Privacy Policy
Last updated 29 June 2026
This policy explains what nfas.win collects, why, and who we share it with. We keep data collection to the minimum needed to run the store, and we never sell your data.
What we collect
- Account: your email address, and a securely hashed password if you set one (used to sign you in).
- Wallet & orders: your balance, top-ups, purchases, and the keys issued to you.
- Technical: IP address and browser user-agent for your sessions, used for security, abuse prevention, and rate limiting.
- Bot protection: a token from Cloudflare Turnstile when you sign in.
- Discord verification (optional): if you link Discord, we store your Discord ID, username, account age, and the IP used to verify — to assign your role and to deter duplicate/alt accounts. We never request access to your messages and never store tokens to add you to servers.
We do not ask for your name, address, or government ID. We do not store card details — card payments are handled by Stripe, and you can also top up in cryptocurrency.
How we use it
- to create your account and sign you in;
- to process top-ups and deliver the accounts you buy;
- to provide support, warranty replacements, and referral rewards;
- to detect and prevent fraud and abuse, and to comply with the law.
Sharing
We share your data only with the third-party providers we need to run the store — for hosting, email, bot protection, and payment processing — and only what each needs to do its job. We never sell or rent your personal data.
Cryptocurrency
Blockchain transactions are public by nature. When you top up, our payment processor shares the payment status with us; we do not control and are not responsible for the public blockchain record of your payment.
Security & retention
Sensitive secrets such as activation keys are encrypted at rest, and database access is locked down. We keep account and transaction records for as long as your account is active and as needed for legal, accounting, and fraud-prevention purposes.
Your choices
You can request access to or deletion of your personal data by emailing us. Note that we may need to retain certain records (for example, transaction history) where the law requires it.
Children
The Service is for adults (18+) only and is not directed at children.
Contact
Privacy questions or requests: [email protected].