Privacy Policy

1. Information We Collect

We collect the following categories of information:

a) Information You Provide

• Email address: Collected during checkout to deliver your Access Key and order confirmation.
• Discord ID: Collected if you link your Discord account for key verification.

b) Information Collected Automatically

• Hardware Identifier (HWID): A one-way SHA-256 hash derived from your device's MAC address, hostname, processor, operating system, and architecture. This is used solely to bind your license to a single device. We do not collect the underlying hardware details — only the resulting hash.
• IP address: Logged transiently by our hosting infrastructure (Vercel) for security and rate limiting. We do not store IP addresses in our application database.

c) Payment Information

Payment processing is handled entirely by Stripe and/or Coinbase Commerce. Greenlight Labs does not receive, process, or store credit card numbers, bank account details, or cryptocurrency wallet addresses. Please refer to Stripe's Privacy Policy and Coinbase Commerce's Privacy Policy for details on how they handle your payment data.

d) Analytics

We use Plausible Analytics, a privacy-focused, cookie-free analytics service. Plausible does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. No individual visitors are tracked. All data is aggregated. See Plausible's Data Policy.

2. How We Use Your Information

We use your information strictly for:

• Delivering your Access Key via email after purchase;
• Sending order confirmation emails;
• Responding to support requests you initiate;
• Validating your license (HWID check against our database);
• Preventing fraud and abuse (rate limiting, duplicate detection);
• Linking your Discord account for key verification (if you opt in).

We will NEVER send you marketing emails, newsletters, abandoned cart reminders, promotional offers, or any communication beyond the transactional purposes listed above.

3. Information We Do NOT Collect

• We do not use cookies or tracking pixels;
• We do not collect browsing history or behavioral data;
• We do not collect gameplay data, screenshots, or session recordings from your device;
• We do not collect or store payment card or bank information;
• We do not build advertising profiles;
• We do not sell, rent, or trade your personal information to anyone.

4. Data Sharing

We share data only with the following service providers, solely to operate our business:

• Stripe — payment processing
• Coinbase Commerce — cryptocurrency payment processing
• Supabase — database hosting
• Vercel — website and API hosting
• Resend — transactional email delivery
• Railway — Discord bot hosting
• Plausible — privacy-focused analytics

We do not sell your personal information. We do not share data with advertisers. We do not share data with data brokers.

5. Data Retention

We retain your data for as long as your account and license are active. Specifically:

• Email and order records: Retained for the duration of your license plus 12 months for tax and legal compliance.
• HWID hashes: Retained for the duration of your license. Deleted upon request after license expiry.
• Discord IDs: Retained while linked. You may unlink at any time by contacting support.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• HTTPS/TLS encryption for all data in transit;
• Row-Level Security (RLS) policies on our database;
• Environment variable encryption for API keys and secrets;
• One-way hashing for HWIDs (cannot be reversed to reveal hardware details);
• Rate limiting on all API endpoints.

No method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights Under the CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights:

Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.

Right to Delete

You have the right to request deletion of your personal information. Upon a verified request, we will delete your data from our systems and direct our service providers to do the same, except where retention is required by law (e.g., tax records).

Right to Opt Out of Sale

We do not sell your personal information. Because we do not sell data, there is no need for an opt-out mechanism.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing for making a privacy request.

How to Exercise Your Rights

Submit a verifiable request to support@greenlightlabs.co. We will verify your identity using your email address and Access Key. We will respond within 45 days. You may also designate an authorized agent to make a request on your behalf.

Categories of Personal Information Collected

8. Children's Privacy

Our Software and Service are not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, contact us at support@greenlightlabs.co.

9. International Users

Our Service is operated in the United States. If you access it from outside the US, your information will be transferred to and processed in the US. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. Your continued use of the Software or Service after changes constitutes acceptance of the revised policy.

11. Contact Us

For privacy questions, data requests, or concerns:

support@greenlightlabs.co