TERMS OF USE

These Terms govern your access to and use of mrcoda.com and the purchase and electronic delivery of digital products (including digital gift codes, stored-value vouchers, game currency and similar items) to consumers and, where separately agreed in writing, to business customers.

By creating an account, placing an order or using the site, you accept these Terms. Our Privacy Policy (including our Cookie Notice) form part of this agreement.

Prices are shown at checkout in the indicated currency and may include or exclude applicable taxes depending on your location.

Your issuing bank or payment provider may apply exchange rates and fees.

How Your Card is Processed

Card payments are processed by a PCI DSS Level 1–compliant gateway. Card data is entered on the provider’s secure page and does not pass through our servers; we receive only payment tokens and masked PAN (last four digits) as needed for records. We do not store full PAN or sensitive authentication data.

Our PCI SAQ and Testing Posture

Because we use a hosted payment page/hosted fields, we validate annually using SAQ A (SAQ A-EP would apply only if the integration changes to on-site JS posting directly to the provider). We conduct quarterly external ASV scans and annual penetration tests and keep remediation evidence.

Technical Safeguards (Summary)

• We enforce HTTPS/TLS for all web and API traffic and disable weak ciphers
• Sensitive data at rest is encrypted
• Passwords are stored as salted cryptographic hashes
• We never log sensitive card authentication data
• Payment flows route card data directly to the PCI-compliant gateway

Digital items are delivered electronically to your account area and/or to your registered email after the payment is authorized.

On rare occasions we may delay delivery for fraud checks, regulatory screening, publisher/platform restrictions or technical issues.

If an order cannot be fulfilled, we will cancel and, where applicable, refund to the original payment method.

You may not:

• Use stolen or unauthorized payment instruments
• Resell codes without a written reseller agreement
• Bypass technical or regional restrictions
• Violate platform/publisher terms
• Engage in money-laundering, sanctions violations or fraudulent activity
• Deploy bots or malicious automation

These restrictions mirror our internal acceptable-use and access-control requirements.

We may request identity verification or other documentation to prevent fraud and comply with AML, KYC and sanctions laws.

We may decline or cancel orders where legally required or where risk thresholds are exceeded.

We collect only what we need to operate the service and meet legal obligations—typically your name, email address, contact number, transaction metadata (order ID, timestamp, payment status) and service logs (IP address, device identifiers).

We do not store full card numbers or sensitive authentication data; we receive tokens and last four digits only.

Data Retention Periods:

• Customer account data: active period + 24 months
• Transaction records (no full PAN): 7 years
• Support tickets: 24 months
• IP/device logs: 12 months

After these periods, data is securely deleted or anonymized. We honor data-subject requests within statutory timeframes (e.g., GDPR/CCPA) after verifying identity.

We maintain layered security controls including MFA for sensitive access, least-privilege authorization, logging/monitoring and vulnerability management.

We run backups (off-site and encrypted) and conduct restore tests as part of business continuity.

Digital items are redeemed on third-party platforms that have their own rules, regional restrictions and availability windows. We are not responsible for third-party outages or changes, though we will provide reasonable support in good faith.

Site content is owned by us or our licensors. Digital products are licensed for personal, non-transferable use unless otherwise stated. Resale and commercial exploitation require a written B2B agreement.

The service and digital items are provided “as is” and “as available.” To the extent permitted by law, we disclaim implied warranties of merchantability, fitness for a particular purpose and non-infringement.

We are not liable for indirect, incidental, special or consequential damages. Our total liability for direct losses is limited to the total amount you paid to us for the affected order in the preceding three (3) months. Mandatory consumer rights are not limited by this section.

You agree to indemnify and hold us harmless from claims and expenses arising from your violation of these Terms, unlawful use of the service, or misuse of digital items.

Bulk purchases, special pricing, API use, credit terms and resale rights apply only where a separate written agreement is executed. Late payments may incur interest and recovery costs per that agreement.

B2B Credits and Prepayments

For business customers under a separate written agreement, we may apply invoice credits, prepayments, or deposits against future invoices. These amounts are not consumer stored value, are not usable by end users on the site, and are not redeemable for cash except as expressly provided in the B2B agreement or required by law. Card-funded top-ups are not accepted for any B2B balance unless explicitly agreed in writing.

You must comply with applicable export control and sanctions rules. We may restrict or cancel orders where required by law.

We maintain a business continuity and disaster recovery program, including RTO/RPO targets and tested backup/restore procedures.

These Terms are governed by the laws of the State of Delaware (conflict-of-laws principles excluded). Disputes should first be addressed through good-faith negotiations for 30 days; failing that, the competent Delaware courts shall have jurisdiction unless the parties agree to arbitration.

We may update these Terms from time to time. Material changes will be posted on the site with a new effective date.