Privacy Policy

When you use OPbrainrots.com ("the Site"), we may collect the following information:

• Roblox Username — provided by you so we can deliver purchased items to the correct in-game account.
• Email Address — provided when you contact support, create an account, or subscribe to notifications.
• Discord ID — if you log in via Discord OAuth for account access or admin features.
• Order Information — records of items purchased, order IDs, timestamps, and delivery status.
• Device & Browser Data — IP address, browser type, and basic analytics data collected automatically when you visit the Site.

We use the information we collect for the following purposes:

• To deliver purchased in-game items to your Roblox account.
• To process and track your orders.
• To respond to support inquiries and resolve disputes.
• To send order confirmations and delivery notifications (if you provided an email).
• To prevent fraud and protect the integrity of our delivery system.
• To improve our Site and services through anonymous usage analytics.

We will never sell your personal information to third parties for marketing or advertising purposes.

All payments on OPbrainrots are processed by Stripe, a PCI Level 1 certified payment processor — the highest level of security certification in the payments industry.

• Your card details are entered directly into Stripe's secure payment form.
• We never see, store, or have access to your full card number or CVV.
• Stripe handles all payment security, encryption, and compliance.
• We only receive a confirmation of whether the payment succeeded or failed, along with a transaction ID.

For more information, see Stripe's Privacy Policy.

The Site uses cookies and similar technologies for the following purposes:

• Session Cookies — to keep you logged in and maintain your cart during your visit.
• Preference Cookies — to remember your theme choice (light/dark mode) and selected Roblox account.
• Security Cookies — Cloudflare Turnstile uses cookies for bot protection on our contact form.

We do not use third-party advertising cookies or tracking pixels. We do not run ads on the Site.

We only share your information with third parties when necessary to operate the Site:

• Stripe — payment processing (receives your payment details directly).
• Cloudflare — site performance, security, and bot protection.
• Resend — email delivery for order notifications and support replies.

We do not sell, rent, or share your personal data with advertisers, data brokers, or any other third parties beyond what is listed above.

OPbrainrots sells items for a game commonly played by children. We recognize this responsibility and take the following measures:

• We collect only the minimum information needed to fulfill orders (Roblox username).
• We do not require children to create accounts or provide personal details.
• Payment must be completed by an adult (credit/debit card holder).
• If you are a parent and believe your child has submitted personal information without your consent, please contact us and we will promptly delete it.

We retain your data for as long as necessary to provide our services and fulfill legal obligations:

• Order records — retained for dispute resolution and accounting purposes.
• Delivery recordings — retained as proof of fulfillment.
• Support tickets — retained for as long as the inquiry is active, then archived.
• Account data — retained until you request deletion.

If you wish to have your data deleted, please contact us with your request.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request that we delete your personal data.
• Portability — request your data in a portable format.

To exercise any of these rights, email us at [email protected] or use our contact form.

We take reasonable measures to protect your information, including:

• HTTPS encryption on all pages.
• Secure, signed session cookies.
• Payment processing handled entirely by Stripe (PCI Level 1).
• Cloudflare protection against DDoS and bot attacks.

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you promptly in the unlikely event of a data breach.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. Continued use of the Site following any updates constitutes your acceptance of the revised policy.

For questions about this Privacy Policy, please contact us at [email protected].