to protect your data and comply with GDPR requirements. We do not sell your personal information to third parties.

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing that relies on consent

To exercise these rights, please contact us using the information provided in the Contact section below. We will respond to your request within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing (bcrypt/argon2)
  • Regular security audits and updates
  • Access controls and authentication
  • Secure payment processing (PCI DSS compliant)

9. International Data Transfers

Your data may be processed and stored outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

10. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Information

For questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us:

You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

This Privacy Policy is compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679.