Privacy Policy

1. Who we are

Buyvotescontest.com ("we", "us", "our") operates the website buyvotescontest.com and provides real-vote services for consumer online contests. Founded 2018 by Victor Williams, California, USA. We are the data controller for personal data you submit through this site.

Contact for privacy matters: [email protected] (subject line "Privacy") or @VoresStore_bot.

2. What data we collect

We collect only what is necessary to deliver our service and respond to inquiries:

• Contact information you submit voluntarily: email address, Telegram username, optional first name.
• Order details: contest URL, vote target (entry name/number/option), optional country preference, optional deadline, optional notes.
• Payment information: handled entirely by our payment processors (Stripe for cards, PayPal, crypto wallets). We never store your card number or banking details — we only see the processor's payment confirmation token.
• Technical data automatically collected by Cloudflare: IP address, browser User-Agent, page-load timestamps. Used only for DDoS protection and bot filtering. Cloudflare retains these for ~24 hours per their privacy policy.
• Cookies: see our Cookie Policy for the full list. In summary: one functional cookie (banner state in localStorage, not transmitted), plus JivoChat session cookies (only loaded after you click "Accept" on the consent banner).

We do not collect: precise location, biometric data, special-category data (race, religion, health, political opinions, sexual orientation, etc.), data about minors knowingly.

3. Why we collect it (purposes)

• To deliver the service you requested: process orders, dispatch votes, send delivery reports.
• To respond to your support requests: live chat, email questions, refund processing.
• To prevent fraud and abuse: detect duplicate orders, identify malicious form submissions (honeypot), respect rate limits.
• To improve the service: anonymous, aggregate analysis of conversion rates, page speed, error logs. We do not analyse individual user behaviour.
• To comply with legal obligations: tax records, refund claims, response to lawful court orders.

4. Legal basis (GDPR Article 6)

• Contract performance (Article 6(1)(b)): processing order details to deliver votes you paid for.
• Legitimate interest (Article 6(1)(f)): fraud prevention, security logs, service improvement. Balanced against your rights — we will stop on request.
• Consent (Article 6(1)(a)): JivoChat live-chat widget loads only after you click "Accept" on the cookie banner. You can withdraw consent anytime by clicking "Reject" or clearing your browser storage.
• Legal obligation (Article 6(1)(c)): tax records and lawful court orders.

5. How long we keep your data

• Customer support emails and Telegram chats: 90 days after order delivery, then deleted unless an active refund/dispute requires longer retention.
• Order records (for accounting/tax): 7 years per US/EU tax law minimums, then deleted.
• Cloudflare logs (IP, UA): ~24 hours, controlled by Cloudflare.
• JivoChat transcripts: retained by JivoChat per their policy — we retrieve them only for active disputes, otherwise we don't access them.

You can request earlier deletion at any time — see "Your rights" below.

6. Who we share data with (third parties)

We share data only with processors strictly necessary to operate the service. Each is bound by a Data Processing Agreement (DPA) where applicable:

• Cloudflare (CDN, DDoS protection, edge security) — receives request metadata. Privacy policy / DPA.
• JivoChat (live-chat widget, loaded only after consent) — receives chat content, IP, session data. Privacy policy.
• Telegram (when you contact our bot @VoresStore_bot) — messages stored on Telegram's servers per their policy.
• Payment processors: Stripe, PayPal, USDT (TRC-20/ERC-20), Bitcoin/Lightning, Cash App. They receive payment data directly — we never see your card number.
• MailChannels (transactional email via our Cloudflare Worker, only if you submit the contact form) — receives email content for delivery.

We do not sell, rent, or trade your data. We do not run advertising trackers (no Google Analytics, no Facebook Pixel, no remarketing pixels).

7. International data transfers

Our infrastructure runs on Cloudflare's global edge network. Personal data you submit may be temporarily processed in data centres outside your home country, including the USA. Cloudflare maintains EU Standard Contractual Clauses for transfers under GDPR Article 46. Payment processors transfer data per their own SCCs.

8. Your rights (GDPR / CCPA / UK GDPR / DPDP / LGPD / PDPL)

You can exercise any of these rights at any time by emailing [email protected] with subject "Privacy request — [your right]":

• Right of access — we will send you all personal data we hold about you within 30 days, free of charge.
• Right to rectification — correct any inaccurate data.
• Right to erasure ("right to be forgotten") — delete your data unless legal retention applies (e.g. tax records).
• Right to data portability — receive your data in machine-readable JSON.
• Right to restrict processing — pause processing while you contest accuracy or object to legitimate interest.
• Right to object — to processing based on legitimate interest, including profiling (we do not profile).
• Right to withdraw consent — for JivoChat and any future consent-based processing, by clicking "Reject" on the banner or clearing browser storage.
• Right to complain — to your local data protection authority. EU users: find your DPA here. UK: ICO. California: AG's office. India: Data Protection Board (under DPDP Act 2023). Brazil: ANPD (under LGPD). Saudi Arabia: SDAIA (under PDPL).

8.1 Regional supplementary rights

• India — Digital Personal Data Protection Act 2023 (DPDP): Indian users have all GDPR-equivalent rights plus the right to nominate a representative to exercise them in case of death or incapacity. Grievance officer: [email protected] (subject "DPDP grievance"). Response within 30 days as required by DPDP §13(2). For unresolved grievances, escalate to the Data Protection Board of India.
• Brazil — Lei Geral de Proteção de Dados (LGPD) Law 13.709/2018: Brazilian users have the rights enumerated in LGPD Article 18: confirmation of processing, access, correction, anonymisation/blocking/deletion, portability, deletion of consent-based data, information about shared parties, and revocation of consent. DPO contact: [email protected] (subject "LGPD — Encarregado"). Authority: ANPD (Autoridade Nacional de Proteção de Dados).
• Saudi Arabia — Personal Data Protection Law (PDPL): Users in KSA have rights under PDPL Articles 4-6 including access, rectification, deletion, and complaint to SDAIA (Saudi Data and AI Authority). We do not transfer KSA-resident data outside Saudi Arabia except where permitted under PDPL Article 29 (with adequate safeguards or user consent). Contact: [email protected] (subject "PDPL request").
• Other jurisdictions: Quebec (Law 25), Australia (Privacy Act 1988), New Zealand (Privacy Act 2020), South Korea (PIPA), Japan (APPI) — substantially equivalent rights are honoured. Email us in any language used elsewhere on this site.

9. How we protect your data

• HTTPS everywhere (TLS 1.3) with HSTS preload, enforced by Cloudflare.
• Cloudflare Turnstile anti-bot protection on contact forms.
• Honeypot field on forms to drop automated submissions.
• No customer credentials stored — we use OAuth-style tokens with payment processors only.
• Content Security Policy headers (currently Report-Only, moving to enforce after monitoring).
• Restricted internal access — Telegram bot tokens stored as encrypted Cloudflare Worker secrets, not in source code.

10. Children

Our services are not directed at children under 16. We do not knowingly collect data from minors. If you believe we have done so, please contact us and we will delete the data immediately.

11. Automated decision-making

We do not make automated decisions with legal or significant effects on you. Every vote order is reviewed by a human operator before delivery.

12. Changes to this policy

We may update this policy to reflect changes in law or our service. Material changes will be announced with at least 30 days' notice via banner on the homepage. The "Last updated" date at the top reflects the latest revision. Previous versions available on request.

13. How to contact us

• Email: [email protected]
• Telegram: @VoresStore_bot
• Postal address available on request for formal data-protection authority filings.

Related policies: Terms of Service · Cookie Policy · Accessibility Statement · DMCA Notice · AI Policy · Service Rules