PlaySharpPLAYSHARP
Create account

Privacy Policy

Effective: 2026-06-05 21:19 UTC

This Privacy Policy explains how PlaySharp (“PlaySharp”, “we”, “us”, “our”) collects, uses, stores and shares personal information when you visit our website, create an account, buy a license, download a build, contact support, or otherwise use our services (collectively, the “Service”). It should be read together with our Terms of Service and Refund Policy.

1. Data controller

PlaySharp is the controller of the personal information processed through the Service for purposes of the EU General Data Protection Regulation (“GDPR”) and Brazil’s Lei Geral de Proteção de Dados (“LGPD”), except where a payment provider, OAuth provider, hosting provider, analytics provider, error-reporting provider or email provider independently determines its own processing purposes under its separate privacy notice. If your jurisdiction uses a different controller/operator or controller/processor terminology, references in this policy should be read consistently with that law.

2. Information we collect

We collect only information needed to operate a paid digital license service:

  • Account data: email address, username, hashed password, account creation date, login metadata, OAuth identifiers from Discord or Google when you choose to link them.
  • Billing data: order IDs, services purchased, price, currency, payment provider customer IDs, payment intent IDs, subscription or invoice references, refund and dispute status. Full card numbers are handled by Stripe and are not stored by PlaySharp.
  • License data: license key, service/tier, status, expiry, HWID hash, activation date, reset history, last validation date and validation IP address.
  • Support data: messages you send to us, attachments you provide, Discord handle if used for support, and internal notes required to resolve your request.
  • Security and technical data: IP address, user agent, device/browser data, session tokens, rate-limit events, audit logs, webhook delivery logs and error logs.
  • Email data: email delivery status, bounces, unsubscribe requests and basic engagement data provided by our email processor.

3. Sources of information

We collect data directly from you, automatically from your device, and from service providers used by the Service:

  • payment providers such as Stripe, Mercado Pago and NowPayments;
  • OAuth providers such as Discord and Google;
  • email and hosting providers used to deliver account, license and support services;
  • anti-fraud signals from payment providers and infrastructure logs.

4. How we use information

We process personal information for the following purposes:

  • create and authenticate accounts;
  • process payments, subscriptions, invoices, refunds, disputes and chargebacks;
  • issue, activate, validate, suspend and revoke licenses;
  • perform HWID binding, HWID reset limits and anti-sharing controls;
  • send transactional emails such as password resets, receipts, license notices and security alerts;
  • answer support requests and investigate delivery or activation issues;
  • detect fraud, abuse, scraping, credential stuffing, license resale and payment disputes;
  • maintain security logs, audit trails, backups and system integrity;
  • comply with tax, accounting, payment, consumer protection and legal obligations.

5. Legal bases

Where a legal basis is required under GDPR, LGPD or similar laws, we rely on the following bases:

  • Contract performance: account creation, authentication, checkout, payment confirmation, license issuance, license validation, delivery, support tied to your order and account administration.
  • Legal obligation: tax, accounting, consumer-protection, sanctions-screening, dispute, chargeback, regulatory and law-enforcement response records.
  • Legitimate interests: fraud prevention, abuse prevention, security logging, rate limiting, license-sharing prevention, service integrity, support quality, service improvement, business records and defense or enforcement of legal claims, balanced against your rights and expectations.
  • Consent: optional marketing, non-essential cookies, optional analytics or similar processing where consent is required. You may withdraw consent at any time, but withdrawal does not affect processing already performed before withdrawal.

6. Cookies and session technology

We use essential cookies and similar technologies to keep you logged in, protect sessions, remember security state, store your cookie choice and operate checkout flows. Essential cookies are necessary for account, security and checkout functionality and cannot be disabled through our cookie banner.

Non-essential cookies or similar technologies, including optional analytics or error-reporting tools, are used only where permitted by law or after you approve them through the cookie notice. You may accept or reject optional cookies. Rejection does not prevent access to the Service, but some optional measurement or diagnostic features may be disabled. You can also clear your browser storage to reset the cookie notice, and you can block cookies in your browser settings.

7. Sharing with processors

We do not sell personal information. We share data only with service providers needed to run the Service, and only to the extent necessary for their role:

  • Stripe for card payments, subscriptions, invoices, refunds and disputes;
  • Mercado Pago for Pix and local payment processing;
  • NowPayments for cryptocurrency checkout and refund support;
  • Resend and/or SMTP providers for transactional email;
  • hosting, database, cache, monitoring and backup providers;
  • Discord and Google when you choose OAuth login or support contact through those services;
  • law enforcement, regulators or courts where legally required or necessary to protect our rights.

8. International transfers

Our providers may process data in countries other than your own, including countries that may not provide the same level of data protection as your home country. When data is transferred internationally, we rely on contractual safeguards, provider security commitments and lawful transfer mechanisms available under applicable privacy laws, including standard contractual clauses, adequacy decisions, processor agreements, or other lawful transfer bases where available.

9. Retention

We retain information only as long as needed for the purposes above:

  • account records: while the account remains active, then up to 24 months after closure;
  • orders, invoices, payment references and tax records: up to 5 years or longer where law requires;
  • license, HWID and validation records: up to 24 months after license expiry or revocation;
  • support tickets: up to 24 months after resolution;
  • security, webhook and audit logs: normally 90 days, longer if needed for fraud, dispute or abuse investigation;
  • backups: deleted on normal rotation schedules and not restored except for disaster recovery or security investigation.

We may anonymize or aggregate data so it no longer identifies you; such data may be retained indefinitely for security, reporting and service improvement.

10. Your privacy rights

Depending on your location, including under GDPR or LGPD, you may have rights to confirm processing, access, correct, anonymize, block, delete, restrict or object to processing, request portability, receive information about sharing, withdraw consent, review automated decisions where applicable, or lodge a complaint with a data protection authority. To exercise rights, email [email protected] from the email address tied to your account and include “Privacy Request” in the subject line. We may verify identity before acting on the request.

We will respond within the timeframe required by applicable law. Some information cannot be deleted immediately if we need it for active licenses, fraud prevention, payment disputes, tax obligations, security logs, regulatory obligations, or legal claims. When we cannot delete data, we will limit further processing where legally required and explain the reason when required by law.

11. Security

We use reasonable technical and organizational safeguards, including password hashing, access controls, audit logs, payment-token isolation through providers, HTTPS, rate limiting, least-privilege operational access and monitoring. No system is perfectly secure. You are responsible for protecting your account email, password, OAuth sessions and local device from unauthorized access. If we become aware of a personal-data incident that legally requires notice, we will notify affected users and/or regulators as required by applicable law.

12. Children

The Service is not intended for minors. You must be at least 18 years old to use PlaySharp. We do not knowingly collect personal information from anyone under 18. If we learn that a minor created an account, we will delete or disable it.

13. Marketing

We may send service notices to existing customers where allowed by law. You may opt out of marketing emails at any time. Transactional messages such as receipts, security alerts, license notices and support replies are not marketing and may still be sent while you have an account or active license.

14. Changes to this policy

We may update this Privacy Policy as our Service, providers or legal obligations change. Material changes will be announced on the website and, where appropriate, by email. Continued use of the Service after the effective date means you accept the updated policy.

15. Contact

Privacy requests and questions: [email protected]. Include “Privacy Request” in the subject line so we can route the request correctly.