Legal
Privacy Policy
1. Who We Are
Kastell Store (kastell.store) is an independent digital marketplace that sells subscription services, in-game items, and other digital goods. We connect customers with digital products at accessible prices.
When this policy refers to "Kastell", "we", "us", or "our", it means the operators of kastell.store. For any privacy-related questions, you can reach us at our Discord server .
2. Information We Collect
2.1 Account & Registration Data
When you create an account — via email, Discord, or Google — we collect:
- Your email address
- A display name or username
- Your Discord user ID (if you log in with Discord)
- Your Google account ID (if you log in with Google)
We never store your Discord or Google password. Authentication happens directly through their official OAuth2 systems.
2.2 Order Data
When you place an order, we collect:
- The products purchased and quantities
- Order total and payment method (e.g., Binance Pay, Crypto, TF2 Keys)
- Transaction reference provided by the payment processor
- Date and time of the purchase
We do not collect or store credit card numbers or full payment credentials. Payments are processed externally through third-party platforms.
2.3 Technical Data
Like most websites, our server may automatically record your IP address, browser type, referring URL, and pages visited. This data is used solely for security and diagnostic purposes and is not shared or sold.
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Fulfill your order and deliver the service | Email, order details, Discord ID (if applicable) |
| Create and manage your account | Email, display name, provider ID |
| Send order confirmations and support replies | |
| Maintain sales records and prevent fraud | Order history, Discord ID, email |
| Improve site security and diagnose errors | IP address, browser data |
We will never sell your personal data to third parties.
4. Third-Party Services
4.1 Discord OAuth2
If you choose to sign in with Discord, you are redirected to Discord's authorization page. We receive only the data you approve: your Discord user ID, username, and verified email address. We do not receive your password, messages, or server list. Discord's privacy practices are governed by the Discord Privacy Policy.
4.2 Google OAuth2
If you choose to sign in with Google, you are redirected to Google's authorization page. We receive only your Google account ID, display name, and email address. We do not receive access to your Gmail, Drive, or any other Google service. Google's privacy practices are governed by the Google Privacy Policy.
4.3 Payment Processors
Payments are handled through external platforms (Binance Pay, crypto wallets, gift card redemption services). We receive a confirmation that your payment was completed, but we never have access to your wallet keys or card numbers.
4.4 WooCommerce & WordPress
Our store runs on WooCommerce (by Automattic). Order and account data are stored in our own database hosted on our server. We do not transmit personal data to Automattic as part of normal store operations.
5. Cookies
We use cookies to keep you logged in, remember your cart, and protect form submissions (CSRF tokens). We do not use advertising or tracking cookies.
- Session cookies — keep you authenticated during your visit.
- WooCommerce cookies — store cart contents between pages.
- Security cookies — short-lived tokens used to validate OAuth2 login attempts (automatically deleted after 5 minutes).
You can disable cookies in your browser settings, but doing so may prevent you from logging in or completing purchases.
6. Data Retention
We retain your account and order information for as long as your account is active, or as long as reasonably necessary to provide support and resolve disputes.
If you request account deletion, we will remove your personal identifiers. Order records may be retained in anonymized form for accounting purposes.
7. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data via your account settings.
- Request deletion of your account and associated data.
- Data portability — request a copy of your order history in a common format.
- Withdraw consent at any time for any processing based on consent.
To exercise any of these rights, contact us on our Discord server or open a support ticket via the My Account page.
8. Security
Our site is served exclusively over HTTPS. Passwords for email-registered accounts are hashed using WordPress's bcrypt implementation and are never stored in plain text. OAuth2 logins use industry-standard state tokens to prevent CSRF attacks.
While we apply reasonable security measures, no system is 100% immune to breaches. If you suspect unauthorized access to your account, please contact us immediately through Discord.
9. Children's Privacy
Kastell Store is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal information, please contact us so we can remove it.
10. Changes to This Policy
We may update this Privacy Policy occasionally. When we do, the "Last updated" date at the top of the page will change. We encourage you to review this page periodically. Continued use of the site after any update constitutes acceptance of the revised policy.
11. Contact
For any privacy-related questions or requests, the fastest way to reach us is through our Discord community. You can also send a message through the My Account section once logged in.