Privacy Policy

Effective from: 9 мая 2026 г. · Tridents (tridents.store)

This Privacy Policy explains how Tridents (the "Controller") processes personal data of users of tridents.store in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR").

1. Data controller

The data controller is the individual entrepreneur whose details are listed at the bottom of this document. You may contact us at support@tridents.store regarding any privacy matter.

2. Categories of personal data

• Account data: username, email address, password hash, IP address at the moment of registration, timestamps.
• Order data: in-game nickname, list of purchased items, amount, order status, IP address at checkout.
• Technical data: browser User-Agent, language preference, theme preference, anonymised analytics events (no third-party trackers).
• Communication data: contents of messages sent to support.

3. Purposes and legal basis

• Performance of contract (Art. 6(1)(b) GDPR) — operating the Service, processing orders, providing support.
• Legal obligation (Art. 6(1)(c) GDPR) — accounting, anti-fraud, responding to lawful requests from authorities.
• Legitimate interest (Art. 6(1)(f) GDPR) — service security, prevention of abuse, anonymised product analytics.
• Consent (Art. 6(1)(a) GDPR) — only where explicitly required (e.g. marketing emails, currently not active).

4. Data recipients (processors)

We share the minimum necessary data with the following processors:

• Payment processors: Stripe, Enot, FreeKassa, AnyPay — to process payments. They receive order amount, order reference, return URLs and customer email (where required).
• Hosting infrastructure: AWS EC2 (Frankfurt region, EU) — to host the application and database.
• Domain & CDN: Cloudflare — DNS, TLS termination, DDoS protection.
• Merchant servers: the in-game nickname is sent to the Merchant's Minecraft server via RCON for delivery purposes only.

5. International transfers

Personal data is stored within the EU (AWS Frankfurt). Where data is transferred outside the EU/EEA (e.g. Stripe — USA), such transfers are governed by Standard Contractual Clauses approved by the European Commission and additional safeguards.

6. Retention

• Account data — for as long as the account exists, plus 12 months after deletion.
• Order data — 6 years (accounting obligation).
• Support correspondence — 24 months.
• Technical logs — 90 days.

7. Your rights under GDPR

• Right of access (Art. 15).
• Right to rectification (Art. 16).
• Right to erasure / "right to be forgotten" (Art. 17).
• Right to restriction of processing (Art. 18).
• Right to data portability (Art. 20).
• Right to object (Art. 21).
• Right to lodge a complaint with a supervisory authority in your EU member state.

To exercise any right, contact support@tridents.store. We respond within 30 days as required by Art. 12(3) GDPR.

8. Cookies

We use only strictly necessary cookies for authentication, theme and language preferences and cart state. We do not use third-party tracking or advertising cookies. A cookie banner is shown on first visit; consent is recorded in localStorage and may be withdrawn by clearing site data.

9. Security

We employ industry-standard measures: TLS 1.3 in transit, hashed passwords (bcrypt), encrypted backups, role-based access to production data, and a documented incident response procedure. Notifiable breaches are reported within 72 hours pursuant to Art. 33 GDPR.

10. Provider details