Privacy Policy
Last updated: 12 June 2025
1. Who We Are
Cesar Camacho, doing business as Vektogram, is the data controller for the Service. Contact details are listed at the end of this policy.
2. Data We Collect
- Email address used to create your account
- Encrypted Vault blob (never readable by us)
- IP address and basic device information (server logs)
- Paddle order ID and transaction metadata
3. Legal Bases (GDPR)
| Processing | Legal basis |
|---|---|
| Account creation, Unlock purchase | Contract (Art 6 (1)(b)) |
| Server logs, fraud prevention | Legitimate Interest (Art 6 (1)(f)) |
| Marketing or newsletter emails | Consent (Art 6 (1)(a)) |
4. How We Use Data
- Provide, maintain, and improve the Service.
- Process payments via Paddle.
- Detect and prevent fraud or abuse.
- Communicate updates or marketing (with consent).
5. Processors & Sub‑processors
| Processor | Purpose | Location |
|---|---|---|
| Paddle Payments Ltd | Payment processing, tax & invoicing | UK / EU / US |
| Render.com | Hosting & infrastructure | Oregon, USA |
| Resend | Transactional email | United States / EU |
6. International Transfers
Data stored on Render servers in the United States is transferred under Standard Contractual Clauses where required.
7. Retention
- Billing records: 7 years (tax compliance).
- Vault data: deleted 30 days after account closure.
- Server logs: 30 days rolling.
8. Security Measures
Client‑side AES‑256 encryption; TLS in transit; 100 k PBKDF2 iterations; periodic external penetration testing.
9. Your Rights
Access, rectification, erasure, restriction, portability, and objection under GDPR and applicable Mexican law. To exercise rights, email privacy@vektogram.com.
10. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect data from children.
11. Changes
We will notify you of material changes at least 15 days before they take effect.
12. Contact
See Section 15 of the Terms.
Cookie Policy
Last updated: 12 June 2025
Vektogram sets no first‑party cookies. During checkout, Paddle may place a short‑lived session cookie (paddlejs_checkout_session) to detect fraud and remember the selected payment method. You can block or delete cookies via your browser settings without affecting core site functionality.