Privacy Policy

Last updated: February 25, 2026

1. Introduction

PyVendr (https://PyVendr.ddns.net) is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it.

2. Data We Collect

We collect only the minimum data necessary to provide our service:

  • Account data: Email address, name (optional), hashed password
  • Order data: Purchase history, payment amounts, Stripe payment IDs
  • Session data: Session token hash, IP address, user agent (for security)
  • 2FA data: Encrypted TOTP secret (AES-256-GCM) if you enable two-factor authentication

3. Data We Do NOT Collect

  • We do not use analytics trackers, ad networks, or third-party cookies
  • We do not sell, rent, or share your personal data with third parties
  • We do not store your payment card details (handled entirely by Stripe)
  • We do not track your browsing behavior across other websites

4. How We Use Your Data

  • Process purchases and deliver download links
  • Authenticate your account and manage sessions
  • Send order confirmations and download access emails
  • Prevent fraud and abuse

5. Data Security

We take security seriously:

  • Passwords are hashed with bcrypt (12 rounds)
  • TOTP secrets are encrypted with AES-256-GCM with key versioning
  • Sessions use JWT tokens with SHA-256 hashed storage
  • All traffic is encrypted via TLS 1.2/1.3
  • Database access uses least-privilege roles with connection limits
  • API inputs are validated with Zod schemas
  • Sensitive data is redacted from all logs

6. Third-Party Services

We use Stripe for payment processing. When you make a purchase, your payment details are handled directly by Stripe under their privacy policy. We never see or store your card number.

7. Data Retention

Account data and order history are retained for as long as your account exists. Session records are automatically deleted after expiration (7 days). You may request deletion of your account and associated data at any time by contacting us.

8. Your Rights

You have the right to:

  • Access your personal data (via your account page)
  • Correct inaccurate data
  • Request deletion of your account and data
  • Export your data

To exercise these rights, contact us at hello@pyvendr.com.

9. Changes

We may update this policy as our practices evolve. Material changes will be communicated via email or a notice on the website. Continued use after changes constitutes acceptance.

10. Contact

Privacy questions? Contact us at hello@pyvendr.com.