Skip to main content

Privacy Policy

Last updated: April 2026

1. The short version

We collect the bare minimum needed to deliver your purchase: your email address and what you bought. We don't collect your real name, your address, your IP for tracking purposes, or your payment-card details (because we don't accept cards). We don't sell or share your data with anyone.

2. What we collect

  • Email address — to deliver your order, send the confirmation, and contact you about post-purchase support.
  • Order details — what you bought, when, and the amount paid. Stored in our database to honor warranty and refund requests.
  • For specific products only — the account email/username you provide for “account upgrade” or “invite” type purchases. Stored encrypted and deleted after order fulfillment.
  • Server logs — request URLs and timestamps for security and debugging. No personally-identifying info.

3. What we do NOT collect

  • No real names. No physical addresses. No phone numbers.
  • No card numbers — we never see them, NowPayments handles all payment data.
  • No tracking cookies, no fingerprinting, no third-party ad pixels.
  • No KYC documents. No government ID.

4. Who sees your data

  • Us (Credox) — to deliver orders and provide support.
  • NowPayments — they handle payment processing. They see the transaction amount and the wallet address you pay from. They have their own privacy policy at nowpayments.io/privacy-and-policy.
  • Resend — our email-sending provider sees your email address and the email content. Their privacy policy: resend.com/legal/privacy-policy.
  • No one else. We don't sell, rent, or share your data with marketers, data brokers, or anyone else.

5. Cookies

We use only essential cookies required for the cart and checkout to function (session token, cart ID). No tracking, no advertising, no analytics cookies on your visit. That's why you don't see a cookie consent banner.

6. Data retention

Order records are kept for 2 years (to honor warranty and applicable accounting/tax requirements). Customer-provided account credentials (for account-upgrade or invite-type orders) are deleted within 30 days of fulfillment. Email addresses are retained as long as you have an active account; you can request deletion at any time.

7. Your rights

Under EU/UK GDPR (or equivalent laws in your region), you have the right to:

  • Access — request a copy of all data we hold about you.
  • Erasure — request we delete your data (we'll keep only what's legally required).
  • Rectification — fix incorrect data.
  • Portability — receive your data in machine-readable form.

Email support@credox.shop with your request — response within 30 days.

8. Security

All connections are HTTPS-encrypted. The database is on a private network, not exposed to the internet. We don't store payment data — it never touches our servers. Customer-provided credentials (for account-upgrade/invite orders) are encrypted at rest and deleted after fulfillment.

9. Changes

We may update this policy. Material changes will be reflected in the “last updated” date above and (for substantial changes) emailed to active customers.

10. Contact

Email support@credox.shop or message @credox_support on Telegram.