Updated June 11, 2026
Privacy & personal data policy
This policy explains what personal data Keyndo may process when people browse the storefront, create accounts, use the wallet, place orders, reveal digital keys, contact support, and interact with security controls.
1. Scope and terms used here
This policy covers the Keyndo storefront, account area, wallet, cart, checkout, order pages, support forms, legal pages, and technical security systems. Personal data means information that can identify or reasonably relate to a person. Usage data means technical data produced by visiting or using the service. Cookies and local storage mean small browser-side records used for sessions, preferences, security, and cart continuity. The controller of personal data processed through the storefront is Velmont Digital Services Ltd, registration number HE 428371, with its registered office at Arch. Makariou III, 155, Proteas House, 5th Floor, 3026 Limassol, Cyprus. Privacy requests can be sent to support@keyndo.com or made by telephone at +35725530564.
2. Account data
When an account is created or used, Keyndo may process email address, display name, password hash, account platform marker, session state, account role, login events, ban or restriction flags, support history, order history, wallet state, locale and currency preferences, and related timestamps. Raw passwords are not meant to be stored; passwords are handled through a hash suitable for authentication.
3. Order and wallet data
For orders and wallet activity, Keyndo may process cart lines, product slugs, product names, product prices, quantities, order IDs, delivery email, payment status, delivery status, refund status, wallet ledger entries, balance after an operation, top-up intents, promo codes, promo discounts, idempotency keys, timestamps, and support-visible order metadata. These records help prove what was ordered, charged, delivered, refunded, or disputed.
4. Digital key data and reveal audit
Digital keys may be stored encrypted and connected to an order line, product, status, import batch, delivery timestamp, and reveal history. When a key is revealed, Keyndo may record the user, order, key identifier, timestamp, and a hashed or reduced network/security signal. This audit trail helps investigate duplicate claims, unauthorized access, refund requests, and disputed delivery.
5. Support data
Support messages may include the buyer email, order ID, topic, message text, screenshots, activation errors, delivery issue description, fraud or security concern, and support status. Buyers should avoid sending unrelated personal data, passwords, cookies, third-party account secrets, private payment data, recovery codes, private documents, or information about other people unless support clearly needs a limited piece of evidence for a specific case.
6. Technical and security data
The site may process IP-related data, country or proxy hints, request headers, referrer information, device and browser data, session identifiers, CSRF tokens, rate-limit counters, failed request signals, timestamps, page paths, error logs, abuse indicators, and hashed client identity signals. Some values may be stored in reduced form to limit unnecessary exposure while still supporting security and fraud review.
7. Why Keyndo uses data
Data is used to operate the store, authenticate accounts, keep sessions active, remember preferences, maintain cart and checkout continuity, charge internal balance, create orders, deliver and reveal keys, prevent duplicate charges, handle refunds, answer support, detect fraud, enforce legal terms, protect inventory, debug errors, maintain audit integrity, comply with lawful obligations, and defend legitimate rights and safety interests.
8. Cookies and local storage
Keyndo may use cookies and local storage for session continuity, CSRF protection, locale, display currency, cart state, checkout flow, security preferences, and user interface behavior. Some storage is essential for login, cart, checkout, support, and key reveal. If a buyer disables or clears storage, parts of the site may stop working or require a fresh session.
9. Providers and infrastructure
Data may be processed through hosting, database, email, security, analytics, payment, support, backup, logging, and infrastructure tools used to run the storefront. This policy does not name a provider unless the service actually uses it. If a third-party provider is involved in a specific operation, that provider may process data under its own policy and legal obligations.
10. Disclosure and legal requests
Keyndo may disclose data where needed for store operation, security, support, fraud prevention, payment or balance handling, backup, legal compliance, rights protection, dispute response, or prevention of harm. Keyndo does not need third-party account passwords or account cookies, and buyers should not provide them. Data may also be preserved when needed to respond to abuse, chargebacks, or legal claims.
11. Retention
Order records, wallet records, key status, reveal logs, promo records, support tickets, and security records may be retained while the account exists and for a reasonable period after that where needed for accounting, audit, fraud prevention, refund review, technical diagnosis, legal compliance, or dispute defense. Some records may be aggregated, anonymized, shortened, or hashed when full detail is no longer needed.
12. User requests
A user may contact support to ask about account access, correction of account details, review of support data, deletion where possible, or explanation of an order record. Some records connected to completed orders, fraud prevention, refunds, security logs, accounting, or legal obligations may need to remain even if other account data is deleted or hidden.
13. Security measures
Keyndo uses reasonable measures such as hashed passwords, separate sessions, CSRF controls, rate limits, access checks, encrypted key storage, reveal audit logs, fraud signals, and operational backups. No internet service can promise absolute security. Users should protect their mailbox, device, browser profile, passwords, two-step authentication, and recovery methods.
14. Children and age restrictions
Digital goods and third-party services may have age, country, account, or platform restrictions. Keyndo does not knowingly need extra personal data from children to deliver ordinary digital codes. A buyer must use the store only where they have the legal capacity and permission needed for the purchase and redemption method involved.
15. International access
The store may be accessible from different locations, but access from a location does not mean Keyndo targets that location, promises local legal availability, or guarantees that a third-party product is valid there. Technical routing, hosting, security logs, support systems, and backups may process data in locations needed for operation and risk control.
16. Policy updates
Keyndo may update this privacy policy as the store, catalog, security controls, payment handling, support workflow, or legal requirements change. The current version is published on the site. Continued use after an update means the user has had an opportunity to review the current policy.
17. Top-up and payment references
When a top-up or payment attempt exists, Keyndo may process status events, amount records, references, risk decisions, reversal notices, and balance consequences. Full sensitive payment credentials should stay with the relevant payment infrastructure where possible. Keyndo keeps the operational data needed to reconcile store balance, handle support, and defend against payment abuse.
18. Sensitive delivery values
Digital keys and delivery values are handled as sensitive operational data. The system may store masked values, reveal state, allocation history, replacement state, and audit events so support can verify delivery without exposing more information than needed. Access to revealed values should be limited to the buyer flow and necessary operational review.
19. Fraud prevention boundaries
Fraud and abuse checks may combine account history, technical signals, payment state, promo behavior, order timing, and support evidence. The exact scoring rules are not public because disclosure would help attackers avoid detection. Public account pages should not reveal exact risk signals, internal thresholds, or private network details.
20. Public surface minimization
Keyndo tries to keep private operational data away from public client surfaces. User-facing views should show only the data needed for account use, order review, delivery, and support. Exact security signals, internal admin notes, sensitive IP-related data, supplier details, and hidden fraud logic are intended to remain server-side.
21. Backups and incident recovery
Operational backups may contain account, order, balance, delivery, support, and security records from the time the backup was created. Backups are kept to recover the service after technical incidents and may not immediately reflect later deletion or correction requests until the normal backup lifecycle removes or overwrites the older copy.
22. Ledger retention limits deletion
Some store records must remain reliable even when a user asks to delete or close an account. Order identifiers, balance movements, reveal events, refund decisions, and fraud evidence may be retained because they are needed for accounting, dispute defense, abuse prevention, and consistency of the digital goods ledger.
23. Aggregated operational statistics
Keyndo may create aggregated statistics about catalog demand, checkout failures, delivery timing, support topics, locale usage, and abuse pressure. These statistics help improve the store and plan stock. They are not intended to identify a single buyer, although the underlying operational records may still be retained under this policy.