Back to Home
1. Data Controller
The data controller for personal data processing is:
SPNID, LLC5830 E 2nd St, Ste 6100 — Casper, Wyoming 82609-4308, United States
Email:
support@spnid.com
This policy is provided pursuant to the GDPR (EU 2016/679), the CCPA, and applicable regulations.
2. Data Collected
Registration Data
Upon registration, we collect:
- Name and surname — to identify the user
- Email address — for communications and access
- Password — stored in hashed cryptographic form
- Phone number — optional, for verification and contacts
- Shipping address — for order delivery
Browsing Data
- IP address and approximate geolocation data
- Browser type, operating system, and device
- Pages visited, time spent, and navigation path
- Referrer data and traffic source
Payment Data
To process transactions, the following data is handled by our payment processors:
- Stripe: handles credit card data — SPNID never stores full card data
- Crypto payments: public wallet addresses and transaction hashes
- Billing data: name, address, and tax ID if applicable
Payment security: all payment data is encrypted with TLS 1.3 and compliant with PCI-DSS standards.
Social Login
If you use social network login, we receive:
- Name and profile picture from the provider (Google, Facebook, Telegram)
- Email address associated with the social account
- Unique identifier from the provider
- We never access your contacts or private messages
3. Purpose of Processing
Your data is processed for the following purposes:
- Contract performance: account management, orders, shipments, and payments
- Legal obligation: invoicing, tax records, and anti-money laundering regulations
- Legitimate interest: platform security, fraud prevention, and service improvement
- Consent: marketing communications, newsletters, and promotional notifications
4. Cookies and Tracking Technologies
We use cookies and similar technologies to improve user experience.
Technical Cookies (required)
- Session: maintain authentication and shopping cart
- Preferences: language, currency, and display settings
- Security: CSRF protection and attack prevention
- Performance: caching and loading optimization
Third-Party Cookies
- Google Analytics: traffic analysis and user behavior (anonymized)
- Stripe: payment fraud prevention
- Social media: sharing buttons and social login
Cookie Management
You can manage cookie preferences through the banner displayed on first visit or from your browser settings.
5. Data Retention
- Account data: retained until account deletion
- Order data: 10 years for tax and accounting obligations
- Browsing data: 26 months maximum
- Marketing data: until consent withdrawal
- Backups: deleted within 90 days of account deletion
6. Your Rights
Under GDPR and CCPA, you have the following rights:
- Right of access: request a copy of your personal data
- Right of rectification: correct inaccurate or incomplete data
- Right to erasure: request deletion of your data
- Right to restriction: restrict processing in certain circumstances
- Right to portability: receive your data in a structured format
- Right to object: object to processing for direct marketing
- Right to withdraw: withdraw consent at any time
How to exercise your rights:
- Send an email to support@spnid.com with subject "Privacy Request"
- We will respond within 30 days of receiving your request
- We may require identity verification before proceeding
7. Account and Data Deletion
We offer several options for deleting your data:
Method 1: From Account Settings
- Log in to your SPNID account
- Go to Settings → Privacy → Delete Account
- Confirm with your password and select "Delete permanently"
- You will receive a confirmation email within 24 hours
Method 2: Via Email
Send an email to support@spnid.com with:
- Subject: "Account deletion request"
- The email associated with your account
- Identity confirmation
Method 3: Deletion Form
Use our dedicated data deletion form.
Deletion timelines:
- Account deactivated: immediately
- Personal data deleted: within 30 days
- Backups deleted: within 90 days
- Mandatory tax data: retained for 10 years as required by law
8. Data Security
We implement the following security measures:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Web Application Firewall (WAF) and DDoS protection
- Least privilege access controls
- Servers in ISO 27001 certified data centers
- Regular security audits and penetration testing
9. Third-Party Services
Payment Processors
- Stripe Inc. — credit card payment processing
- Blockchain networks — cryptocurrency transactions
- PayPal (optional) — online payments
Analytics and Monitoring
- Google Analytics — traffic analysis (anonymized data)
- Sentry — application error monitoring
Communications
- Transactional email service for order notifications
- WebSocket for real-time chat and notifications
Each third-party provider is bound by data processing agreements (DPAs) compliant with GDPR. For details, consult their respective privacy policies.
10. International Transfers
Your data may be processed in countries outside the EU/EEA:
- United States: SPNID, LLC headquarters (Wyoming) — protected by Standard Contractual Clauses
- Stripe: compliant with EU-US Data Privacy Framework
- Google: compliant with EU-US Data Privacy Framework
- CDN/Hosting: servers may be in various jurisdictions — protected by DPAs
- Safeguards: all transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions
11. Policy Changes
We reserve the right to update this policy. Significant changes will be communicated via email or platform notification. Each change takes effect from the published date.
12. Legal Basis
Processing is based on the legal grounds set out in Art. 6 GDPR: data subject consent, contract performance, legal obligation, and legitimate interest. For minors, processing requires parental or guardian consent.
Last updated: March 11, 2026
Version: 3.0