Privacy & Security

Last updated: May 2026

1. Information We Collect

• Account data: username, email, hashed password (bcrypt), account balance, account type (buyer/seller/admin).
• OAuth data: if you sign in with Google, we receive your Google ID, email, and display name (no password).
• Seller data: store name, description, logo image, rules of purchasing, Telegram username (admin-only).
• Activity data: orders, top-up requests, disputes, reviews, messages.
• Technical data: IP address (for security/fraud prevention), browser type, session cookies.

2. How We Use Your Information

• To create, operate, and secure your account.
• To process orders, deliver digital products, and credit balances.
• To send transactional emails (verification code, order receipts, top-up confirmations).
• To respond to support and dispute requests.
• To detect, prevent, and respond to fraud, abuse, or security incidents.
• To comply with legal obligations.

3. Information Sharing

We do not sell your personal information. We share data only:

• With the seller of a product you buy (limited to order details).
• With service providers strictly necessary to operate the Platform (email delivery, hosting).
• If required by law, court order, or to protect our rights and safety.

4. Data Security

• Passwords are hashed using industry-standard bcrypt — we cannot see your plain password.
• All traffic is encrypted via HTTPS (TLS).
• Servers are patched and monitored for intrusions.
• However, no online service is 100% secure — choose a strong unique password.

5. Cookies & Sessions

We use a single PHP session cookie to keep you logged in, and a "theme" cookie to remember your light/dark mode preference. We do not use third-party tracking or advertising cookies.

6. Email Communication

We send transactional emails (signup verification, order delivery, top-up status). We do not send marketing emails without your explicit consent.

7. Data Retention

We retain your account and order data for as long as your account is active. After account deletion, some records may be retained for legal/accounting purposes (typically 3 years).

8. Your Rights

• Access, correct, or delete your personal data by contacting noreply@hstockhub.org.
• Export your order history from the dashboard.
• Request account deletion (some financial records may be retained as required by law).

9. Children's Privacy

Hstockhub is not directed at users under 18. We do not knowingly collect data from minors. If we discover such data, it is deleted.

10. International Transfers

Your data may be processed on servers located outside your country. We take reasonable steps to ensure equivalent protection.

11. Changes to this Policy

We may update this Privacy Policy. The "Last updated" date reflects the latest revision. Material changes will be announced on the homepage.

12. Contact

Privacy inquiries: noreply@hstockhub.org