KeysBite
Privacy Notice

KeysBite — Privacy Policy

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit or use keysbite.com (the “Website”) and any related services (the “Services”). Some terms used here have the meaning given in our Terms & Conditions. We process personal data in accordance with the GDPR and applicable national laws.

1) About this notice

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit or use keysbite.com (the “Website”) and any related services (the “Services”). Some terms used here have the meaning given in our Terms & Conditions.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.

2) Scope — who this applies to

This notice applies to:

  • visitors who browse the Website,
  • users who create an Account, make purchases, post reviews, or contact support,
  • newsletter subscribers and individuals interacting with our forms.

If we provide additional information at the point of collection (e.g., a form-specific message), read it together with this notice.

3) Who we are (Controller)

For the purposes of the GDPR, the data controller is Asavei D. Andrei PFA (details above). We decide why and how your personal data is processed. You can contact us at contact@keysbite.com for any privacy request.

We do not appoint a Data Protection Officer at this time; you can still reach us using the contact above for all data-protection matters.

4) Categories of personal data we process

Depending on how you use the Website, we may process:

  • Identification & contact data: name (if provided), email address.
  • Account/profile data: login credentials (hashed), nickname/username, settings, review content.
  • Order & payment metadata: order details, totals, currency, payment status and identifiers from payment processors. We do not store card numbers—payments are handled by external processors.
  • Technical & device data: IP address, user agent, basic device info, logs for security/diagnostics.
  • Usage data: pages viewed, interactions, timestamps (for performance and abuse prevention).
  • Communications data: support tickets, emails, and any attachments you send us.
  • Marketing preferences: newsletter subscription status and related consent choices.

We may also process any information you choose to share with us in forms or support messages.

5) Where the data comes from

  • Directly from you (account creation, checkout, reviews, support).
  • Automatically via your browser when you access the Website (see “Cookies”).
  • From payment processors (payment confirmations, fraud screening signals).
  • From security/anti-abuse tools (e.g., reCAPTCHA events).

6) Why we use your data and legal bases

We only process personal data when a GDPR legal basis applies:

  • Contract (Art. 6(1)(b)) – to create/manage your Account, process Orders, deliver digital keys/codes, provide customer support.
  • Legal obligation (Art. 6(1)(c)) – invoicing, tax/accounting retention, responding to lawful requests.
  • Legitimate interests (Art. 6(1)(f)) – website and account security, fraud prevention, service improvement, handling general enquiries; we balance these interests against your rights.
  • Consent (Art. 6(1)(a)) – newsletter emails and optional analytics cookies (if you enable them). You can withdraw consent any time.

7) Cookies & similar technologies

We use essential cookies to run the Website (session, security, consent preferences) and optional analytics cookies to improve performance only with your consent. We do not use advertising cookies.

Details (names, lifetimes, providers) are described in our Cookies section (see T&C §24A / Cookie Settings). You can accept, reject, or customize at any time via Cookie Settings in the footer.

8) Sharing your data (recipients)

We share data only as necessary to provide the Services, with:

  • Payment processors (to handle payments and fraud prevention).
  • Hosting/CDN and infrastructure providers (to operate the Website).
  • Email/SMS and support tools (transactional messages, support communications).
  • Security/anti-abuse services (e.g., Google reCAPTCHA).
  • Professional advisors (accounting, legal) when needed.
  • Public authorities/courts when required by law.

Where we employ service providers acting on our behalf, they are processors bound by contracts to protect your data and act only on our instructions.

9) International transfers

Some recipients may be located outside the EEA/UK. When we transfer data internationally, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and additional technical/organizational measures where necessary. You may request more information about these safeguards.

10) Retention — how long we keep data

We keep personal data only as long as needed for the purposes in this notice, and to meet legal/operational requirements:

  • Account & order records: for the life of the account and for legal retention (e.g., tax/invoicing documents up to 10 years or as required by law).
  • Support tickets: up to 3 years after closure, unless a longer period is legally required.
  • Newsletter data: until you unsubscribe or we detect a hard bounce.
  • Security logs: for a limited period appropriate to security and audit purposes.

When retention periods expire, we securely delete or anonymize data.

11) Security

We apply appropriate technical and organizational measures to protect personal data, including encryption in transit, least-privilege access, hardened infrastructure, and regular patching/monitoring. No online system is perfectly secure, but we work to mitigate risks and respond to incidents.

12) Your rights (EU/EEA)

Subject to GDPR conditions and some limitations, you can:

  • Access your data and obtain a copy;
  • Rectify inaccurate or incomplete data;
  • Erase data (“right to be forgotten”);
  • Restrict processing;
  • Port data you provided to us, where technically feasible;
  • Object to processing based on legitimate interests (including profiling for those interests);
  • Withdraw consent at any time where processing is based on consent (e.g., newsletter, analytics cookies). Withdrawal does not affect processing already performed.

To exercise rights, email contact@keysbite.com. We may need to verify your identity before acting on a request.

You also have the right to complain to a supervisory authority. In Romania: ANSPDCP — or your local authority in the EU.

13) Children

Our Services are not directed to children. Do not use the Website if you do not have the legal capacity to contract under applicable law. If you believe a child has provided personal data, contact us and we will take appropriate steps.

14) Automated decision-making

We do not make decisions producing legal or similarly significant effects solely by automated means. We may use automated tools (e.g., fraud signals), but final decisions involve human review where required.

15) How to contact us

For privacy requests or questions, email contact@keysbite.com or write to: Asavei D. Andrei PFA, Strada Teiului nr. 150, Cut, Neamț, Romania.

16) Changes to this Privacy Policy

We may update this notice from time to time (e.g., if our services, providers, or laws change). We will post the updated version and, where appropriate, notify you in advance (e.g., on-site message and/or email). Continued use after the effective date means you acknowledge the updated notice.

Back to top ↑