Privacy Policy

Introduction

At NOVA IMPACT LTD (trading as Bounce Checker), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

1. Data We Collect

1.1 Information You Provide Directly

• Account Information: Name, email address, username, password (encrypted)
• Billing Information: Billing address, payment method details (processed by third-party payment processors)
• Purchase Information: Order history, transaction records, invoices, payment confirmations, policy acceptance records, checkout timestamps, IP addresses at time of purchase, license activation records, download timestamps
• Communication Data: Customer support inquiries, feedback, survey responses, email correspondence
• Profile Information: Any additional information you choose to provide in your account profile

1.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, device type, operating system, screen resolution
• Usage Data: Pages visited, features used, time spent, click patterns, navigation paths
• Device Information: Device identifiers, language preferences, timezone
• Log Data: Server logs, error reports, performance data
• Cookies and Similar Technologies: See our Cookie Policy for details

2. How We Use Your Data

2.1 Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)): To provide our services, process purchases, and fulfill our contractual obligations
• Legitimate Interest (Article 6(1)(f)): To improve our services, ensure security, communicate with you about updates, prevent fraud and chargebacks, defend against false refund claims and payment disputes, maintain evidence of policy acceptance and informed consent, and protect our business from financial harm due to fraudulent transactions. Our legitimate interests have been balanced against your rights and freedoms through a Legitimate Interests Assessment (LIA), ensuring your privacy is protected while allowing us to operate our business effectively and prevent fraud.
• Legal Obligation (Article 6(1)(c)): To comply with tax, accounting, and legal requirements
• Consent (Article 6(1)(a)): For marketing communications (you can withdraw consent at any time)

2.2 Specific Purposes

• Service Delivery: Process your purchase, deliver the software, provide license keys
• Account Management: Create and manage your account, authenticate users, process payments
• Customer Support: Respond to inquiries, provide technical assistance, resolve issues
• Communication: Send transactional emails (receipts, order confirmations, important updates)
• Improvement: Analyze usage patterns, improve software functionality, enhance user experience
• Security: Prevent fraud, detect security threats, protect against unauthorized access
• Legal Compliance: Fulfill tax obligations, maintain records, respond to legal requests
• Marketing (with consent): Send promotional emails about updates, new features, special offers
• Fraud Prevention & Dispute Resolution: Prevent fraudulent refund claims and chargebacks, maintain evidence of policy acceptance and informed consent, document instant digital delivery of products, resolve payment processor disputes, protect against abuse of our no-refund policy, maintain proof of customer acknowledgment of terms

3. Data Storage and Security

3.1 Where We Store Your Data

Your personal data is primarily stored on secure servers within the United Kingdom and European Economic Area (EEA). We use reputable cloud service providers that comply with UK GDPR requirements.

3.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: SSL/TLS encryption for all data transmitted over the internet
• Database Security: Encrypted database storage with access controls
• Authentication: Strong password requirements, secure session management
• Access Controls: Strict employee access policies, role-based permissions
• Regular Audits: Security assessments, vulnerability testing, penetration testing
• Monitoring: Continuous monitoring for suspicious activity, automated alerts
• Backups: Regular encrypted backups with secure storage
• Incident Response: Documented procedures for data breach response

3.3 Data Retention

Data Type	Retention Period	Reason
Account Information	Duration of account + 7 years	Service provision, support, legal compliance
Transaction Records	PERMANENT (Indefinitely)	UK tax law (7 years minimum), fraud prevention, chargeback defense, no-refund policy enforcement
Purchase Evidence	PERMANENT (Indefinitely)	Proof of policy acceptance, instant delivery records, chargeback protection, dispute resolution
Support Communications	3 years after resolution	Quality assurance, legal
Marketing Consent	Until withdrawal	Active consent required
Website Analytics	26 months	Google Analytics default
Checkout Process Data	PERMANENT (Indefinitely)	Evidence of informed consent, policy acceptance, terms agreement
Download & Activation Logs	PERMANENT (Indefinitely)	Proof of instant digital delivery, prevent fraud

4. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

4.1 Right of Access (Article 15)

Request a copy of all personal data we hold about you. We will provide this in a structured, commonly used format.

4.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

4.3 Right to Erasure (Article 17)

Request deletion of your personal data ("right to be forgotten"), subject to legal obligations and legitimate business interests.

4.4 Right to Restriction (Article 18)

Request that we limit how we use your data in certain circumstances.

