1. Introduction
Layeh's Market ("we," "us," or "our") respects your privacy. This policy explains what data we collect when you use layehmarket.com, our checkout, and our Discord bot.
2. Data We Collect
2.1 Discord OAuth
When you log in with Discord, we receive your Discord user ID, username, avatar, guild access needed for the service, and email address if Discord provides it under the email OAuth scope.
Email is stored for account and future opt-in marketing use only. Cookie consent does not subscribe you to marketing emails.
2.2 Orders and Payments
- Order details, products, cart lines, selected server, quantity, price, discounts, and status
- Payment method and processor reference IDs from PayPal or NOWPayments
- Marketing attribution attached to the order when you consent, such as UTMs, referrer, and ad click IDs
We do not store card numbers, bank details, PayPal login credentials, or crypto private keys. Payment processing is handled by PayPal and NOWPayments.
2.3 Discord Support and Bot Data
The bot stores data needed for tickets, delivery, rewards, ranks, transactions, scammer checks, moderation, translations, and analytics. Ticket transcripts may include message content, timestamps, and participant identifiers.
2.4 Website Analytics, Ads, and Improvement Data
With your consent, we collect browsing and funnel events such as landing pages, product views, searches, cart actions, checkout steps, purchases, Discord clicks, referrers, UTM parameters, ad click IDs, and cookie IDs used by analytics or advertising platforms.
3. How We Use Your Data
| Purpose | Legal basis |
|---|---|
| Account login, orders, delivery, ranks, rewards, and support | Contract performance |
| Fraud prevention, audit logs, disputes, chargebacks, and security | Legitimate interests |
| Analytics, ads, retargeting, attribution, and UX/session insight | Consent |
| Legal, tax, and accounting record keeping | Legal obligation and legitimate interests |
4. Data Shared with Third Parties
| Provider | Purpose |
|---|---|
| Discord | OAuth login, Discord delivery, tickets, and community support |
| PayPal | Payment processing and payment reference verification |
| NOWPayments | Cryptocurrency payment processing and IPN confirmation |
| Supabase | Database hosting for users, orders, products, analytics, and bot mirrors |
| Vercel | Website hosting, performance, and analytics when consented |
| Google Analytics and Google Ads | Analytics, consent mode, ad measurement, and purchase conversions |
| Meta | Pixel and server-side purchase conversion measurement when ads consent is granted |
| TikTok | Pixel and server-side purchase conversion measurement when ads consent is granted |
| Microsoft Clarity | UX/session insight when experience-improvement consent is granted |
We do not sell personal information for money. Advertising pixels may count as data sharing for ads laws; you can reject or withdraw ads consent at any time.
5. Cookies and Consent
We use these categories:
- Essential - required for login, checkout, security, CSRF protection, and site operation.
- Analytics - GA4, Vercel analytics, funnel events, attribution reporting, and product/search insight.
- Ads and retargeting - Meta, TikTok, Google Ads, click IDs, remarketing audiences, and conversion APIs.
- Experience improvement - tools such as Microsoft Clarity to understand UX issues.
Non-essential categories stay off until you consent. You can accept all, reject all, or customize choices. You can change your choice here: .
6. Data Retention
- Account data - retained until deletion is requested, subject to order/legal retention.
- Order and payment records - retained for tax, accounting, fraud prevention, and dispute handling.
- Ticket transcripts - retained as needed for support quality, delivery evidence, and disputes.
- Analytics and attribution - retained while useful for business reporting unless deletion is required.
7. Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You can also withdraw consent for non-essential cookies at any time.
To exercise privacy rights, open a support ticket in our Discord server. We aim to respond within 30 days where legally required.
EU/UK residents may complain to their local supervisory authority. Brazilian residents have rights under LGPD. California residents may request access or deletion and may opt out of advertising data sharing by rejecting ads cookies.
8. Data Security
- HTTPS for all web traffic
- Row-Level Security policies on Supabase where user access is exposed
- Server-side validation and rate limiting on API endpoints
- Payment credentials handled by payment providers, not stored by us
9. Children's Privacy
Our services are not directed at children under 13. If you believe a child under 13 provided personal data, contact us through Discord and we will delete it where required.
10. Changes and Contact
We may update this policy from time to time. Material changes will be posted here or announced in Discord.
For privacy questions, contact us through our Discord server by opening a support ticket.
