Privacy Policy

Placeholder notice

This is a draft placeholder and is not a final legal document. Replace this page with reviewed legal text before production use.

Effective date: 2026-03-24

Controller: [INSERT LEGAL ENTITY NAME], [INSERT LEGAL ADDRESS], contact [INSERT SUPPORT EMAIL].

This policy explains how personal data is processed in Bandcash in line with GDPR and applicable Hungarian law.

1. Data categories

Account and identity data (email, user ID), usage and audit data, billing references, and support communication records.

Payment card details are processed by Paddle and payment partners; Bandcash does not store full card numbers.

2. Legal bases and purposes

We process data to provide the service (GDPR Article 6(1)(b)), meet legal obligations (Article 6(1)(c)), and protect legitimate interests like security and fraud prevention (Article 6(1)(f)).

Where required, consent-based processing relies on Article 6(1)(a), with withdrawal rights at any time.

3. Processors and international transfers

We use vetted subprocessors for infrastructure, communications, and billing operations, including Paddle as Merchant of Record.

When data is transferred outside the EEA, we rely on lawful safeguards such as adequacy decisions or standard contractual clauses.

4. Retention and rights

Data is retained only as long as needed for service delivery, legal compliance, dispute resolution, and security purposes.

You have rights to access, rectification, erasure, restriction, portability, and objection under GDPR Articles 15-21, subject to legal limits.

You may lodge a complaint with your local EU supervisory authority or, in Hungary, NAIH.