This Privacy Policy explains what personal data Chod's Cheats ("we", "us", "our") collects when you use the website at chods-cheats.com and our software, why we collect it, how we use it, who we share it with, and the rights you have over your data.
This policy is written in line with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) where applicable.
1. Who we are
The data controller for the personal data processed under this policy is Chod's Cheats. You can reach us at info@chods-cheats.com for any privacy-related question, including to exercise your rights below.
2. What we collect
Account data
When you register an account: your name, email address, and password (stored as a one-way bcrypt hash — we never see your actual password). Optionally: your Discord handle if you choose to add it to your profile, and your marketing-email opt-in preference.
Order and payment data
When you make a purchase: the products and durations you bought, the amount paid, the billing email you provided at checkout, and a reference to the payment processor's transaction (we don't store full card numbers; the payment processor handles those — see "Third parties" below).
Usage and security data
For security and abuse prevention: IP address, browser user agent, sign-in timestamps, and audit-log entries when you take administrative actions. Our license-verification API also records license verification events (when, from which IP, optional machine identifier) so we can detect and respond to credential sharing or unusual activity.
Support and communications
If you contact our support team: the contents of your messages and any attachments you choose to include. If you submit a detection report (after a ban or in-game flag), the description and metadata you provide.
Cookies and similar technologies
We use a small number of essential cookies to keep you signed in and to protect the site against forgery (CSRF). We do not use marketing or advertising cookies. Where Cloudflare is in front of our site for security and performance, it may set its own essential cookies; see "Third parties" below.
3. Why we collect it (lawful bases)
| Purpose | Lawful basis (UK/EU GDPR) |
|---|---|
| Creating and maintaining your account, providing the Services you've paid for | Contract |
| Processing payments, issuing licences, sending order confirmations | Contract |
| Sending password resets, security alerts, expiry reminders | Legitimate interest / Contract |
| Fraud prevention, abuse detection, audit logging | Legitimate interest |
| Marketing emails (if opted in) | Consent (you can withdraw at any time) |
| Complying with legal obligations (tax, court orders) | Legal obligation |
4. Who we share it with
We don't sell your personal data. We share it only with the service providers we need to operate the Services, each of which is contractually bound to use it only for the purpose we engaged them for:
- Payment processor — currently Stripe, Inc. (USA), to process card payments. Stripe is PCI-DSS Level 1 certified and handles full card details directly.
- Hosting provider — our application is hosted with a Plesk-managed server in the EU. Personal data is stored on disks and in databases provisioned by that host.
- Content delivery / DDoS protection — Cloudflare, Inc. (USA) sits in front of our site for caching and security. Cloudflare may briefly process your IP address and request metadata.
- Transactional email provider — used to deliver order confirmations, password resets, license expiry warnings, and ticket replies. The provider sees the recipient address and message contents.
- Legal authorities — where we are legally required to disclose information by court order, subpoena, or other valid legal process.
5. International transfers
Some of our service providers (e.g. Stripe, Cloudflare) are based in the United States or other jurisdictions outside the UK/EU. Where personal data is transferred, we rely on appropriate safeguards — typically the UK International Data Transfer Addendum or the EU Standard Contractual Clauses — and on the Data Privacy Framework where the recipient is certified. You can request a copy of the relevant safeguards by contacting us.
6. How long we keep it
| Data category | Retention |
|---|---|
| Account data | Until you close your account, plus up to 30 days for deletion to propagate through backups. |
| Order and payment records | 7 years from the date of the order (UK statutory retention for tax records). |
| License verification logs | 12 months, then deleted automatically. |
| Support tickets | 3 years after the ticket is closed. |
| Detection reports | 2 years after submission (used for trend analysis). |
| Marketing email opt-in | Until you unsubscribe or delete your account. |
7. Your rights
Under UK and EU data protection law, you have the right to:
- Access — get a copy of the personal data we hold about you
- Rectification — correct inaccurate personal data (you can update most of it directly in your account settings)
- Erasure ("right to be forgotten") — request deletion of your personal data, subject to our legal obligations to keep certain records (e.g. tax)
- Restriction — restrict how we process your data while a complaint or correction is being resolved
- Portability — receive a machine-readable copy of the data you provided to us
- Object — object to processing based on our legitimate interests, including for direct marketing
- Withdraw consent — for any processing based on consent, at any time
- Complain — to the relevant supervisory authority (in the UK, the Information Commissioner's Office); we'd appreciate the chance to address concerns directly first.
To exercise any of these rights, email info@chods-cheats.com from the address associated with your account, or open a ticket via our support page. We aim to respond within 30 days.
8. Security
We protect your data with industry-standard measures including TLS encryption in transit, encrypted databases at rest, bcrypt password hashing, two-factor authentication for staff accounts, and signed audit logs of administrative actions. No system is perfectly secure, but we take reasonable steps to reduce risk and respond quickly to any incident.
9. Children
The Services are not intended for, and we do not knowingly collect personal data from, anyone under the age of 18. If you believe we have collected data from a minor, contact us and we will delete it.
10. Automated decision-making
We don't use automated decision-making or profiling that produces legal or similarly significant effects on you. License-verification logs are reviewed by humans before any account action.
11. Changes to this policy
We may update this policy from time to time. The updated version will be posted on this page with a new "Last updated" date. For material changes that affect how your data is processed, we'll make reasonable efforts to notify you in advance (e.g. by email or an in-account banner).
12. Contact
For any privacy-related question or to exercise your rights, contact us at info@chods-cheats.com or via our support page.