Legal

Privacy Policy

Last updated: June 2, 2026 · GDPR compliant

1. Who We Are

SevinHub is operated by me, Sergiu Vincze, registered as self-employed in Belgium. This policy explains what personal data my team and I collect, why, and your rights under the General Data Protection Regulation (GDPR).

Data Controller contact: contact@sevinhub.com

2. Data We Collect

Account Data

When you register: name, email address, username, and password (stored as a secure hash — never in plain text).

Purchase Data

When you make a purchase: payment method details (processed securely by Stripe — we never store full card numbers), order information, and download records.

Support & Communication

When you contact support: name, email, message content, and any attachments you provide.

Technical Data

IP address (for security logging and rate limiting), browser type, pages visited, and session data. This is used to prevent fraud and improve security.

3. Legal Basis for Processing (GDPR)

  • Contract performance — Processing necessary to fulfill your purchase and provide account services
  • Legitimate interests — Security logging, fraud prevention, and site analytics
  • Consent — Marketing communications (only if you opt in)
  • Legal obligation — Retaining transaction records as required by Belgian law

4. How We Use Your Data

  • Fulfill and manage your purchases and download access
  • Send transactional emails (purchase confirmations, password resets, support replies)
  • Prevent fraud, abuse, and unauthorized access
  • Improve the Platform and fix technical issues
  • Comply with legal obligations

5. Data Sharing

We do not sell your personal data. We share data with:

  • Stripe — Payment processing. Their privacy policy applies to payment data: stripe.com/privacy
  • Hosting provider — For server infrastructure (data stored in the EU where possible)

We will disclose data if required by Belgian or EU law enforcement with a valid legal request.

6. Data Retention

  • Account data: retained while your account is active and for 2 years after deletion request
  • Transaction records: retained for 7 years as required by Belgian tax law
  • Security logs: retained for 90 days
  • Support tickets: retained for 3 years

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data (subject to legal retention requirements)
  • Portability — Receive your data in a machine-readable format
  • Restriction — Request we limit processing of your data
  • Object — Object to processing based on legitimate interests
  • Withdraw consent — For any processing based on consent

To exercise any right, email contact@sevinhub.com. We respond within 30 days.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

8. Cookies

We use a single session cookie (sevinhub_sess) required for login and CSRF protection. This is a strictly necessary cookie — no consent is required. We do not use advertising or tracking cookies.

9. Security

We implement technical and organisational measures including: bcrypt password hashing, CSRF protection on all forms, rate limiting on authentication, input validation, and HTTPS enforcement in production.

10. Children's Privacy

The Platform is not directed at children under 16. We do not knowingly collect data from minors. If you believe a child has provided data, contact us and we will delete it.

11. Changes to This Policy

We may update this policy. Material changes will be communicated via email or a prominent notice on the site. The "last updated" date at the top reflects the most recent revision.

12. Contact

Privacy questions: contact@sevinhub.com

Terms of Service · ← Home