MoreTekk

1. Introduction

Welcome to MoreTekk. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our website and services.

This policy complies with EU data protection law (GDPR).

2. Data Controller

The data controller responsible for your personal data is:

Anxo Moreno Martin (operating as "MoreTekk")
NIF: 41654762Z
Address: Outeiro de Rey, Spain
Email: privacy@moretekk.com

3. Data We Collect

3.1 Account Information

Email address
Name (optional)
Profile image (if provided via OAuth)

3.2 OAuth Provider Data

When you sign in with Discord, Google, or Spotify, we receive:

Provider user ID
Email address
Profile name and image

3.3 Purchase Data

Purchase history
Payment information (processed by Stripe, not stored by us)
Download history

3.4 Technical Information

IP address (for security and session management)
User agent (browser and device information)
Session cookies (for authentication)

3.5 Data Provision Requirements

Account Creation:

Email address: Mandatory
Name: Optional
OAuth provider data: Only if you choose OAuth authentication

Making Purchases:

Email address: Mandatory
Payment information: Mandatory (processed by Stripe)

Consequences of not providing data: You will be unable to create an account, make purchases, or access purchased digital content if required data is not provided.

4. How We Use Your Data

We use your personal data for the following purposes:

Account Management: To create and manage your user account
Authentication: To verify your identity and maintain secure sessions
Order Processing: To process purchases and provide downloads
Email Communications: To send transactional emails (password resets, email verification, purchase receipts)
Security: To prevent fraud and protect our services
Legal Compliance: To comply with financial and tax regulations

Legal Basis (GDPR): Processing is necessary for contract performance (Art. 6(1)(b) GDPR) and our legitimate interests (Art. 6(1)(f) GDPR).

5. Third-Party Services

We share data with the following service providers:

5.1 Payment Processing - Stripe

Purpose: Payment processing for purchases
Data Shared: Payment information, email address, transaction details
Location: USA
Transfer Mechanism: EU-US Data Privacy Framework (Adequacy Decision)
Privacy Policy: https://stripe.com/privacy

5.2 Email Delivery - Resend

Purpose: Transactional email delivery (verification, password resets, purchase confirmations)
Data Shared: Email address, name (if provided)
Location: USA
Transfer Mechanism: Standard Contractual Clauses (SCCs)
Privacy Policy: https://resend.com/legal/privacy-policy

5.3 Database Hosting - Hetzner

Purpose: PostgreSQL database hosting
Data Shared: All account and purchase data stored in our database
Location: Germany (EU)
Transfer Mechanism: No international transfer (EU-based)
Privacy Policy: https://www.hetzner.com/legal/privacy-policy

5.4 DDoS Protection & CDN - Cloudflare

Purpose: DDoS protection, content delivery, and performance optimization
Data Shared: IP address, user agent, request data
Location: USA/EU (data may be processed in multiple locations)
Transfer Mechanism: EU-US Data Privacy Framework / EU processing
Privacy Policy: https://www.cloudflare.com/privacypolicy/

5.5 OAuth Authentication Providers

When you choose to sign in with OAuth, we share data with:

Discord (optional) Data Shared: Email address, user ID, profile name and image
Location: USA
Transfer Mechanism: EU-US Data Privacy Framework
Privacy Policy: https://discord.com/privacy

Google (optional)
Data Shared: Email address, user ID, profile name and image
Location: USA
Transfer Mechanism: EU-US Data Privacy Framework
Privacy Policy: https://policies.google.com/privacy

Spotify (optional)
Data Shared: Email address, user ID, profile name and image
Location: USA
Transfer Mechanism: EU-US Data Privacy Framework
Privacy Policy: https://www.spotify.com/privacy

6. Cookies and Similar Technologies

We use the following types of cookies:

6.1 Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be disabled:

Authentication cookies: To keep you logged in
Session cookies: To maintain your session state
Security cookies: To prevent CSRF attacks

6.2 Functional Cookies

These cookies enhance functionality (require consent):

Preferences: To remember your settings (theme, sidebar state)

You can manage cookie preferences via the cookie banner or your browser settings.

7. Data Retention

Account Data: Retained until you delete your account
Purchase Records: Anonymized and retained for 7 years for tax/legal compliance
Session Data: Deleted when sessions expire
Email Verification Tokens: Deleted after 24 hours

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

Right to Access: Request a copy of your personal data (available in Account Settings)
Right to Rectification: Correct inaccurate data (update in Account Settings)
Right to Erasure: Delete your account and data (available in Account Settings)
Right to Restriction: Limit how we process your data
Right to Data Portability: Export your data in JSON format (available in Account Settings)
Right to Object: Object to data processing
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, visit your Account Settings or contact us at privacy@moretekk.com.

8.1 Right to Lodge a Complaint

You have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos - AEPD):

Website: https://www.aepd.es
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
Phone: +34 901 100 099 / +34 91 266 35 17

You may also contact your local data protection authority in your country of residence.

9. Data Security

We implement appropriate security measures including:

Encrypted database connections (PostgreSQL with SSL)
HTTPS encryption for all data transmission
Secure password hashing
Regular security updates and patches
Access controls and authentication requirements

In the event of a data breach, we will notify affected users within 72 hours as required by GDPR.

10. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for all international data transfers:

10.1 EU-US Data Privacy Framework

The following providers are certified under the EU-US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795), which provides an adequacy decision for data transfers to the USA:

Stripe (payment processing)
Discord (OAuth authentication, if used)
Google (OAuth authentication, if used)
Spotify (OAuth authentication, if used)
Cloudflare (DDoS protection and CDN)

10.2 Standard Contractual Clauses (SCCs)

For providers not covered by an adequacy decision, we use Standard Contractual Clauses approved by the European Commission:

Resend (email delivery)

10.3 EU-Based Processing

The following services process data within the EU:

Hetzner (database hosting in Germany)

You may request a copy of the safeguards we have in place by contacting privacy@moretekk.com.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this privacy policy or wish to exercise your rights, contact us at:

Data Controller: Anxo Moreno Martin (operating as "MoreTekk")
Email: privacy@moretekk.com
Support Email: support@moretekk.com
Address: Outeiro de Rey, Spain
NIF: 41654762Z

For privacy-related inquiries, please use the subject line "Privacy Request".