Legal

Privacy Policy

Last updated: May 22, 2026

1. Introduction

Cyno.gg ("we", "our", or "us") operates the website and services at https://cyno.gg. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable laws.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.

2. Data Controller

Cyno.gg is the data controller responsible for your personal data.
Contact: support@cyno.gg

3. Information We Collect

We collect the following categories of personal data:

  • Account Information: Email address, username, password (hashed with bcrypt), profile data
  • Hardware Identifiers (HWID): Unique hardware signatures used for device binding and license enforcement
  • Payment Information: Processed securely through Stripe and NOWPayments. We do not store raw credit card numbers.
  • Usage Data: IP addresses, browser type, device type, access times, pages visited, crash reports
  • Communication Data: Support tickets, messages between users, forum posts
  • Authentication Data: Session tokens, JWT claims, 2FA/TOTP secrets (encrypted)
  • Technical Logs: Server logs including IP addresses, request timestamps, and user agent strings

4. How We Use Your Data

  • Provide, maintain, and improve our services
  • Process payments and manage subscriptions
  • Authenticate users and enforce license restrictions (HWID binding)
  • Detect and prevent fraud, abuse, and security threats
  • Respond to support requests and communicate with you
  • Monitor service status and performance
  • Comply with legal obligations

5. Legal Basis for Processing (GDPR)

  • Contractual necessity: Processing required to provide our services under our Terms of Service
  • Legitimate interests: Security, fraud prevention, service improvement
  • Consent: Cookie usage, marketing communications (where applicable)
  • Legal obligation: Compliance with applicable laws and regulations

6. Data Sharing and Third Parties

We share your data only with the following third-party service providers, each bound by data processing agreements:

  • Stripe, Inc. – Payment processing (PCI DSS compliant)
  • NOWPayments – Cryptocurrency payment processing
  • Google LLC – Font delivery (fonts.googleapis.com, fonts.gstatic.com)
  • Hosting providers – Infrastructure hosting and CDN services

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Upon account deletion, we will erase your personal data within 30 days, except where retention is required by law (e.g., tax records, payment transaction logs).

8. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Opt-Out (CCPA): Opt out of the "sale" of personal information (we do not sell data)
  • Non-Discrimination (CCPA): We will not discriminate against you for exercising your rights

To exercise any of these rights, contact us at support@cyno.gg. We will respond within 30 days.

9. Cookies

We use the following types of cookies:

  • Essential cookies: Session authentication (httpOnly, SameSite), CSRF tokens. These cannot be disabled as they are required for security.
  • Functional cookies: User preferences (theme, settings)
  • Analytics cookies: Used to understand how visitors interact with our website (if analytics are enabled)

You can manage cookie preferences through our Cookie Consent Banner or your browser settings.

10. Security Measures

We implement industry-standard security measures to protect your data:

  • TLS 1.2/1.3 encryption for all data in transit
  • AES-256-GCM encryption for sensitive data at rest
  • bcrypt password hashing (cost factor 10)
  • HTTP security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options)
  • Rate limiting and brute-force protection
  • CSRF protection via double-submit cookie pattern
  • Input validation and sanitization on all endpoints

11. International Data Transfers

Your data may be processed in countries outside your country of residence. We ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with this policy.

12. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

15. Supervisory Authority (GDPR)

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with a data protection authority in your country. A list of EU data protection authorities is available at edpb.europa.eu.