Privacy Policy

1. Scope and Acceptance

This Policy applies to information we collect through the Services. It does not apply to third-party websites, retailers, payment processors, marketplaces, proxy providers, captcha providers, hosting providers, Discord, or other third parties, each of which has its own privacy practices that you should review independently.

The Services are intended for users who are at least the age of majority in their jurisdiction. We do not knowingly collect personal information from anyone under that age, and you may not use the Services on their behalf.

2. Information We Collect

We collect the following categories of information:

1. Account information. Email address, username, password hash, Discord-linked identity, license key, plan or tier, device identifiers, and other information you provide when creating or managing an Account.
2. Payment information. Billing name, billing address, last four digits of payment card, card brand, transaction identifiers, and subscription status. Full payment card numbers and bank credentials are collected and stored directly by Stripe, Inc.; we do not see or store them.
3. Usage and license data. Activation events, device fingerprints, license validation requests, feature usage, configuration choices, error reports, crash logs, and diagnostic telemetry generated by the Services.
4. Technical data. IP address, approximate location derived from IP, browser type, operating system, device type, hardware identifiers, timestamps, request headers, and similar technical signals used to operate and secure the Services.
5. Support and communications. Messages you send us through email, Discord, support tickets, or other channels, including any attachments, screenshots, logs, or diagnostic information you choose to share.
6. Content you input. Task configurations, proxy lists, account credentials for third-party retailers, shipping and billing details, and other content you enter into the Software. Where this data is stored locally on your device, we generally do not have access to it; where you choose to sync, back up, or transmit it through us, we may process it as necessary to provide the feature.

3. How We Use Information

We use information to:

1. provide, operate, maintain, update, and improve the Services, including delivering software, license verification, authentication, support, and feature development;
2. process transactions, manage subscriptions, send receipts and billing notices, and prevent payment fraud and chargeback abuse;
3. monitor, investigate, and enforce our Terms of Service, detect and prevent abuse, fraud, account sharing, license violations, security incidents, and other prohibited activity;
4. communicate with you about your Account, transactional matters, security alerts, support requests, product updates, and policy changes;
5. produce aggregated, anonymized, or de-identified analytics about how the Services are used, which we may share or retain without restriction; and
6. comply with applicable law, lawful requests from authorities, and our legal, regulatory, audit, accounting, and reporting obligations.

4. Legal Bases for Processing

Where applicable law (including the EU and UK GDPR and Canadian privacy laws such as PIPEDA and Quebec's Law 25) requires a legal basis for processing, we rely on one or more of the following: performance of a contract with you; our legitimate interests in operating, securing, and improving the Services and preventing abuse; compliance with legal obligations; protection of vital interests; and your consent where required. You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

5. How We Share Information

We do not sell your personal information. We share information only as described below:

1. Service providers. Vendors that help us run the Services, including Stripe (payments), cloud hosting and storage providers, email and notification providers, Discord (account linking and notifications), error monitoring providers, and analytics providers. These providers may access information only to perform services for us and are bound by contractual confidentiality and security obligations.
2. Legal and safety. Law enforcement, regulators, courts, payment processors, infrastructure providers, or other parties when we believe disclosure is necessary to comply with law, respond to lawful process, enforce our Terms, protect rights, property, or safety, or investigate fraud, abuse, or security incidents.
3. Business transfers. In connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar event, in which case information may be transferred to the successor or acquirer.
4. With your direction. When you authorize a specific disclosure or use a feature that involves sharing with a third party (for example, linking a Discord account or submitting credentials to a third-party retailer through the Software).
5. Aggregated or de-identified data. We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you.

6. Cookies, Local Storage, and Tracking

The website and dashboard use cookies, local storage, session tokens, and similar technologies to keep you signed in, remember preferences, secure your session, prevent abuse, and analyze usage. The desktop application stores license, configuration, and session data locally on your device.

You can control cookies through your browser settings. Blocking or deleting cookies may break sign-in, license verification, and other features.

7. Data Retention

We retain information for as long as is reasonably necessary to provide the Services, comply with our legal, tax, accounting, and audit obligations, resolve disputes, enforce our agreements, prevent fraud and abuse, and protect our rights. Retention periods vary by data type and context. When information is no longer required, we will delete, anonymize, or de-identify it, except where retention is required by law or where the data exists in routine backups that are overwritten on schedule.

8. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, and destruction. No method of transmission or storage is fully secure, and we cannot guarantee absolute security. You are responsible for keeping your Account credentials, license keys, devices, and local data secure, and for notifying us promptly of any suspected unauthorized access.

9. Your Rights and Choices

Depending on where you live, you may have rights under applicable law to access, correct, update, delete, port, restrict, or object to certain processing of your personal information, and to withdraw consent or appeal a decision. To exercise these rights, contact us at support@pokebot.ca. We will respond within the timeframes required by applicable law.

We may need to verify your identity before acting on a request and may decline or limit a request where permitted by law, including where it is unfounded, excessive, would compromise another person's privacy, would interfere with our ability to enforce our Terms or detect abuse, or where we are legally required to retain the information.

You can also unsubscribe from non-transactional emails using the unsubscribe link in those messages. Transactional and security communications are required to operate the Services and cannot be opted out of while you maintain an Account.

10. International Data Transfers

We and our service providers may process information in countries other than the country where you live, including Canada, the United States, and other jurisdictions whose data protection laws may differ from your own. Where required, we rely on appropriate safeguards such as standard contractual clauses, vendor commitments, and other lawful transfer mechanisms. By using the Services, you acknowledge that your information may be transferred to and processed in those jurisdictions.

11. Third-Party Services and Links

The Services may interact with or link to third-party websites, retailers, marketplaces, payment processors, proxy providers, captcha providers, Discord, hosting providers, and other third parties. We do not control those third parties, and their collection, use, and disclosure of information is governed by their own privacy practices. Review their policies before providing information to them or using their services through ours.

12. Automated Decision-Making

We may use automated systems to detect fraud, abuse, license violations, account sharing, and security threats, and to enforce our Terms. These systems may flag, suspend, restrict, or terminate Accounts. Where required by law, you may request human review of decisions that produce legal or similarly significant effects by contacting support@pokebot.ca.

13. Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal information from individuals under the age of majority in their jurisdiction. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

14. Changes to This Policy

We may update this Policy from time to time. When we do, we will update the effective date and make the revised Policy available through the website, dashboard, app, email, or another reasonable method. Continued access to or use of the Services after the updated Policy becomes effective means you accept the updated Policy.

15. Contact

Questions, requests, or complaints about this Policy or our privacy practices should be sent to support@pokebot.ca. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority (for example, the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, or the supervisory authority in your EU member state).