Privacy Policy

1. Introduction

Crusher Inc OÜ (trading as "Pounding Systems") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, software products, and services.

As a company registered in Estonia (European Union), we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide

When you create an account or make a purchase, we collect:

• Account Information: Email address, name, and password (encrypted).
• Transaction Information: Purchase history and license activations.
• Communications: Any correspondence you send to us via email or support channels.

3.2 Information Collected Automatically

When you visit our website, we automatically collect:

• Usage Data: Pages visited, time spent, clicks, and navigation patterns.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Location Data: Approximate location based on IP address (country/region level).

3.3 Information from Third Parties

We may receive information from our payment processor (Moonbase) related to your transactions, such as payment confirmation and billing country.

4. How We Use Your Information

We use your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our software and services.
• Account Management: To create and manage your account, process purchases, and deliver licenses.
• Communication: To respond to inquiries, provide customer support, and send important updates about your purchases.
• Analytics: To understand how our website and products are used and to improve user experience.
• Legal Compliance: To comply with legal obligations and protect our rights.

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contract with you (e.g., delivering software licenses).
• Legitimate Interests: Processing for our legitimate business interests (e.g., analytics, fraud prevention).
• Consent: Where you have given consent (e.g., marketing communications).
• Legal Obligation: Processing required to comply with legal requirements.

6. Third-Party Services

We work with trusted third-party service providers to operate our business:

6.1 Moonbase (Payment Processing)

We use Moonbase to process payments and manage software licensing. When you make a purchase, Moonbase collects payment information directly. We do not store your credit card details. Please review Moonbase's privacy policy for information about their data practices.

6.2 Google Analytics

We use Google Analytics 4 to analyze website traffic and user behavior. Google Analytics collects information such as your IP address (anonymized), browser type, pages visited, and time spent on our site. This data is used to improve our website and understand our audience.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

7. Cookies

Our website uses cookies and similar technologies to:

• Essential Cookies: Required for the website to function (e.g., authentication, shopping cart).
• Analytics Cookies: Used by Google Analytics to understand website usage.

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality.

8. Data Retention

We retain your personal data for as long as necessary to:

• Provide our services and maintain your account.
• Comply with legal obligations (e.g., tax and accounting requirements).
• Resolve disputes and enforce our agreements.

Account data is retained as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law.

9. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request limitation of how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at mail@pounding.systems. We will respond to your request within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit using TLS/SSL.
• Secure password hashing.
• Regular security assessments.
• Access controls limiting data access to authorized personnel.

11. International Data Transfers

Your data may be processed by our service providers located outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission.
• Adequacy decisions by the European Commission.
• Other legally recognized transfer mechanisms.

12. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

15. Supervisory Authority

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with a supervisory authority. For Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).