This policy explains how Dupe Hacking ("we") processes personal data under the EU GDPR. Data controller: [Dupe Hacking — legal entity, address, VAT]. Contact: hello@dupehacking.com.
Data we collect
- Account: name, email, hashed password (or Google sign-in identifier).
- Purchases: which formulas you unlocked, amount, status — payment card data is handled entirely by Stripe; we never see it.
- Usage: favorites, recent searches, and technical logs.
Why we use it & legal basis
To provide your account and unlocked formulas (
performance of a contract); to secure and improve the service (
legitimate interest); to send the weekly new-releases email only if you opted in (
consent, withdrawable anytime).
Processors & third parties
Stripe (payments), Resend (transactional & opt-in email), our hosting provider, and OpenAI (only the text you type into the AI assistant/chat is processed to answer you — never your identity). These may process data outside the EU under Standard Contractual Clauses.
Retention
Account data for as long as your account exists; purchase records as required by tax law; logs for a limited period. You can request deletion at any time.
Your rights
Access, rectification, erasure, restriction, portability and objection. Email
hello@dupehacking.com. You may also lodge a complaint with your local authority (in Italy, the Garante per la protezione dei dati personali).
Cookies
We use only essential cookies (see the Cookie Policy). No tracking or advertising cookies.
Security & children
Passwords are hashed; sensitive data is served only after authorization. The service is not intended for anyone under 16.
Changes
We may update this policy; the date above reflects the latest version.