Privacy

Who we are. This center is operated by RefundInvest, the data controller for the information described here. For any privacy request — including the controller’s full legal name and registered address — contact [email protected].

What we collect. Verification codes you check are not stored — only one-way hashes of failed attempts, to prevent abuse. If you sign in, we store your email address (to send sign-in links) and your support messages. If you choose identity verification, we store the identity document(s) and selfie you upload.

How we protect it. Uploaded documents are encrypted at rest (AES-256-GCM) and accessible only to authorised reviewers; all traffic is encrypted in transit (TLS). We never log your raw code, email, or message content.

Why we use it & legal basis. To verify message authenticity, provide support, and — for identity verification — to confirm your identity and prevent misuse of other people’s data. We rely on your consent (which you can withdraw) and our legitimate interest in preventing fraud.

Retention. We keep personal data only as long as necessary for the purposes above and to meet legal obligations. You can ask us to delete your data at any time (see Your rights), and we honour deletion requests unless the law requires us to retain it.

Your rights. Under the GDPR you may request access, correction, deletion, restriction, or portability, object to processing, and withdraw consent at any time. To exercise these rights or raise a concern, contact [email protected]; you may also complain to your local data-protection authority.