Privacy Policy
Overview
This Privacy Policy explains how Rlylegitshop.com ("we", "our", "us") collects, uses, discloses, and protects your information when you use our website and purchase our digital services.
Who is the data controller
Rlylegitshop.com is the data controller for personal data processed via this website and our services.
How to contact us
For any privacy questions or requests, email [email protected].
Data We Collect
Information you provide
- Account and order details such as email address and order identifiers.
- Support communications, including the contents of messages you send to us.
Information collected automatically
- Log data such as IP address, device and browser information, timestamps, and pages viewed.
- Basic device signals used for service integrity and fraud prevention.
- Cookies and similar technologies as described in the Cookies section.
Payment information
Payments are processed by third‑party providers (e.g., PayPal). We receive limited information such as transaction IDs and status. We do not collect or store full payment card numbers.
Legal Basis for Processing (EEA/UK)
We process your personal data only when it is strictly necessary and lawful:
- Provide the service (Contract): to deliver your orders, maintain access, and support your account.
- Keep the service secure (Legitimate interests): to prevent fraud/abuse, ensure availability, and improve reliability using minimal data.
- Comply with the law (Legal obligation): to meet tax, accounting, and regulatory requirements.
- Consent (where we ask): if we ever introduce optional features that require consent, we will ask first; you can withdraw consent at any time.
How We Use Your Information
- Deliver and maintain digital orders, subscriptions, and access.
- Provide customer support and respond to requests.
- Protect the service, including detecting, investigating, and preventing fraud or abuse.
- Comply with legal obligations and enforce our Terms.
Data Retention
- Order and transaction records: kept for up to 7 years to satisfy tax and accounting rules.
- Support communications: typically retained for up to 24 months.
- Security logs: typically retained for up to 12 months unless needed longer for investigations.
We may retain information longer where required by law or to resolve disputes.
Security
- Encryption in transit using modern TLS.
- Strict access controls and least‑privilege for administrative systems.
- Credential hashing using strong one‑way algorithms for any passwords we handle.
- Continuous monitoring and fraud‑prevention measures.
No system is perfectly secure, but we take reasonable and appropriate measures to safeguard your information.
International Data Transfers
Where data is transferred outside your country, we use appropriate safeguards permitted by law (for example, Standard Contractual Clauses for EEA/UK data).
Your Rights
EEA/UK residents
- Access, correction, deletion, and portability of your personal data.
- Restriction or objection to certain processing.
- Withdraw consent where processing is based on consent.
- Complain to your local supervisory authority.
California residents
- Right to know, delete, and correct certain information.
- Right to opt out of the sale or sharing of personal information. We do not sell personal information.
- Right to non‑discrimination for exercising your rights.
To exercise rights, email [email protected] with the subject "Privacy Request" and describe your request. We will verify and respond as required by law.
Children's Privacy
We do not knowingly collect personal data from individuals under 18. If you believe a minor provided us information, contact us to delete it.
Changes To This Policy
We may update this Privacy Policy from time to time. We will post the updated version here and revise the "Last updated" date above.
Contact
Questions or requests: [email protected]