Privacy Policy

1. Data We Collect

We collect the following data when you use ShopBot:

• Account data: email address, Discord user ID and username
• Shop data: stock items, orders, sales records, tickets, vouches, promo codes, and related business data you enter
• Roblox data: Roblox usernames and user IDs associated with orders. Roblox account credentials are encrypted with AES-256-GCM before storage
• Payment data: processed entirely by Stripe. We do not store card numbers, CVVs, or bank details
• Usage data: pages visited, features used, and interaction timestamps for analytics

2. How We Use Your Data

Your data is used to: provide and operate the Service; process orders and transactions; send service notifications; improve features and performance; prevent fraud and enforce our terms; and communicate important updates.

3. Data Storage & Security

Data is stored on secured servers. Roblox credentials are encrypted at rest using AES-256-GCM military-grade encryption. Database access is restricted. We use HTTPS for all data in transit. Backups are encrypted and retained for disaster recovery.

4. Third Parties

We share data with the following third parties only as necessary to operate the Service:

• Stripe: payment processing (subject to Stripe's Privacy Policy)
• Discord: bot functionality and user authentication (subject to Discord's Privacy Policy)
• DigitalOcean: server infrastructure and hosting

We do not sell your data to third parties.

5. Data Retention

We retain your data for as long as your account is active. Upon cancellation, data is retained for 30 days to allow reactivation, then permanently deleted. You may request earlier deletion by contacting us.

6. Your Rights

Under GDPR and UK data protection law, you have the right to: access your personal data; request correction of inaccurate data; request deletion of your data; export your data in a portable format; withdraw consent at any time; and lodge a complaint with the ICO.

7. Cookies

We use essential cookies only — session tokens for authentication. We do not use tracking cookies or third-party analytics cookies.

8. Changes

We may update this policy from time to time. We will notify users of material changes via email or Discord announcement.