Privacy policy.

Last updated · April 2026

What we collect

• Order email, country (optional), and marketing opt-in flag.
• Target URLs you provide for fulfillment.
• Payment provider transaction identifiers (no card numbers, no crypto private keys).
• Server logs: IP, user agent, request paths (retention: 30 days).

What we do not collect

• Social platform passwords or OAuth tokens.
• 2FA codes or API keys.
• Card numbers (Stripe/PayPal hold these; we only receive transaction IDs).

Cookies

We set one signed, HttpOnly cookie for cart state and analytics cookies only if you opt in.

Sharing

Your data is shared only with payment processors (Plisio, Stripe, PayPal), Brevo (for transactional email), and Cloudflare (for infrastructure) — all bound by their own privacy practices. We never sell personal data.

Your rights

Email info@1kreach.com to request export or deletion of your data. We honor requests within 30 days.