Legal

Privacy Policy

Last updated: May 28, 2026

Privacy Policy

Effective Date: May 13, 2026 Last Updated: May 28, 2026

#1. Introduction

This Privacy Policy describes how CASIR AGENCY S.R.L. ("we," "us," or "our"), a limited liability company, collects, uses, and shares information about you when you use America 250 (the "Service"), available at america250.live.

We respect your privacy and are committed to protecting your personal data. This Policy explains your rights and how to exercise them.

#2. Information We Collect

#2.1 Information You Provide Directly

  • Account information: email address, password (stored as a salted hash, never in plain text), chosen username, and confirmation that you are at least 16 years old.
  • User-generated content: the stories, inscriptions, hex coordinates, and any other content you choose to publish on the Service.
  • Communications: information you send us via email or contact forms.
  • Purchase information: when you purchase a Hex, payment is processed by PayPal. We receive transaction confirmation (Hex type purchased, amount, currency, date, transaction ID, and the name and email associated with your PayPal account). We do not collect or store your credit card or bank account numbers. Card data is handled directly by PayPal under its own privacy policy.
  • Billing/tax information: depending on your jurisdiction and applicable tax laws, we may collect billing country, billing address, or VAT/tax identification number at checkout in order to apply correct taxes and to issue invoices required by law.
  • Contact form submissions: name, email address, subject category, and message content, used solely to respond to your inquiry.

#2.2 Information Collected Automatically

When you visit the Service, we automatically collect:

  • Device and connection data: IP address, browser type and version, operating system, device identifiers, referring URL, and pages visited.
  • Usage data: time and duration of visits, interactions with the hex map, features used.
  • Cookies and similar technologies: see Section 9 below.

#2.3 Information from Third Parties

If you sign in or interact with the Service through a third-party platform (e.g., social media), we may receive limited profile information from that platform according to your settings there.

#3. How We Use Your Information

We use your information to:

  • Create, maintain, and secure your account.
  • Display the content you publish on the public parts of the Service.
  • Process Hex purchases, deliver the Hex license, and provide order confirmations and receipts.
  • Comply with accounting, invoicing, and tax obligations under Moldovan and any other applicable law.
  • Operate, improve, and personalize the Service.
  • Communicate with you about your account, purchases, security, and important Service updates.
  • Measure the effectiveness of our advertising and reach audiences likely to be interested in the Service (via the Meta Pixel — see Section 5.1).
  • Detect, prevent, and address fraud, chargebacks, abuse, technical issues, and violations of our Terms of Service.
  • Comply with legal obligations and respond to lawful requests from public authorities.

#4. Legal Basis for Processing (for EU/EEA/UK Users)

Under the EU General Data Protection Regulation (GDPR), we rely on the following legal bases:

Purpose Legal basis
Creating and operating your account Performance of a contract (Art. 6(1)(b))
Displaying your published content Performance of a contract (Art. 6(1)(b))
Processing Hex purchases and providing access Performance of a contract (Art. 6(1)(b))
Invoicing, accounting, and tax record-keeping Legal obligation (Art. 6(1)(c))
Security, fraud prevention, Service improvement Legitimate interests (Art. 6(1)(f))
Advertising measurement and audience targeting (Meta Pixel) Consent, which you can withdraw at any time (Art. 6(1)(a))
Behavioral analytics, heatmaps, and session replay (Microsoft Clarity) Consent, which you can withdraw at any time (Art. 6(1)(a))
Marketing communications (if any) Consent, which you can withdraw at any time (Art. 6(1)(a))
Compliance with Moldovan, EU, U.S., or other applicable law Legal obligation (Art. 6(1)(c))

You have the right to object to processing based on legitimate interests; see Section 7.

#5. How We Share Information

We do not sell your personal data. We share information only as described below.

#5.1 Service Providers (Data Processors)

We use the following third parties to operate the Service. Each processes data only on our instructions and under contractual data protection terms:

  • Vultr Holdings, LLC (United States) — server hosting and infrastructure.
  • Cloudflare, Inc. (United States) — content delivery, DDoS protection, and security.
  • Google LLC / Google Ireland Ltd. — email hosting (Google Workspace) and traffic analytics (Google Analytics 4). Google Analytics is configured with IP anonymization where supported.
  • Meta Platforms, Inc. (United States) — advertising measurement and audience targeting via the Meta Pixel (also known as the Facebook Pixel). The pixel reports a small number of anonymized events (page view, product view, add to cart, checkout start, payment-info added, purchase) back to Meta so we can (a) measure the effectiveness of advertising we run on Facebook and Instagram and (b) reach audiences similar to our existing users. We do not transmit your name, email address, account password, or other directly identifying information to Meta. The pixel may set cookies on your device for these purposes.
  • Microsoft Corporation (United States) — product analytics and behavioral insight via Microsoft Clarity. Clarity captures how visitors use and interact with the Service through behavioral metrics, heatmaps, and session replays (anonymized recordings of clicks, scrolls, and mouse movement). We use this information for site optimization, fraud and security purposes, and to improve the product. Clarity uses first- and third-party cookies and transmits standard device and connection data to Microsoft. We do not transmit your name, email address, account password, or other directly identifying information to Microsoft. See the Microsoft Privacy Statement for more details.
  • PayPal, Inc. — payment processing for U.S.-based Hex purchases. 2211 North First Street, San Jose, CA 95131, United States. If you are located outside the United States, your transaction may be processed by a regional PayPal entity (PayPal (Europe) S.à r.l. et Cie, S.C.A. in Luxembourg for the European Economic Area; PayPal Pte. Ltd. in Singapore; etc.) under PayPal's standard data transfer framework.

