Privacy Policy

We collect information necessary to operate the Platform, process transactions, prevent fraud, and improve our services. The categories of information we collect include:

We process your personal information on the following legal grounds:

• •Contract performance — Processing necessary to fulfill our obligations to you when you place an order, sell a product, or use our services
• •Legitimate interests — Processing necessary for fraud prevention, Platform security, service improvement, and business operations, where these interests are not overridden by your rights
• •Consent — Processing based on your explicit consent, such as marketing communications and newsletter subscriptions. You may withdraw consent at any time.
• •Legal obligation — Processing required to comply with applicable laws, tax requirements, or lawful requests from governmental authorities

We use the information we collect for the following purposes:

• •Transaction fulfillment — Process and deliver your orders, facilitate services, coordinate between buyers and sellers, and manage consignment arrangements
• •Identity verification and fraud prevention — Verify your identity, screen transactions for fraud, detect unauthorized or suspicious activity, and protect the Platform and its users
• •Communication — Send order confirmations, delivery notifications, service updates, support responses, and account-related alerts via email, Discord, or other channels
• •Marketing (with consent) — Send promotional offers, newsletter content, and product announcements. You may opt out at any time via your account settings or by contacting us directly.
• •Platform improvement — Analyze usage patterns, diagnose technical issues, improve site performance, and develop new features
• •Dispute resolution — Investigate complaints, mediate disputes between users, and enforce our Terms of Service
• •Legal compliance — Comply with applicable laws, regulations, tax obligations, and respond to lawful legal processes

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• •Service providers and processors — Trusted third-party services that assist us in operating the Platform, including payment processors (Stripe), email delivery services (Resend), cloud hosting and storage providers (Vercel), and analytics tools. These providers are contractually obligated to use your data only for the purposes of providing services to us and are bound by confidentiality obligations.
• •Transaction counterparties — Strictly limited information necessary to complete a transaction between buyer and seller (e.g., delivery coordination). We do not share unnecessary personal details between parties.
• •Legal and regulatory requirements — When required by applicable law, regulation, court order, subpoena, or governmental authority. We may also disclose information when we believe in good faith that disclosure is necessary to protect the rights, safety, or property of AccountShark, our users, or the public.
• •Fraud prevention and enforcement — Sharing data with fraud detection services, law enforcement, or other parties when investigating suspected fraud, chargebacks, or violations of our Terms of Service
• •Business transfers — In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

We implement industry-standard technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

• ✓All data transmitted between your browser and our servers is encrypted using HTTPS/TLS protocols
• ✓Authentication is handled through secure OAuth providers — AccountShark does not store passwords
• ✓Payment card data is processed and stored exclusively by PCI DSS-compliant payment processors and never touches our servers
• ✓Sensitive credentials are encrypted at rest and access is restricted to authorized personnel on a strict need-to-know basis
• ✓Regular security reviews and monitoring for unauthorized access or suspicious activity
• ✓Database access controls, role-based permissions, and audit logging for administrative actions

While we take every reasonable precaution, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that affects your personal information, we will notify affected users promptly and take immediate steps to mitigate the impact.

The Platform uses cookies and similar tracking technologies. A cookie is a small data file placed on your device that allows us to recognize your browser and capture certain information.

• •Strictly necessary cookies — Required for the Platform to function. These maintain your authentication session, remember your cart, and enable core functionality. These cannot be disabled without breaking the Platform.
• •Functional cookies — Remember your preferences, language settings, and other choices you make to provide a personalized experience
• •Analytics cookies — Help us understand how visitors interact with the Platform by collecting anonymous usage statistics. This data is aggregated and does not personally identify you.

You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, disabling strictly necessary cookies will impair your ability to use the Platform. We do not use advertising or third-party tracking cookies for targeted advertising purposes.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention practices are as follows:

• •Account data — Retained for as long as your account remains active. After account deletion, we retain a minimal set of data for up to 12 months to resolve any pending disputes, prevent re-registration fraud, and comply with legal obligations.
• •Transaction records — Retained for a minimum of 5 years as required by financial record-keeping and tax regulations
• •Credentials and sensitive data — Deleted or purged from our systems within a reasonable period after the transaction is complete and any applicable warranty period has expired
• •Communications — Support conversations and dispute records are retained for quality assurance, training, and dispute resolution purposes
• •Analytics data — Aggregated, anonymized usage data may be retained indefinitely as it does not personally identify you

You may request deletion of your account and associated personal data by contacting our support team. We will process your request within 30 days, subject to any legal retention requirements.

Depending on your jurisdiction (including rights under the GDPR, CCPA/CPRA, and other applicable privacy laws), you may have the following rights regarding your personal information:

• •Right to access — Request a copy of the personal data we hold about you, including the categories of data collected, the purposes of processing, and any third parties with whom it has been shared
• •Right to rectification — Request correction of inaccurate or incomplete personal data
• •Right to erasure — Request deletion of your personal data, subject to legal retention requirements and legitimate business needs
• •Right to restrict processing — Request that we limit the processing of your personal data under certain circumstances
• •Right to data portability — Request your personal data in a structured, commonly-used, machine-readable format where technically feasible
• •Right to object — Object to processing based on legitimate interests or for direct marketing purposes
• •Right to withdraw consent — Withdraw previously given consent at any time, without affecting the lawfulness of processing prior to withdrawal
• •Right to opt out of sale (CCPA) — We do not sell your personal information. However, if you are a California resident, you have the right to confirm this and request disclosure of data practices.

To exercise any of these rights, contact us through the channels listed below. We will verify your identity before processing any request and will respond within 30 days. We will not discriminate against you for exercising any of these rights.

AccountShark operates from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.

By using the Platform, you consent to the transfer of your information to the United States and other jurisdictions as described in this policy. Where required by applicable law, we ensure appropriate safeguards are in place for international data transfers.

The Platform is not intended for individuals under the age of 18. We do not knowingly collect, solicit, or maintain personal information from anyone under 18 years of age. If we become aware that we have collected personal information from a minor, we will take immediate steps to delete that information and terminate the associated account. If you believe a minor has provided us with personal information, please contact us immediately.

The Platform may contain links to third-party websites, services, or applications, including but not limited to Discord, game publisher websites, and payment provider portals. These third-party services operate independently and have their own privacy policies and terms of use.

AccountShark is not responsible for the privacy practices, content, or security of any third-party service. We strongly encourage you to review the privacy policy of every third-party service you interact with. Providing your information to a third-party service is at your own risk.

Some browsers transmit “Do Not Track” (DNT) signals to websites. There is currently no universally accepted standard for how websites should respond to DNT signals. At this time, the Platform does not respond to DNT signals. However, we do not engage in cross-site tracking for advertising purposes.

AccountShark reserves the right to update or modify this Privacy Policy at any time, with or without prior notice. Changes are effective immediately upon posting to the Platform. The “Last updated” date at the top of this page indicates when the policy was most recently revised.

It is your sole responsibility to review this Privacy Policy periodically and stay informed of any changes. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy. If we make material changes that significantly affect how we handle your personal information, we will make reasonable efforts to notify you via email or a prominent notice on the Platform.