Privacy Policy

Privacy Policy

How StoreWebview VIP collects, uses, and protects your personal data. GDPR-compliant disclosure.

Updated April 16, 20261 min read

This Privacy Policy describes how StoreWebview VIP ("we", "us", "our") collects, uses, and shares your personal information when you visit our website, create an account, or make a purchase. We are committed to protecting your privacy and complying with applicable data protection laws including the GDPR (EU), PDPD (Vietnam), and CCPA (California).

1. Information We Collect

We collect information that you provide directly, information collected automatically, and information from third parties:

  • Account data: email, username, password (hashed with bcrypt cost 12), avatar.
  • Profile data: full name, country, language preference, timezone (optional).
  • Transaction data: purchase history, order status, invoice records. Payment card details are processed by PayPal/VNPAY and never stored on our servers.
  • Usage data: pages visited, products viewed, search queries, device type, browser, IP address (hashed in logs after 30 days).
  • Communications: support tickets, messages to sellers, feedback submissions.
  • OAuth provider data: if you sign in via Google/GitHub/PayPal, we receive your verified email and public profile name only.

2. How We Use Your Information

  • Provide, maintain, and improve the service (contractual necessity β€” GDPR Art. 6(1)(b)).
  • Process transactions, deliver purchased digital products, issue invoices (contractual).
  • Send transactional emails: order confirmation, download ready, password reset, security alerts.
  • Prevent fraud, abuse, and account takeover (legitimate interest β€” GDPR Art. 6(1)(f)).
  • Send marketing communications only with explicit opt-in consent; you can withdraw at any time via account settings.
  • Comply with legal obligations (tax records, law enforcement requests).

We process your data under one or more of:

  • Contract: to provide services you've requested.
  • Consent: for marketing, analytics cookies, push notifications.
  • Legitimate interest: fraud prevention, service security, product improvement.
  • Legal obligation: tax, anti-money-laundering, court orders.

4. Data Sharing

We share your data only with:

  • Payment processors: PayPal, VNPAY, SePay β€” to complete transactions.
  • Email delivery: transactional email provider for order confirmations and password resets.
  • Cloud infrastructure: our servers located in Asia-Pacific region; no customer data sold to third parties.
  • Legal authorities: when required by valid court order or statutory obligation.

We never sell your personal data to advertisers or data brokers.

5. Your Rights

Subject to applicable law, you have the right to:

  • Access a copy of your data (right to data portability).
  • Rectify inaccurate or incomplete data.
  • Erase your account and associated personal data (right to be forgotten). Some records may be retained for legal/tax obligations (typically 5-7 years).
  • Restrict or object to processing.
  • Withdraw consent for marketing or analytics at any time.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email us at support@storewebview.com or use the account deletion flow in your profile settings. We respond within 30 days.

6. Data Retention

  • Account data: retained while your account is active + 30 days after deletion request (for dispute resolution window).
  • Transaction records: retained 7 years to comply with tax law.
  • Server logs: IP hashed after 30 days, full log rotation at 90 days.
  • Marketing data: deleted within 30 days of unsubscribe.

7. Security

We use industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit (HSTS enforced).
  • Passwords hashed with bcrypt (cost 12), never stored in plaintext.
  • HMAC-signed API requests with replay protection (Redis nonce + 60s timestamp window).
  • Access logs reviewed for unusual activity; automatic blocking of brute-force attempts.
  • Regular security audits and dependency vulnerability scanning.

No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours as required by GDPR Art. 33-34.

8. Cookies

We use cookies for authentication (session), preferences (language, theme), and β€” with your explicit consent β€” analytics. See our Cookie Policyfor full details and opt-out instructions.

9. International Transfers

Your data is stored on servers located in Asia-Pacific. If you access our service from outside this region, your data will be transferred internationally under standard contractual clauses (SCCs) or equivalent safeguards.

10. Children's Privacy

Our service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us data, contact us immediately for deletion.

11. Changes to This Policy

We may update this policy periodically. Material changes will be notified via email (if you have an account) and a prominent site banner at least 14 days before taking effect.

12. Contact

Data controller: StoreWebview VIP
Email: support@storewebview.com

Questions about this document?

Our support team responds within 24 hours.

Contact us