Chính sách Bảo mật

1. Overview

This Privacy Policy explains how Microbe Studio (the “Company”) collects, uses and protects your information when you use Microbe Studio (the “Service”). We collect only what we need to operate the Service, process your purchases and keep your account secure.

2. Information we collect

• Account information — username, email address and password (stored only as a salted hash).
• Purchase and wallet information — Token balance, orders, entitlements and the transaction history of your wallet.
• Payment information — when you pay to top up Tokens, payment is handled by Paddle; we receive confirmation and limited transaction details, but we never see or store your full card number.
• Device and license information — device identifiers you register to bind licenses, plus license activation and heartbeat data.
• Usage and technical data — log data such as IP address, request metadata and audit events used for security and troubleshooting.

3. How we use information

• to provide, maintain and secure the Service;
• to process Token purchases, License Packages and Protected Flow orders, and to deliver entitlements to your account and devices;
• to enforce licensing limits, prevent fraud and abuse, and keep an audit trail;
• to respond to your requests and provide support;
• to comply with legal obligations.

4. Payment processing

Online payments are processed by Paddle, our authorised reseller and Merchant of Record. Your payment is subject to Paddle's own privacy policy and terms. We use the confirmation we receive to credit your wallet and to keep a record of your order.

5. Cookies and sessions

The web portal uses a strictly necessary session cookie to keep you signed in and to protect forms against cross-site request forgery, and a preference cookie to remember your chosen language. We do not use these for advertising.

6. How we share information

We do not sell your personal information. We share it only with service providers that help us operate the Service (such as our payment provider and cloud hosting/storage), and only as needed for them to perform their function, or where required by law.

7. Data retention

We keep your information for as long as your account is active and as needed to provide the Service. Some records — such as order, wallet and audit history — are retained longer where required for security, accounting or legal purposes.

8. Data security

We use reasonable technical and organisational measures to protect your information, including hashed passwords, encrypted transport (HTTPS) and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal information, and you may object to or restrict certain processing. To exercise these rights, contact us at [email protected].

10. International transfers and children

Your information may be processed in countries other than your own. Where it is transferred, we take steps to ensure an appropriate level of protection. The Service is not directed to children, and we do not knowingly collect personal information from children.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Changes are indicated by updating the “Last updated” date on this page.

12. Contact

For privacy questions or requests, contact us at [email protected].