Limitation for Transaction Data: We CANNOT restrict processing of transaction-related data when it is necessary for: legal compliance (tax obligations), fraud prevention and detection, chargeback defense, dispute resolution, and enforcement of our no-refund policy. Transaction records will continue to be processed for these purposes even if you request restriction on other data uses.

4.5 Right to Data Portability (Article 20)

Receive your personal data in a machine-readable format and transfer it to another service.

4.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

4.7 Right to Withdraw Consent (Article 7)

Withdraw consent for processing at any time (where processing is based on consent).

4.8 Automated Decision-Making (Article 22)

We do not use automated decision-making or profiling that produces legal effects.

5. Third-Party Service Providers

We share data with carefully selected third-party processors who help us operate our business:

5.1 Payment Processors

• Stripe: Payment processing, fraud detection
• PayPal: Alternative payment method
• These providers handle payment data under their own privacy policies and PCI-DSS compliance

5.2 Cloud Infrastructure

• Hosting Providers: Secure data storage, website hosting
• All providers are UK/EU-based or have UK GDPR-compliant data processing agreements

5.3 Analytics and Performance

• Google Analytics: Website traffic analysis (anonymized IP addresses)
• You can opt-out using browser settings or Google's opt-out tool

5.4 Email Services

• Transactional Emails: Order confirmations, password resets, account notifications
• Marketing Emails (with consent): Product updates, promotional offers

5.5 Customer Support

• Support Ticket System: Manage customer inquiries and support requests

5.6 Payment Dispute & Fraud Prevention

Stripe & PayPal: We share transaction data with our payment processors for processing payments securely, preventing fraudulent transactions, defending against unauthorized chargebacks, providing evidence in payment disputes, and complying with payment card industry standards.

Data Shared for Dispute Defense: Purchase timestamps and IP addresses, Terms of Sale acceptance records, no-refund policy acknowledgment, download and license activation logs, email delivery confirmations, and customer communications.

This data sharing is necessary for our legitimate business interests in preventing fraud and defending against false refund claims.

Anti-Fraud Services: We may use third-party fraud detection services to verify transaction authenticity, detect suspicious purchasing patterns, prevent chargeback abuse, identify high-risk transactions, and protect against stolen payment methods. These services process transaction data under strict confidentiality agreements and UK GDPR-compliant Data Processing Agreements.

Data Processing Agreements: All third-party processors have signed Data Processing Agreements (DPAs) ensuring UK GDPR compliance.

Important: We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.

6. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom and European Economic Area (EEA).

6.1 Transfers Outside UK/EEA

If we transfer data outside the UK/EEA, we ensure adequate protection through:

• Adequacy Decisions: Countries approved by UK government as having adequate data protection
• Standard Contractual Clauses (SCCs): UK ICO-approved contracts with third-party processors
• Binding Corporate Rules: Internal policies for multinational organizations
• International Data Transfer Agreement (IDTA): UK-specific transfer mechanism

7. Children's Privacy

Bounce Checker services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@bouncechecker.net, and we will delete such information.

8. Marketing Communications

8.1 Opt-In

We will only send marketing emails if you have explicitly consented (opt-in). Marketing consent is separate from service-related communications.

8.2 Opt-Out

You can unsubscribe from marketing emails at any time by:

• Clicking the "Unsubscribe" link in any marketing email
• Updating preferences in your account settings
• Emailing privacy@bouncechecker.net

Note: Unsubscribing from marketing does not affect transactional emails (order confirmations, password resets, important account updates).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware
• Notify affected individuals without undue delay if there is a high risk
• Provide information about the nature of the breach and remedial actions
• Maintain a record of all data breaches

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

Notification of Changes:

• Updated "Last updated" date at the top of this page
• Email notification for significant changes (if you have an account)
• Prominent notice on our website

Your Continued Use: Continued use of our services after changes indicates acceptance of the updated Privacy Policy.

12. Contact Us & Complaints

12.1 Privacy Inquiries

12.2 Complaints

If you have concerns about how we handle your personal data, please contact us first. We are committed to resolving any issues.

UK Supervisory Authority: If you are not satisfied with our response, you have the right to lodge a complaint with:

12.3 Transaction & Refund Policy Questions

Important: This Privacy Policy explains how we handle your personal data. For questions about our no-refund policy, purchases, or financial transactions, please refer to our Terms of Sale or contact:

Privacy-related questions (data protection, GDPR rights, data retention) should be directed to privacy@bouncechecker.net

13. Additional Information

13.1 Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to ensure compliance with UK GDPR.

