Applesupps

Legal

Privacy Policy

Last updated May 24, 2026

This page explains what personal information Apple supps collects, why, who we share it with, how long we keep it, and what choices you have. We aim to collect the minimum we need to run the store responsibly.

1. Who we are

Apple supps is an international online supplement store. References to "we", "us", or "our" mean Apple supps. To exercise any of the rights below, write to us via the contact page.

2. What we collect

  • Account data: email address, bcrypt-hashed password, optional two-factor authentication secret and backup codes (hashed before storage).
  • Order data: items purchased, prices, shipping address, billing references, the deposit address generated for your order, and the on-chain transaction hash of payment.
  • Wallet data: cryptocurrency addresses we generate for you (BTC, LTC, USDT on TRC20 / ERC20 / Arbitrum), cached balances pulled from public block explorers, and a record of every withdrawal request you submit.
  • Communication: messages you send via the on-site message thread, including any image you attach.
  • Technical data: IP address, user-agent string, approximate timestamps, and cookies needed for sign-in (an encrypted session JWT) and the shopping cart.

3. What we do with it

  • Process orders, payments, and withdrawals.
  • Authenticate you and protect your account (rate limiting, CAPTCHA, 2FA).
  • Send transactional email — order updates, withdrawal confirmations, password resets, email verification.
  • Respond to support messages.
  • Detect fraud, sanctions risk, and account abuse.
  • Comply with applicable legal obligations and lawful requests.

We do not use your data for advertising and we do not sell or rent it to third parties. We do not currently send marketing email; if we ever do, it will require explicit opt-in.

4. Service providers we work with

We share the minimum data needed to operate the store with a small set of service providers — for application hosting, database storage, transactional email, image hosting, bot protection, error monitoring, and admin notifications. Each is independently responsible for its own privacy practices.

We do not sell or rent your data, and we do not share it with advertising networks or data brokers. A current list of our service providers is available on request — see the Contact section below.

Because cryptocurrency payments settle on public blockchains, the addresses we generate for your account and any transactions involving them are visible to anyone who reads those blockchains. That is a property of how crypto works, not a choice we make.

5. Cookies

We use a small set of strictly necessary cookies:

  • customer_session — your signed-in customer session (signed JWT, expires after 30 days of inactivity).
  • admin_session / admin_pre2fa — admin sign-in tokens, only set for admin accounts.
  • cart — your unsigned-in cart so we can restore it on next visit.

We do not use third-party advertising or analytics cookies.

6. Data retention

  • Active accounts: kept while the account is open.
  • Inactive accounts (no sign-in for 3+ years): scheduled for deletion or anonymisation.
  • Order and withdrawal records: retained for at least 7 years for accounting and compliance.
  • Audit logs (admin actions): retained for at least 2 years.
  • Support messages: retained while the account is open.
  • Cloudinary image attachments: retained alongside the message thread.

7. Your rights

Depending on your jurisdiction (GDPR/UK GDPR, CCPA, PDPA, and similar regimes), you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or out-of-date data.
  • Delete your account. Some records may need to stay (orders and withdrawals are kept for accounting and compliance — see the retention list above).
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent (if our processing relied on consent).

Email us at info@applesupps.me or via the contact page to exercise any of these. We aim to respond within 30 days.

8. International transfers

Our processors operate in the United States, the European Union, and other regions. Where data leaves your country, it is transferred under each processor's contractual safeguards (Standard Contractual Clauses or equivalent).

9. Children

Apple supps is intended for adults (18+). We do not knowingly collect data from children. If you believe a child has registered an account, contact us and we will remove it.

10. Security

Passwords are hashed before storage. Sessions are short-lived signed tokens bound to a specific audience. Two-factor authentication is available for admin accounts. We rate-limit sensitive endpoints and run automated bot defence on every authentication form. No system is perfectly secure, and you remain responsible for protecting your own login credentials.

11. Changes

Material changes to this Policy will be reflected in the "Last updated" date at the top of the page. We will notify you of significant changes via on-site banner or email when feasible.

12. Contact

Privacy questions? Email info@applesupps.me or use the contact page.

This document is provided for transparency and ease of reference. It is not legal advice. Apple supps recommends customers review the policies that apply to them under their own jurisdiction before purchasing.

See also: Terms · Privacy · Refund · Contact