Privacy Policy
Last updated: June 2026
Your privacy matters to us. We collect only what we need to run the service, we never sell your data, and we store everything securely. Read on for the full details.
1. Information We Collect
We collect: (a) account information you provide (name, email, password hash), (b) transaction data (purchases, balance top-ups, order history), (c) usage data (pages visited, product views, search queries), and (d) technical data (IP address, browser type, device type). We do not collect or store payment card numbers — all payment processing is handled by third-party processors under their own privacy obligations.
2. How We Use Your Information
We use your information to: (a) provide and continuously improve the Service, (b) process purchases and deliver digital goods, (c) send transactional emails (receipts, support responses, order updates), (d) detect and prevent fraud and abuse, and (e) comply with legal obligations. We do not sell your personal information to third parties.
3. Data Storage & Security
Your data is stored on secure servers with industry-standard encryption. Account passwords are hashed using bcrypt and are never stored in plain text. We use HTTPS for all data transmission. Despite these measures, no system is 100% secure — please use a strong, unique password for your KeyCrop account and enable any available security features.
4. Cookies
We use essential session cookies to maintain your login state and preferences. We do not use advertising, tracking, or analytics cookies from third parties. You can disable cookies in your browser settings, but this will prevent you from staying logged in or using most features of the Service.
5. Data Retention
We retain your account data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except for records we are required to retain by applicable law (e.g., transaction records for tax compliance). Anonymised, aggregated data may be retained indefinitely for analytics purposes.
6. Your Rights
Depending on your location, you may have rights to: access, correct, or delete your personal data; withdraw consent for processing; and data portability. To exercise these rights, contact us at [email protected]. We will acknowledge your request within 7 days and respond fully within 30 days.
7. Third-Party Services
We may use third-party services (e.g., Cloudflare for CDN and DDoS protection, payment processors for transactions) that process some of your data as part of delivering the Service. These services operate under their own privacy policies. We only work with providers that meet our data protection standards and are bound by appropriate data processing agreements.
8. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the Service at least 7 days before the change takes effect. Continued use of the Service after changes constitutes acceptance of the updated policy.
9. Contact
For privacy-related questions, data access requests, or deletion requests, contact us at [email protected] or via our Support page. We take your privacy seriously and will respond promptly.