Privacy Policy

Last updated: May 2026

This Privacy Policy explains what data ViralHub collects, how we use it, and how you can exercise your rights. It applies to all visitors of viralhub.io and to authenticated users of the dashboard and API.

1. Data We Collect

• Account data: email, username, hashed password (bcrypt), API key, account tier, account balance.
• Order metadata: service ID, link or username target, quantity, charge, status, refill history, timestamps.
• Payment metadata: method (Crypto / Perfect Money / card), amount, transaction ID. Card numbers are never stored on our servers — they are handled by Stripe / Coinbase Commerce / Perfect Money directly.
• Session data: IP address, user-agent, JWT issued/expired timestamps. Stored for fraud and abuse detection.
• Support data: ticket subjects, messages, attachments.

2. How We Use Your Data

• To deliver the services you order and provide refill/cancel/support when requested.
• To detect and prevent fraud, abuse, and chargeback risk.
• To respond to your support tickets and operational notices.
• To comply with legal obligations (tax, sanctions screening, lawful requests from authorities).
• We do not sell your data and we do not use it for third-party advertising.

3. Third Parties

We share the minimum data necessary with:

• Payment processors (Stripe, Coinbase Commerce, Perfect Money) — to settle deposits.
• Upstream SMM providers — to fulfil services we cannot deliver entirely in-house, we forward the order link and quantity but never your email, password, or balance.
• Hosting and infrastructure (DigitalOcean / Hetzner, Cloudflare, AWS S3 for backups) — under signed Data Processing Agreements.

4. Cookies

We use only essential cookies and localStorage entries: the JWT access token (stored in localStorage as vh_token) and the promo-banner dismissal flag. We do not use third-party tracking, analytics, or advertising cookies.

5. Data Retention

• Account, order, and ticket data is retained for the lifetime of your account plus 30 days after deletion (to honour chargeback windows and abuse investigations).
• Financial records (deposits, charges) are retained for 7 years to satisfy tax and accounting obligations.
• Session and IP logs are retained for 90 days, then auto-purged.

6. Your Rights

Subject to applicable law (including GDPR for EU/UK residents and CCPA for California residents) you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data via your dashboard or by ticket.
• Delete your account and personal data — open a ticket; balance is forfeited per Terms.
• Export your order history as JSON or CSV.
• Object to specific processing where permitted.

To exercise these rights, open a ticket from /app/tickets or email contact@g2s.agency. We respond within 30 days.

7. Security

Passwords are hashed with bcrypt (cost 12+). API keys are random UUIDv4. All traffic is TLS-only. Database backups are encrypted at rest. We do our best to keep your data safe, but no system is impervious; promptly report suspected compromise to contact@g2s.agency.

8. Changes

We will post material changes to this Policy on this page and update the "Last updated" date. Significant changes will additionally be announced in-dashboard.