Privacy Policy

1. Overview

We are PokeTrain. We provide an automation software for PokeMMO and related web services. This Privacy Policy explains which data we collect, why we collect it, how we use it, and the rights you have under applicable laws, including the EU GDPR.

By using our website or purchasing/using our software, you agree to this Privacy Policy. If you do not agree, please refrain from using our services.

2. Data We Collect

• Account data: username, email, registration date, subscription status or license keys.
• Authentication & anti-abuse: httpOnly auth cookie, security logs (e.g. IP, timestamps, user agent) to prevent fraud/abuse and secure access.
• Usage/telemetry (limited): basic logs required to operate and improve the service (e.g. patcher checks, key validation). We do not record game content.
• Payments: processed by third parties (e.g. Stripe). We do not store full card or bank details on our servers.
• Support: messages you send us via email or forms.

3. How We Use Data (Legal Basis)

We process personal data based on these legal grounds:

• Contract: to create/manage your account, deliver software updates, validate keys, and provide support.
• Legitimate interests: protect our platform, detect abuse, prevent fraud, improve stability/performance.
• Legal obligation: accounting, tax, compliance requirements.
• Consent: where required (e.g. optional cookies/analytics if enabled in the future).

4. Payments

Payments are handled by third-party processors such as Stripe. We receive confirmations and limited metadata (e.g. payment status, timestamps) but we do not store full card/bank details on our servers. Your payment data is processed according to each provider’s privacy policy.

5. Cookies

We primarily use an httpOnly authentication cookie to keep your session active securely across subdomains. This cookie is essential and cannot be disabled from our side without logging out. We currently do not use invasive third-party tracking cookies. For more details, see our Cookies Policy.

6. Security

We apply industry-standard protections (HTTPS, access controls, encryption at rest where applicable, and least- privilege practices). However, no system is 100% secure. Users must safeguard their credentials and devices.

7. Retention

We keep account data while your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes. Security/anti-abuse logs are typically kept for up to 12 months, unless longer retention is necessary (e.g. ongoing investigations).

8. Your Rights (GDPR)

Depending on your location, you may have the right to:

• Access your data and obtain a copy.
• Request rectification or deletion.
• Restrict or object to processing, including legitimate interests.
• Data portability (when applicable).
• Withdraw consent where processing relies on consent.
• Lodge a complaint with a supervisory authority (in Germany, AEPD).

To exercise rights, contact us at [email protected]. We may need to verify your identity.

9. International Transfers

Some processors (e.g. hosting, payments) may operate outside the EU/EEA. When transfers occur, we rely on appropriate safeguards (such as Standard Contractual Clauses) to protect your data in accordance with GDPR.

10. Children

Our services are not intended for children under 16. We do not knowingly collect data from minors. If you believe a minor has provided personal data, please contact us to remove it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated effective date. Please review it periodically.

12. Contact

For privacy questions or GDPR requests, contact us at [email protected]. You can also review our Terms & Conditions and Cookies Policy.