13.2 Staff Training

Our staff receive regular training on data protection principles, UK GDPR requirements, and secure data handling practices.

13.3 Record Keeping

We maintain detailed records of processing activities as required by Article 30 of UK GDPR.

14. No-Refund Policy & Data Retention

14.1 Digital Product Nature

Bounce Checker is a digital software product delivered instantly upon purchase. Due to this instant delivery nature, we operate a strict no-refund policy.

14.2 Why This Affects Data Retention

Our no-refund policy directly impacts how we retain your data:

Purchase Evidence Must Be Retained: To prevent fraudulent refund claims, defend against unauthorized chargebacks, prove instant delivery occurred, demonstrate customer acceptance of terms, and comply with payment processor requirements.

What We Retain Permanently:

• Transaction records and payment confirmations
• Terms of Sale acceptance evidence
• No-refund policy acknowledgment
• Checkout timestamps and IP addresses
• Download and license activation records
• Email delivery confirmations
• Purchase-related communications

14.3 Your Rights Are Still Protected

Despite permanent retention of transaction data, your privacy rights remain protected:

You CAN:

• Data Minimization: We only retain what's necessary
• Security: All retained data is encrypted and secured
• Access: You can request copies of your transaction data
• Correction: You can correct inaccurate information
• Portability: You can receive your data in machine-readable format
• Objection: You can object to certain processing (but not legal requirements)

What you CANNOT do:

• Delete transaction records (legal compliance requirement)
• Restrict processing of financial data (legitimate business interest)
• Object to fraud prevention measures (legal basis)

14.4 Balancing Your Privacy & Our Business Interests

We have conducted a Legitimate Interests Assessment (LIA) balancing your privacy rights (minimal data collection, secure storage, transparent processing, access to your data) against our business needs (prevent fraud and chargebacks, comply with tax regulations, defend against false claims, maintain business records).

Conclusion: Permanent retention of transaction data is necessary and proportionate for legal compliance, fraud prevention, and business protection, while your privacy remains protected through security measures and transparency.

14.5 Questions About Data Retention

If you have concerns about how long we retain your data, contact: privacy@bouncechecker.net or dpo@bouncechecker.net. We are happy to explain our retention practices and legal obligations.

15. Fraud Prevention & Chargeback Defense

15.1 Why We Collect Transaction Evidence

Due to the instant delivery nature of digital products, we are vulnerable to: fraudulent refund claims ("I didn't receive the product"), unauthorized chargebacks after using the software, bad-faith disputes after downloading and activating licenses, and abuse of payment processor dispute systems.

To protect our business, we collect comprehensive evidence of:

• Customer acceptance of no-refund policy
• Instant delivery of download link and license key
• Customer acknowledgment of terms before payment
• Timestamp and IP address of purchase
• License activation and software downloads
• Email delivery confirmations

15.2 Legal Basis for Fraud Prevention Processing

Article 6(1)(f) - Legitimate Interests: We have a legitimate interest in preventing fraud and protecting our business from financial harm. This interest is balanced against your privacy rights through data minimization (only essential data collected), purpose limitation (only used for fraud prevention), security measures (encrypted storage), retention limits (only as long as necessary for purpose), and transparency (this policy explains our practices).

Article 9(2)(f) - Legal Claims: We may process data to establish, exercise, or defend legal claims, including chargeback disputes with payment processors.

15.3 Data Sharing for Dispute Resolution

In the event of payment disputes or chargebacks, we may share your data with: payment processors (Stripe, PayPal), financial institutions (card issuers, banks), legal advisors, dispute resolution services, and law enforcement (if fraud is suspected).

Data shared includes: transaction records and timestamps, IP addresses at time of purchase, terms acceptance records, download and activation logs, email communications, and support ticket history.

This sharing is necessary for our legitimate business interests in defending against false claims and is conducted in compliance with UK GDPR data sharing requirements.

15.4 Your Rights in Dispute Situations

Even during disputes, you retain your data protection rights: right to be informed (we explain why data is shared), right of access (you can request copies of shared data), and right to rectification (correct any inaccurate data).

However, you CANNOT: request deletion of dispute evidence, restrict processing for legal defense purposes, or object to legitimate fraud prevention measures.

15.5 False Claims & Consequences

Making false claims or initiating fraudulent chargebacks may result in: permanent ban from our services, referral to payment processor fraud databases, potential legal action, and reporting to relevant authorities.

We take fraud seriously and will vigorously defend against false claims using all evidence available.