Patina NFT Shop Patina NFT Shop

Privacy Policy

This Privacy Policy explains how Patina NFT Shop ("we", "us", "the Platform") collects, uses, discloses, and protects information about visitors and registered users ("you") of this website. By using the Platform, you agree to the practices described here. If you do not agree, please do not use the Platform.

1. Who we are

Patina NFT Shop operates this website as a storefront for pre-minted, non-fungible tokens (NFTs). Payments are processed in fiat currency by card; the underlying NFT is transferred manually by our team after payment clears. [Operator legal name, registration number, and registered address to be inserted here once the operating entity is registered.]

2. Information we collect

We collect only the information needed to run an NFT storefront and to comply with our legal obligations:

  • Account data — the email address you register with and your password. Your password is never stored in plain text; it is hashed before it touches our database.
  • Profile data — the public EVM wallet address (0x...) you add to your profile, used as the default delivery address for NFTs you purchase.
  • Order data — the lot purchased, the price paid, the delivery wallet address for that order, the order status, and, once your NFT ships, the on-chain transaction hash.
  • Payment data — we do not collect or store your card number, expiry date, or CVV. Card details are entered directly on our payment processor's own page and are handled entirely under that processor's security controls; we only receive a payment confirmation and a payment reference ID.
  • Technical data — IP address, browser and device information, and cookies. See the Cookies section below.

3. Why we process your data

We rely on the following legal bases, as applicable in your jurisdiction:

  • Performance of a contract — to create your account, process an order, and deliver the NFT you purchased.
  • Legal obligation — to keep order and payment records for accounting, tax, and fraud-prevention purposes.
  • Legitimate interest — to keep the Platform secure, prevent abuse, and improve the service.
  • Consent — for optional cookies (analytics, marketing) and any marketing communications, which you can withdraw at any time.

4. How we protect your data

Sensitive personal fields — your email address and wallet address — are encrypted at rest using strong, industry-standard encryption, separate from the key used to encrypt other application data. Passwords are hashed, never encrypted or stored as plain text. Access to production data is restricted to personnel who need it to operate the Platform.

5. Cookies

We use strictly necessary cookies (session, CSRF protection, and your cookie-consent choice itself) at all times — the site cannot function without them. Functional, analytics, and marketing cookies are only set with your consent, which you can give, refuse, or change at any time via the "Cookie Settings" link in the site footer.

6. Who we share data with

We share the minimum data necessary with:

  • Our payment processor, to charge your card and confirm payment;
  • Our email delivery provider, to send transactional emails (e.g. order-shipped notifications);
  • The public blockchain — once an NFT is transferred, the transaction (sender address, recipient address, token ID) is publicly visible on-chain by design; that is how NFTs work and is not something we can make private.

We do not sell your personal data to third parties.

7. International transfers

If we transfer your data outside your country of residence (for example, to a service provider located elsewhere), we take reasonable steps to ensure it receives an equivalent level of protection, using contractual or other safeguards recognised under applicable data protection law.

8. How long we keep your data

We keep account and order data for as long as your account is active, and afterwards for as long as required to meet our accounting, tax, and legal obligations. You may request deletion of your account at any time, subject to records we are legally required to retain.

9. Your rights

Depending on where you live, you may have the right to: access the personal data we hold about you; correct inaccurate data; request erasure; restrict or object to processing; receive a portable copy of your data; and withdraw consent at any time without affecting past processing. To exercise any of these rights, contact us using the details below. You also have the right to lodge a complaint with your local data protection authority.

10. Children

The Platform is not directed at, and is not intended for use by, anyone under the age of 18. We do not knowingly collect data from minors.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "last modified" date on this page. Continued use of the Platform after changes take effect constitutes acceptance of the revised policy.

12. Contact us

Questions about this policy or your data can be sent to [insert contact/support email].

🍪 We use cookies. Strictly necessary cookies are always on. Everything else runs only with your consent. Learn more