Privacy Policy

1. Information We Collect

When you use the RozMoni service, we may collect the following information:

• Account information: Email address, password hash (we never store plaintext passwords).
• Device information: Machine identifier (SHA-256 hash of CPU, NIC, and disk serial numbers) used for device binding.
• Login records: Login timestamps, IP addresses, and login results for security auditing.
• Subscription data: Paddle customer ID, subscription ID, subscription status, and expiration date.

2. Information We Do Not Collect

• We do not collect your game account passwords (OTP keys are stored locally on your device only).
• We do not collect in-game screenshots (all image detection runs locally on your device).
• We do not collect your credit card information (payments are processed directly by Paddle).

3. How We Use Your Information

• To verify your identity and authorize your device.
• To manage your subscription status.
• To detect abnormal login activity and protect your account.
• To improve service quality and troubleshoot technical issues.

4. Data Storage & Security

• All data is stored in a Supabase cloud database with HTTPS/TLS encryption in transit.
• Passwords are hashed with bcrypt and salted. Plaintext recovery is impossible.
• Machine identifiers are irreversible hashes; hardware information cannot be derived.
• All API endpoints have rate limiting to prevent brute-force attacks.

5. Third-Party Services

We use the following third-party services, each with their own privacy policies:

• Paddle — Paddle — Payment processing (Paddle Privacy Policy)
• Supabase — Supabase — Database hosting (Supabase Privacy Policy)
• Upstash — Upstash — Rate limiting cache (Upstash Privacy Policy)

6. Cookies

We use only one essential session cookie (ro_session) to maintain your login state. This cookie is HttpOnly and Secure, and is not used for tracking or advertising.

7. Your Rights

• Right of access: You can view your personal data on your account page at any time.
• Right to deletion: You can request account and data deletion by emailing us.
• Right to portability: You can request an export of your personal data.

8. Data Retention

• Account data is retained while your account is active and fully deleted within 30 days of account deletion.
• Login records are automatically deleted after 90 days.
• Payment records are retained for 5 years as required by law.

9. Contact Us

For privacy-related questions or requests, please email: support@roz-moni.com