This Privacy Policy explains what personal data AstroBoost, operated by CodBoost Inc, the data controller (“we”, “us”), collects, why we collect it, who we share it with, how long we keep it, and the rights you have over it. It applies to our website at astroboost.gg, our Discord community, and any services we operate.
1. Categories of Data We Collect
- Account data: email, chosen username or display name, password hash (never the plaintext password), OAuth identifiers where you sign in with a third-party provider.
- Order data: product and service selections, optional notes you provide at checkout (e.g. in-game username), scheduled times, order status.
- Payment data: we do NOT store full card numbers, CVCs, or cryptocurrency private keys. These are handled by our payment processors. We retain the last 4 digits of a card and the payment-processor transaction ID for fraud prevention and reconciliation.
- Communications: messages sent to our support team, Discord tickets, and live-chat transcripts.
- Technical data: IP address, approximate location (country / region), browser type and version, device characteristics, and logs needed to diagnose abuse and bugs.
- Cookies & analytics: see our cookie notice in Section 8.
2. Why We Process Your Data (Legal Bases)
- Performance of a contract — to process your orders and deliver services.
- Legitimate interests — to prevent fraud, secure our platform, improve our services, and communicate essential service updates.
- Legal obligation — tax, accounting, sanctions screening, and responding to lawful requests from authorities.
- Consent— for marketing emails (where required by your jurisdiction), non-essential cookies, and any other processing where consent is the proper legal basis.
3. Sub-Processors
We rely on a small number of vetted sub-processors. We share only the minimum data each one needs to perform its function:
- Hosting & infrastructure: Vercel (site hosting), Supabase (database & auth).
- Payment processing: Stripe (card payments), NOWPayments (crypto). Card data flows directly to the processor and never hits our servers in the clear.
- Email delivery: our transactional email provider sends order confirmations and status updates on our behalf.
- Community: Discord hosts our community server under its own privacy terms.
4. International Transfers
Our sub-processors may store or process data in jurisdictions outside your home country, including the United States. Where transfers of EEA or UK personal data are involved, we rely on the standard contractual clauses published by the European Commission and, where applicable, the UK International Data Transfer Addendum, together with any supplementary measures required under applicable law.
5. How Long We Keep Data
- Account data: for as long as your account is active, plus up to 24 months to support fraud prevention.
- Order and payment records: retained for at least 7 years to comply with tax and accounting law.
- Support tickets: typically up to 24 months after the last interaction.
- Logs used for abuse prevention and debugging: up to 90 days, unless required for a specific investigation.
6. Your Rights
Depending on your jurisdiction you may have some or all of the following rights:
- Access the personal data we hold about you.
- Correct data that is inaccurate or incomplete.
- Delete data we no longer have a lawful basis to keep.
- Object to or restrict certain processing (for example, direct marketing).
- Receive an export of your data in a structured, machine-readable format.
- Withdraw consent where consent is the legal basis.
- Lodge a complaint with your data-protection supervisory authority.
California residents have specific rights under the California Consumer Privacy Act, including the right to know, delete, and opt out of the “sale” of personal information. We do not sell personal information as defined under the CCPA.
To exercise any right, email privacy@astroboost.gg from the address on file with your account. We will respond within 30 days.
7. Security
We secure data in transit with TLS, hash passwords using industry-standard algorithms, restrict access to production systems on a need-to-know basis, and log sensitive actions. No online service is perfectly secure, but we regularly review our controls and respond to incidents promptly.
8. Cookies
We use cookies and similar technologies that are strictly necessary to keep you signed in and to keep your cart state. Analytics and other non-essential cookies, where used, are loaded only after you have given consent in the jurisdictions where consent is required. You can manage cookies in your browser at any time; disabling strictly necessary cookies will impair site functionality.
9. Children
The Services are intended for users who are at least 18 years old. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please email privacy@astroboost.gg and we will delete it promptly.
10. Changes to This Policy
We update this policy as our services evolve. Material changes will be posted here and, where we hold a valid contact address, announced by email. The “effective date” at the top indicates when the current version took effect.