Legal
Privacy Policy
Last updated: 2026-03-01
1. Information We Collect
When you use M2Developer ("the Service"), we collect the following information:
- Account data: Your Discord username, email address, and profile picture — provided via Discord OAuth when you sign in.
- Purchase data: Transaction history, product licenses, and download records associated with your account.
- License monitoring data: IP address and server resource name of your FiveM server when it pings our license API.
- Payment data: Payment is processed by Stripe. We do not store your card details. We store Stripe session IDs and payment status only.
- Usage data: Page views, product visits, and download counts for internal analytics.
2. How We Use Your Information
- To authenticate your account and maintain your session.
- To process purchases and deliver licensed products.
- To validate license keys when your FiveM server connects to our API.
- To send transactional emails (purchase confirmation, license delivery) if you have provided an email address.
- To improve our products and services based on aggregated usage patterns.
3. Data Sharing
We do not sell, rent, or trade your personal information to third parties. We share data only with:
- Stripe — payment processing. Subject to Stripe's Privacy Policy.
- Discord — authentication provider. Subject to Discord's Privacy Policy.
- Cloudflare — CDN and asset delivery. Images and files are served via Cloudflare R2.
- Vercel / Supabase — hosting and database infrastructure.
4. Data Retention
We retain your account and purchase data for as long as your account is active. License and order records are kept permanently for legal and audit purposes. You may request deletion of your account by contacting us — however, purchase records required for tax compliance will be retained as required by law.
5. Cookies & Local Storage
We use session cookies for authentication (NextAuth.js). We also use browser localStorage to remember your UI preferences (e.g., returning user detection). No advertising or cross-site tracking cookies are used.
6. Security
All data is transmitted over HTTPS. Passwords are not stored — authentication is handled exclusively via Discord OAuth. License keys are stored as hashed tokens. We implement industry-standard security practices to protect your information.
7. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and associated personal data.
- Object to processing of your data in certain circumstances.
To exercise these rights, contact us at the email listed on our support page.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the updated policy.
9. Contact
If you have questions about this Privacy Policy, please contact us via our support page.