Privacy Policy

Last updated: June 2026

This Privacy Policy explains what information the BorderSMP store ("we", "us", "our") collects when you use it, why we collect it, and how it is handled. We are based in the European Union (Bulgaria), so this policy is written to comply with the EU General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act. By using the Store you agree to this policy.

1. Data controller

The data controller responsible for your personal data is:

2. Information we collect

• In-game username — you provide this at checkout so we can deliver your purchase to the correct account.
• Purchase details — the items you bought, the amount, and the time of purchase.
• Payment information — collected and processed directly by Stripe. We do not receive or store your full card number, CVC, or banking details. Stripe may share with us limited information such as your email, the last four digits of your card, and the payment status.
• Technical data — basic information your browser sends automatically (such as IP address and browser type) may be processed by our hosting and by Stripe for security and fraud prevention.

3. How we use your information

• To deliver the items you purchased to your in-game account.
• To process payments and prevent fraud.
• To provide support and resolve issues or disputes.
• To display a public "recent purchases" feed showing in-game usernames and the item bought (no emails, payment details, or other personal data are shown).
• To keep records required for accounting and legal compliance.

4. Public recent-purchases feed

The Store may display a short list of recent purchases on the homepage, showing the buyer's in-game username and the item purchased. This is the same username already visible to other players in-game. If you would prefer your username not to appear there, contact us and we will remove it.

5. Payment processing (Stripe)

All payments are handled by Stripe, a third-party payment processor. Your card details are entered on Stripe's secure systems, not ours. Stripe's handling of your data is governed by its own privacy policy, available at stripe.com/privacy.

6. Data sharing

We do not sell your personal information. We share information only:

• With Stripe, to process your payment.
• With our server/hosting infrastructure, to deliver items and run the Store.
• Where required by law, or to protect against fraud and abuse.

7. Data retention

We keep purchase records for as long as needed to provide support, prevent fraud, and meet legal and accounting obligations (payment records are typically kept for the period required by tax law). Technical logs are kept only as long as needed for security and troubleshooting.

8. Legal basis for processing (GDPR)

We process your personal data on the following legal bases under Article 6 GDPR:

• Performance of a contract — to deliver the items you bought and provide support (your username and order details).
• Legal obligation — to keep accounting and tax records, and to handle consumer-law requests.
• Legitimate interests — to prevent fraud and abuse, secure the Store, and show the public recent-purchases feed (limited to the in-game username already visible in game).

9. Your rights under GDPR

If you are in the EU/EEA, you have the right to: access your data; have it corrected; have it erased; restrict or object to processing; and data portability. You also have the right to withdraw any consent at any time, and to lodge a complaint with a supervisory authority. To exercise these rights, contact us using the details above. Some records (such as completed-payment records) may need to be retained where the law requires it.

10. International transfers and supervisory authority

Some of our service providers (such as Stripe) may process data outside the EU/EEA. Where that happens, the transfer is protected by appropriate safeguards such as the EU Standard Contractual Clauses. If you believe your data has been handled unlawfully, you can complain to the Bulgarian data protection authority, the Commission for Personal Data Protection (Комисия за защита на личните данни — КЗЛД, cpdp.bg), or your local EU supervisory authority.

11. Children

The Store is not directed at children under 13 (or the equivalent minimum age in your country). If you are below the age of majority where you live, you must have a parent or guardian's permission before providing any information or making a purchase.

12. Cookies and local storage

The Store uses your browser's local storage to remember your in-game username for convenience. Stripe may set cookies necessary for secure payment processing and fraud prevention. We do not use advertising or tracking cookies.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date reflects the latest version. Continued use of the Store after changes means you accept the updated policy.