Privacy Policy - Infumia

1. Introduction

This Privacy Policy describes how Infumia LTD (“Infumia”, “we”, “us”) collects, uses, stores, and shares personal data when you visit our websites, use our customer portal, purchase software or services (including Discord bots, FiveM-related tools, game-server integrations such as Metin2, mobile applications, websites, and related deliverables), or otherwise interact with us.

We act as a data controller for personal data we determine the purposes and means of processing. Where we process data strictly on behalf of a client under their instructions, we may act as a processor; in that case the client’s terms and privacy notice may also apply.

2. Data we collect

2.1 You provide to us

We may collect identifiers and contact details such as name, email address, phone number, billing address, company name, account credentials (hashed passwords), order and payment references, support ticket content, and project requirements you send us.

2.2 Automatically collected

We may collect technical data such as IP address, device type, browser type, approximate location derived from IP, referring URLs, timestamps, and diagnostic logs needed to secure and operate our services.

3. Purposes and legal bases (UK GDPR / GDPR-style)

Depending on the situation, we rely on one or more of the following: performance of a contract with you; legitimate interests (e.g. securing our systems, analytics at an aggregate level, improving products); legal obligation; or consent where required (e.g. certain marketing cookies or emails).

• Providing, delivering, and supporting software and services you purchase.
• Managing accounts, authentication, billing, and customer support.
• Detecting abuse, fraud, and security incidents.
• Complying with law and responding to lawful requests.
• Sending service messages; marketing only where permitted and with appropriate consent.

4. Sharing of data

We may share personal data with subprocessors who assist us (e.g. hosting, email delivery, payment processing). They are permitted to process data only on our instructions and under appropriate agreements. We may disclose information if required by law or to protect rights, safety, and security.

5. International transfers

Our company is registered in the United Kingdom. Data may be processed in the UK, the EEA, or other countries where we or our providers operate. Where we transfer personal data from the UK/EEA to countries not subject to an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms as applicable.

6. Retention

We retain personal data only as long as necessary for the purposes described, including legal, accounting, and dispute-resolution needs. Retention periods vary by data type; for example, billing records may be kept longer than transient server logs.

7. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit where applicable, access controls, and monitoring. No method of transmission or storage is 100% secure.

8. Cookies and similar technologies

We use cookies and similar technologies to operate and improve our sites. For details on categories, purposes, and choices, see our Cookie Policy.

9. Your rights

Depending on applicable law, you may have rights to access, rectify, erase, restrict processing, object, data portability, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority. To exercise rights, contact us using the details below. We may need to verify your identity.

10. Children

Our services are directed to businesses and adults. We do not knowingly collect personal data from children under 16 for consumer-style services. If you believe we have collected such data, contact us and we will take appropriate steps.

11. Third-party sites

Our sites may link to third-party websites (e.g. Discord, game platforms, app stores). Their privacy practices are governed by their own policies. We are not responsible for third-party sites.

12. Changes to this Privacy Policy

We may update this policy from time to time. We will adjust the “Last updated” date and, where appropriate, provide additional notice (e.g. on our website or by email).

13. Payments and payment processors

When you pay by card, wallet, or bank transfer, payment processing may be performed by third-party providers (such as Stripe or PayPal). They receive transaction data needed to authorise and settle payments under their own terms and privacy notices. We do not store full payment card numbers on our servers.

14. Fraud prevention and security

We may process technical and usage signals to detect fraud, abuse, and security incidents, including IP address, device/browser characteristics, approximate location derived from IP, order velocity, and similar indicators. This processing may rely on performance of a contract, legitimate interests, and/or legal obligations depending on the scenario.

15. Order records, digital delivery, and e-pins

We retain order history, payment status, and digital delivery records (including licence keys, e-pins, or e-keys where applicable) for accounting, customer support, dispute resolution, and legal compliance. Retention periods vary; some records must be kept for several years for tax and regulatory reasons.