#5.2 Publicly Visible Content

Anything you publish on the Service (stories, hex inscriptions, public profile elements) is, by design, visible to all other visitors. Do not include information you wish to keep private.

#5.3 Legal and Safety Disclosures

We may disclose information when we believe in good faith it is necessary to: (a) comply with a legal obligation, court order, or lawful government request; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; (d) protect the rights, property, or safety of CASÎR AGENCY S.R.L., our users, or the public.

#5.4 Tax Authorities

We may share transactional information with tax authorities in the Republic of Moldova or other jurisdictions where required by law.

#5.5 Business Transfers

If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. You will be notified of any change in ownership or material change in how your data is handled.

#6. International Data Transfers

We are based in the Republic of Moldova. Our service providers are primarily based in the United States and the European Union. As a result, your data may be transferred to, stored, and processed in countries other than your own.

For transfers from the European Economic Area, United Kingdom, or Switzerland to countries that have not received an adequacy decision from the European Commission, we rely on Standard Contractual Clauses approved by the European Commission, or on the EU-U.S. Data Privacy Framework where the recipient is certified.

You may request a copy of the relevant transfer safeguards by emailing [email protected].

#7. Your Rights

Depending on where you live, you have some or all of the following rights regarding your personal data.

#7.1 Rights Under GDPR (EU/EEA/UK Users)

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations (including tax/accounting retention).
  • Restriction — limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent — at any time, where processing is based on consent.
  • Lodge a complaint with a supervisory authority (typically the data protection authority of your country of residence).

#7.2 Rights Under California Law (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share.
  • Delete personal information we have collected, with certain exceptions (including transactional records we are required to retain).
  • Correct inaccurate personal information.
  • Opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA.
  • Limit use of sensitive personal information — we do not use sensitive personal information for purposes that trigger this right.
  • Non-discrimination — we will not deny services, charge different prices, or provide a different quality of service because you exercised your rights.

You may exercise these rights by emailing [email protected]. We will verify your request by matching information you provide against information in your account. You may also designate an authorized agent to make a request on your behalf.

#7.3 Rights Under Other U.S. State Laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other U.S. states with comprehensive privacy laws have similar rights to access, delete, correct, and opt out of certain processing. Contact us at [email protected] to exercise these rights.

#7.4 Rights Under Moldovan Law

Under Law No. 133 of 8 July 2011 on the protection of personal data, residents of the Republic of Moldova have rights similar to those described above. You may also lodge a complaint with the National Center for Personal Data Protection of the Republic of Moldova (CNPDCP)datepersonale.md.

#7.5 How to Exercise Your Rights

Email [email protected] with a description of your request. We will respond within the timeframes required by applicable law (generally 30 days under GDPR; 45 days under CCPA, with possible extensions).

#8. Children's Privacy

The Service is not directed to children under the age of 16. You must be at least 16 years old to create an account. Additionally, to make a purchase you must be of the age of majority in your jurisdiction or have the consent of a parent or legal guardian.

We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete the account and associated data promptly. If you believe a child under 16 has provided us with personal information, please contact [email protected].

#9. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Keep you signed in to your account (essential).
  • Maintain your shopping/checkout session (essential).
  • Remember your preferences (functional).
  • Protect against fraud and abuse (essential — Cloudflare).
  • Measure traffic and usage (analytics — Google Analytics 4).
  • Measure the effectiveness of our advertising and build similar-user audiences (advertising — Meta Pixel / Facebook Pixel). The pixel sets cookies that Meta can read across other sites that also use it; see Meta's Cookies Policy for details.
  • Understand how visitors use the Service through behavioral metrics, heatmaps, and anonymized session replays (analytics — Microsoft Clarity). Clarity sets first- and third-party cookies (_clck, _clsk, and related Microsoft cookies); see the Microsoft Privacy Statement for details.

Essential cookies are required for the Service to function. You can control non-essential cookies through your browser settings or, where presented, through our cookie consent banner. Blocking essential cookies may prevent parts of the Service from working, including the ability to complete a purchase.

#10. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law:

  • Account data: retained while your account is active. Deleted within 30 days of account closure, except where retention is required by law.
  • Purchase and transaction records (invoices, payment confirmations, tax records): retained for the period required by Moldovan tax and accounting law (currently up to 10 years) and any other applicable legal obligation. This retention applies regardless of whether your account is closed.
  • Published user content: remains visible as part of the historical record of the Service unless you request removal or close your account.
  • Server logs: typically retained for up to 90 days for security and troubleshooting.
  • Analytics data: retained according to Google Analytics 4 default retention (currently 14 months) unless otherwise configured.
  • Advertising-measurement data (Meta Pixel): held by Meta according to their data policies, typically for ad-attribution windows of up to 180 days. We do not retain pixel event data ourselves beyond what is shown in aggregated dashboards. See Meta's Data Policy for full details.
  • Session-replay and behavioral data (Microsoft Clarity): held by Microsoft according to their default data policies, typically up to 1 year. We do not export or retain raw replay data ourselves beyond what is shown in aggregated Clarity dashboards. See the Microsoft Privacy Statement for details.

#11. Security

We implement reasonable technical and organizational measures to protect your personal data, including encryption in transit (HTTPS/TLS), salted password hashing, access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected users without undue delay.

#12. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

#13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where appropriate, notify you through the Service or by email. Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

#14. Contact Us

For questions, requests, or complaints about this Policy or how we handle your personal data, contact:

CASIR AGENCY S.R.L. Attn: Privacy Email: [email protected] General inquiries: [email protected]