Privacy Policy

We use your data to:

• Product delivery: process orders and deliver Robux or digital services
• Support: handle queries, claims, and tickets
• Fraud prevention: detect and prevent misuse, false chargebacks, duplicate accounts, and promotion abuse
• Analytics: improve the website, performance, and user experience
• Marketing and communications: send abandoned cart reminders, offers, and news in accordance with the applicable legal basis
• Legal compliance: when required by law or to defend rights in case of claim

We process your data based on the consent you give us when registering and accepting this policy, on the performance of the contract (provision of the purchase and delivery service), on legitimate interest (security, analytics, fraud prevention, service improvement) and, where applicable, on compliance with legal obligations. You may withdraw your consent at any time by contacting us; this will not affect the lawfulness of prior processing.

We use cookies and similar technologies classified into the following categories:

• Essential: indispensable for the operation of the site (session, authentication, CSRF prevention). They do not require consent.
• Functional: remember user preferences (language, currency, configuration). They improve the experience without being indispensable.
• Analytics: measure the use of the site to improve performance and experience. May include anonymized or pseudonymized data.
• Marketing: allow displaying relevant advertising and measuring campaigns. They include Facebook Pixel, Google Ads, and similar tools. They require prior consent where the law so requires (European Economic Area, United Kingdom, Brazil, and other applicable jurisdictions).
• Anti-fraud: include Cloudflare Turnstile (captcha) and device fingerprinting techniques, used exclusively to protect the platform against fraud, abuse, or automated attacks.

We share data only when necessary with the following sub-processors and provider categories:

• Vercel Inc. (USA): website hosting, edge network, and observability.
• Supabase Inc. (USA): authentication, database, storage, and serverless functions.
• Stripe, Inc. (USA): card payment processing and associated methods.
• PayPal Holdings, Inc. (USA): PayPal payment processing.
• Mercado Pago / MercadoLibre (Argentina/International): payment processing in Latin America.
• Cryptomus: cryptocurrency payment processing.
• NowPayments OÜ (Estonia): cryptocurrency payment processing.
• Resend Inc. (USA): transactional email and notification delivery.
• Discord Inc. (USA): optional authentication, notifications, and support functionalities linked to Discord.
• Cloudflare, Inc. (USA): anti-bot protection (Turnstile), CDN, and attack mitigation.
• Google LLC (USA): optional authentication with Google account and, where applicable, analytical and advertising tools.
• Meta Platforms, Inc. (USA): where applicable, measurement of advertising campaigns through Pixel.

These third parties process the data in accordance with their own policies and applicable law, under appropriate contractual agreements (including data processing clauses where required). PEEK STORE does not sell personal information.

We retain your data for the periods necessary to fulfill the purposes described, applicable legal obligations, and the exercise or defense of claims. Indicative periods:

• Active account data: as long as the account remains active or its deletion is not requested.
• Closed account data: up to twelve (12) months after closure, except for higher legal retention obligation.
• Order and billing data: between five (5) and ten (10) years in accordance with the accounting and tax obligations of the applicable country.
• Support tickets and messages: up to twenty-four (24) months after ticket closure.
• Technical and security logs: between six (6) and twelve (12) months, with the possibility of longer retention when necessary to investigate incidents.
• Optional third-party credentials (Roblox cookies, Discord tokens): deleted or invalidated after completing the operation that motivated their delivery, within a period not exceeding seventy-two (72) hours.
• Cookies and marketing data: according to the duration indicated in the consent banner; can be revoked at any time.

After the applicable periods, the data is deleted, irreversibly anonymized, or kept solely for aggregate statistical purposes without the possibility of identification.

We apply appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure: encryption in transit, role-based access control, secure environments, access logging, and periodic review of practices. No system is foolproof; if you detect an incident, contact us immediately at contacto@peekstore.com.

Our services are not directed to children under 13 years of age. We do not intentionally collect personal data from children under 13 years of age in accordance with the Children's Online Privacy Protection Act (COPPA) of the United States. Minors between 13 and 18 years (or the age of majority in their jurisdiction) may only use the service with authorization and under the supervision of their legal representative. Certain features (contests with cash prizes, specific promotions) may require legal age. If you are a parent or guardian and consider that a minor has provided us with data without your authorization, contact us at contacto@peekstore.com to request its deletion.

