Privacy Policy
Last updated: February 05, 2026
1. Introduction
Polygon Works ("we," "us," or "our") operates the website polygonworks.store (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. By using the Service, you consent to the data practices described in this policy.
2. Information We Collect
Account Information: When you sign in via Discord, we receive your Discord user ID, username, avatar, and email address. This information is used solely to create and manage your account.
Transaction Data: When you make a purchase, we collect information necessary to process the transaction, including the products purchased, payment method used (Robux or PayPal), and order details.
Email Subscriptions: If you voluntarily subscribe to our email list, we collect your email address. All email addresses are encrypted at rest using AES-256 encryption and cannot be read in plaintext from our database.
Usage Data: We automatically collect certain information when you access the Service, including your IP address, browser type, and user agent. This data is used for download tracking, security, and abuse prevention.
Cookies: We use essential session cookies to keep you logged in and localStorage to remember your preferences (e.g., email popup dismissal). We do not use third-party tracking cookies.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process transactions and send related information (order confirmations, receipts)
- Manage your account and provide customer support
- Send you marketing communications (only if you opted in via the email list; you can unsubscribe at any time)
- Detect and prevent fraud, abuse, and unauthorized access
- Enforce our Terms of Service
- Comply with legal obligations
4. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- All email addresses are encrypted at rest using Fernet (AES-128-CBC) symmetric encryption derived from a secure server-side key
- Passwords are never stored (authentication is handled by Discord OAuth2)
- CSRF protection on all forms and API endpoints
- Rate limiting to prevent abuse
- Download files are watermarked for piracy protection
While we strive to use commercially acceptable means to protect your data, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.
5. Third-Party Services
We use the following third-party services:
- Discord: For authentication (OAuth2). Subject to Discord's Privacy Policy.
- PayPal: For payment processing. Subject to PayPal's Privacy Policy.
- Roblox: For Robux-based payment processing. Subject to Roblox's Privacy Policy.
We do not sell, trade, or rent your personal data to third parties.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. If you wish to delete your account or request that we no longer use your information, please contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your personal data
- Restriction: Request restriction of processing of your data
- Portability: Request transfer of your data in a machine-readable format
- Objection: Object to the processing of your personal data
To exercise any of these rights, please contact us via our Discord server.
8. Children's Privacy
Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us through our Discord server.