athena
Sign inGet a key

Privacy policy

Last updated April 24, 2026. Short version: we collect what we need to run the licensing system and nothing we don't.

What we collect

  • · Email address. Used for sign-in, password reset, and purchase receipts.
  • · Username. Public handle on your account.
  • · IP address. Used for rate limiting, fraud detection, and the login history log.
  • · Hardware ID hash. A one-way hash of stable device identifiers, used to bind a key to a device.
  • · Device fingerprint. User agent, platform, and a short fingerprint string used for session integrity.
  • · Login history. Timestamps, IPs, user agents. You can view and revoke sessions from your dashboard.
  • · Wallet and order data. Top-ups, balances, key purchases. Required to run a license business.

What we don't collect

  • · Raw hardware IDs. We only ever store a salted hash.
  • · Plaintext keys. Keys are hashed at rest. We can't "look up" your key for you if you lose it.
  • · Payment card data. Card payments and crypto payments are handled by NOWPayments. We never see your card number or wallet private keys.
  • · Telemetry about what scripts you run, what games you open, or what you do in them.

Retention

Account data sticks around while your account is active. If you delete your account, we purge personal data within 30 days, except where we're required to keep records for accounting, fraud prevention, or legal compliance. Audit log entries tied to fraud or chargebacks are retained longer.

Third parties

We share the minimum data needed with the providers that run the infrastructure:

  • · NOWPayments. Processes card and crypto payments. Sees the amount, order ID, and payment metadata.
  • · MongoDB. Primary datastore for accounts, keys, and orders.
  • · Redis. Short-lived session, rate-limit, and cache data.
  • · Vercel and our VPS host. Serve the website, API, and static assets.

We don't sell your data. Not to advertisers, not to anyone.

Your rights

You can access, export, or delete your data at any time from the dashboard, or by asking us directly. Access and export return the data we hold about your account. Delete wipes it, subject to the retention carve-outs above.

Security

Passwords are hashed with a modern algorithm. Keys are hashed at rest. The audit log is HMAC-chained so tampering is detectable. 2FA is available on every account, use it.

Contact

Privacy requests, questions, or anything else: open a ticket in our Discord. The invite is in the footer.