PEEK DIGITAL LLC operates from the United States of America. By using our services you understand and accept that your data will be processed and stored in the United States and, through our providers, in other jurisdictions. When your data is transferred from the European Economic Area, United Kingdom, or other jurisdictions with data protection laws, we will apply recognized safeguards (Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms) to ensure an adequate level of protection.

We may update this Privacy Policy from time to time. Substantial changes will be notified at least fifteen (15) days in advance through notice on the website or by email when possible. The «Last updated» date at the top of the document indicates the latest revision. Continued use of the service after the changes take effect implies acceptance of the updated policy.

If you are a California resident, in accordance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) you have the right to:

• Know what categories of personal information we collect and their purposes
• Request a copy of the personal information we have about you
• Request the deletion of your personal information
• Correct inaccurate personal information
• Object to the sale or assignment of your personal information (PEEK STORE does not sell personal information)
• Not be discriminated against for exercising these rights

To exercise any of these rights, write to us at contacto@peekstore.com indicating your request. We will reasonably verify your identity before responding.

If you are in the European Economic Area, Switzerland, or United Kingdom, we recognize the rights provided in the General Data Protection Regulation (GDPR) and UK GDPR: access, rectification, erasure («right to be forgotten»), limitation of processing, portability, opposition and not to be subject to significant automated decisions.

The legal bases of processing are: contractual performance (process your order), consent (non-essential cookies and communications), legitimate interest (security, fraud prevention, service improvement) and compliance with legal obligations. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

You have the right to file a complaint with the supervisory authority of your country (for example, AEPD in Spain, CNIL in France, ICO in the United Kingdom).

If you are in Brazil, we recognize the rights provided in the Lei Geral de Proteção de Dados (Lei nº 13.709/2018):

• Confirmation of the existence of processing.
• Access to the data.
• Correction of incomplete, inaccurate, or outdated data.
• Anonymization, blocking, or deletion of unnecessary data or data processed in non-compliance with the LGPD.
• Portability to another service provider.
• Deletion of data processed with consent, except for legal retention obligation.
• Information about the public or private entities with which the data is shared.
• Information about the possibility of not consenting and the consequences of refusal.
• Revocation of consent.

To exercise these rights, contact us at contacto@peekstore.com. You also have the right to file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

If you are in Colombia, in accordance with Law 1581 of 2012, its regulatory decrees, and other applicable personal data protection regulations, we recognize the following rights:

• Know, update, and rectify your personal data.
• Request proof of the authorization granted for processing.
• Be informed about the use that has been given to your personal data.
• File complaints with the Superintendencia de Industria y Comercio (SIC) for infractions of the law.
• Revoke authorization or request the deletion of data when legal principles, rights, and guarantees are not respected.
• Free access to personal data that has been subject to processing.

To exercise these rights you can write to contacto@peekstore.com indicating your request. PEEK STORE will respond within the periods provided by Colombian law.

PEEK STORE may send promotional communications by email or other channels:

• Abandoned cart reminders, offers, discounts, product announcements, and news.
• Notifications of events, contests, and promotions.

Only authorized PEEK STORE personnel access personal data and always under the principle of least privilege: each role (administration, support, moderation, antifraud team) accesses only the information strictly necessary for their functions.

Accesses are logged and monitored. Personnel are subject to confidentiality obligations and internal sanctions in case of misuse. PEEK STORE may revoke accesses at any time upon suspicion or evidence of non-compliance.

In the event of detecting a security breach that significantly affects users' personal data, PEEK STORE will notify the competent authority(ies) and, where appropriate, the affected users, without undue delay and, when GDPR or LGPD applies, within seventy-two (72) hours of becoming aware of the breach.

The notification to users will include, to the extent possible, the nature of the incident, the categories of data affected, the possible consequences, and the measures adopted or proposed to mitigate the effects. Communications will be made by email, visible notice on the website, or other means proportional to the risk.

To protect the integrity of the platform and prevent fraud, PEEK STORE generates a technical identifier (device fingerprint) from characteristics of the user's browser and device, such as canvas configuration, WebGL, audio, installed fonts, plugins, time zone, language, and screen resolution.

This identifier is used solely for security purposes, fraud prevention, detection of duplicate accounts, and application of the Terms and Conditions. It is not used to profile the user for advertising purposes or assigned to third parties for commercial purposes.

The customer may object to this processing; however, this may imply restrictions on access to the service or to certain features for security reasons. The legal basis of this processing is PEEK STORE's legitimate interest in protecting its service and its users from fraud.