Privacy Policy

Last updated: 3 June 2025

1. Who We Are

Crack The Gift Ltd (“we”, “us”, “our”) is an Irish-registered company that operates the website crackthegift.com. We are the data controller responsible for your personal data under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Acts 1988–2018.

You can contact us at: crackthegift.info@gmail.com

2. Data We Collect

We collect the following categories of personal data:

  • Payment information: When you purchase a game, your payment is processed by Stripe. We do not store your card details. Stripe provides us with a transaction reference, the amount paid, and your email address where you supply it during checkout.
  • Game content: Text, words, clues, messages, and any images you upload when customising a game. This content may contain personal information about you or third parties.
  • Technical data: IP address, browser type, device type, pages visited, and timestamps, collected automatically via server logs and analytics tools.
  • Communications: If you contact us by email, we retain those communications.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Contract (Art. 6(1)(b)): Processing necessary to fulfil your purchase and deliver the game service.
  • Legal obligation (Art. 6(1)(c)): Retaining transaction records as required by Irish tax and company law.
  • Legitimate interests (Art. 6(1)(f)): Improving our service, detecting fraud, and maintaining platform security.
  • Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for non-essential cookies or marketing communications. You may withdraw consent at any time.

4. How We Use Your Data

  • To process payments and deliver your purchased game
  • To store and serve your customised game content
  • To respond to support queries
  • To comply with our legal and tax obligations
  • To detect and prevent fraud or abuse of our platform
  • To analyse usage patterns and improve our service

5. Third-Party Processors

We use the following third-party processors who may handle your personal data on our behalf. Each operates under appropriate data processing agreements and adequacy mechanisms:

  • Stripe, Inc. – Payment processing. Data may be transferred to the United States under Standard Contractual Clauses. See stripe.com/ie/privacy.
  • Supabase, Inc. – Database and file storage. Data is stored on infrastructure located within the EU where configured. See supabase.com/privacy.
  • Vercel, Inc. – Website hosting and analytics. See vercel.com/legal/privacy-policy.

We do not sell your personal data to any third party.

6. Cookies

We use cookies and similar technologies on our website. These fall into the following categories:

  • Strictly necessary cookies: Required for the website to function (e.g. session management, security). These do not require your consent under the ePrivacy Regulations 2011 (S.I. No. 336 of 2011).
  • Analytics cookies: Used to understand how visitors use our site (via Vercel Analytics). We obtain your consent before placing these cookies.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the site.

7. Data Retention

We retain your data for the following periods:

  • Transaction and payment records: 7 years, as required by Irish tax law (Taxes Consolidation Act 1997).
  • Game content: For the duration of the game’s active period, then deleted within 90 days unless you request earlier deletion.
  • Technical/log data: Up to 12 months.
  • Support communications: 2 years from the date of last contact.

8. Your Rights

Under GDPR and the Data Protection Acts 1988–2018, you have the following rights in respect of your personal data:

  • Right of access (Art. 15): Request a copy of the data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your data where there is no lawful basis for continued processing.
  • Right to restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at crackthegift.info@gmail.com. We will respond within one month as required by GDPR.

9. Children’s Privacy

Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Transfers

Some of our third-party processors are based outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including Standard Contractual Clauses approved by the European Commission.

11. How to Make a Complaint

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC):

  • Website: www.dataprotection.ie
  • Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28
  • Phone: +353 57 868 4800

We would, however, appreciate the opportunity to address your concerns before you contact the DPC.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or, where appropriate, by email. The “last updated” date at the top of this page indicates when the policy was last revised.