PRIVACY POLICY

This Privacy Policy explains how we collect, use, disclose, retain and protect personal data when you use mrcoda.com to purchase and receive digital products, including:

• Digital gift codes
• Stored value vouchers
• Game currency codes

Our core business activity is the online sale of digital gift codes via our website.

Last updated: May 23, 2026. This notice applies to data processed on or after May 23, 2026, and to records we lawfully retain for orders, support, fraud prevention, verification, delivery evidence, and payment dispute response.

We collect only what is necessary to operate the service, deliver digital products, prevent fraud, respond to support requests, handle refunds and payment disputes, and meet legal obligations.

• Account data: Name, email address, contact number, account ID, account status, and login-related records
• Order and transaction data: Order ID, product description, purchase timestamp, payment status, refund status, account balance records, and transaction references
• Payment metadata: Payment processor transaction IDs, PaymentIntent or Charge ID, payment method type, masked card details such as last four digits, card brand, CVC/AVS result where available, 3D Secure result, Electronic Commerce Indicator (ECI), and authentication status
• Checkout consent records: Consent checkbox status, consent text version, acceptance timestamp, IP address, and browser/user agent recorded at checkout
• Delivery and fulfillment records: Delivery timestamp, delivery destination, account ID, user ID, server, region, phone number, email address, supplier fulfillment status, email delivery status, and related order logs
• Service and security logs: IP address, device/browser information, user agent, access logs, fraud/risk signals, and security events
• Support, refund, and dispute records: Customer messages, screenshots, refund requests, dispute evidence, chargeback materials, and case outcomes
• Support ticket activity records: Ticket message timestamps, read status, message IDs, related order references, verification request status, IP address, browser/user agent, and customer replies
• Balance data: Account balance transactions, deposits, usage, refunds to balance, expiration records, and forfeiture records where applicable

We maintain an account balance ledger for customer purchases on mrcoda.com. Account balances are not e-money, bank deposits, or regulated stored-value instruments. Balances cannot be withdrawn, transferred to third parties, or converted to cash.

We do not intentionally collect special category data. If such data is received inadvertently, we protect and handle it under applicable law and our policies.

Security Verification Screenshots

If an order is selected for security verification, we may request a redacted screenshot from your bank app or card statement showing the MRCODA transaction, amount, date, and the last 4 digits of the card. You should hide unrelated private information.

You must not send full card numbers, CVC codes, passwords, login credentials, identity documents, selfies, bank balances, private conversations, or unrelated transactions unless specifically required by a regulated verification provider.

• Directly from you – Account creation, checkout, support requests, refund requests, and communications with us
• Automatically via our systems – Security logs, checkout logs, IP address, device/browser information, consent records, and account access logs
• From payment processors – Payment status, transaction references, authentication results, 3D Secure metadata, refund status, fraud/risk signals, and dispute events
• From fulfillment providers and suppliers – Delivery status, fulfillment confirmation, supplier references, and product delivery details
• From service providers – Hosting, security, fraud prevention, email delivery, analytics, customer support, and logging services

We use essential cookies to operate the site and, where applicable, non-essential cookies (e.g., analytics) with opt-in controls for EU users.

Our cookie banner and notice are reviewed semi-annually.

We may share personal data where necessary with:

• Payment processors, banks, card networks, and wallet providers – For payment authorization, 3D Secure authentication, refunds, fraud prevention, chargeback handling, and dispute response
• Fulfillment providers and suppliers – To deliver digital codes, top-ups, vouchers, and similar digital products
• Service providers – Hosting, security, fraud prevention, email delivery, logging, monitoring, analytics, and customer support providers under appropriate contractual safeguards
• Authorities and legal parties – Where legally required or where necessary to protect rights, safety, security, prevent fraud, or respond to lawful requests
• Corporate transactions – Merger, acquisition, restructuring, or sale of assets, with appropriate safeguards and notice where required

Our architecture routes card data directly through the PCI-compliant payment provider. We receive tokens, transaction references, masked card details, and authentication metadata only.

Our primary operating location is the United States. We may transfer data internationally using appropriate safeguards (e.g., standard contractual clauses) when required by law.

We maintain layered technical and organizational controls, including:

We retain data only as long as necessary for the purposes described in this policy, including order fulfillment, customer support, fraud prevention, payment processing, refunds, dispute response, legal compliance, tax, and accounting obligations.

After applicable retention periods, data is securely deleted or anonymized unless we are legally required or reasonably permitted to retain it longer.

Depending on your location, you may have the following rights:

Age Restriction

Our services are intended solely for individuals who are at least 18 years of age or the age of legal majority in their jurisdiction, whichever is higher. Our website and services are not directed to children under 18.

No Knowing Collection

We do not knowingly collect, use, or disclose personal data from individuals under 18 years of age. We do not knowingly sell or share personal information of minors.

Parental Notification

If you are a parent or legal guardian and believe that your child has:

• Created an account on mrcoda.com
• Provided personal information to us
• Made a purchase without your authorization

Please contact us immediately at [email protected]. Upon verification, we will:

• Delete the child’s personal data from our systems
• Terminate the associated account
• Cancel any pending orders
• Process refunds where appropriate and legally required

Parental Responsibility

Parents and guardians are responsible for supervising their children’s online activities. We are not liable for any unauthorized use of our services by minors or for any purchases made by minors without parental consent.

If you have concerns about our handling of personal data, please contact us first.

You may also have the right to lodge a complaint with a supervisory authority in your country of residence.

We may update this notice from time to time. Material changes will be posted here with a new effective date.