TOKENSTORE

Privacy Policy

Our Privacy Policy Informations

1. Introduction

This Privacy Policy explains how Tokenstore collects, uses, stores, shares, protects, and otherwise processes personal data when you access Tokenstore, create an account, place an Order, make a payment, receive Products, use customer support, participate in promotions, or otherwise interact with our services.

Tokenstore is operated by Nebularsoft Limited, a company registered in Hong Kong.

For Hong Kong privacy purposes, Nebularsoft Limited is the data user responsible for personal data processed through Tokenstore. Where applicable privacy laws use the term “controller,” Nebularsoft Limited acts as the controller for the personal data described in this Privacy Policy, except where another party acts as an independent controller.

Depending on your location, additional privacy rights may apply under laws such as the Hong Kong Personal Data (Privacy) Ordinance, the EU General Data Protection Regulation, the UK GDPR, Swiss data protection law, California privacy law, or other applicable privacy laws.

2. Ecommerce Merchant Status; No Payment or Remittance Services

Tokenstore is an ecommerce platform operated by Nebularsoft Limited for the sale of its own digital Products.

Nebularsoft Limited is not a money services business, money service operator, payment service provider, acquiring institution, payment gateway provider, payment processor, remittance provider, money transmitter, money changer, e-wallet operator, stored value facility issuer, bank, financial institution, forex provider, investment service provider, virtual asset service provider, or regulated payment intermediary.

Where Tokenstore processes payment-related personal data, transaction data, settlement data, fraud data, wallet data, or compliance data, it does so for the purpose of operating its own ecommerce business, receiving payment for its own Product sales, fulfilling Orders, preventing fraud and abuse, complying with legal and contractual obligations, and protecting the Platform.

Tokenstore does not process personal data for the purpose of providing payment services, remittance services, acquiring services, payment gateway services, payment processing services, money-changing services, stored value services, or similar regulated payment intermediary services to Customers, Issuers, suppliers, merchants, or third parties.

3. Personal Data We Collect

We may collect and process the categories of personal data described below.

3.1 Account and Contact Data

We may collect:

  1. name;
  2. email address;
  3. phone number;
  4. username;
  5. password or authentication credentials;
  6. country;
  7. language preference;
  8. account settings;
  9. communication preferences.

3.2 Order and Transaction Data

We may collect:

  1. Order ID;
  2. Products purchased;
  3. denominations;
  4. currency;
  5. price;
  6. taxes or fees where applicable;
  7. payment method;
  8. transaction status;
  9. delivery status;
  10. redemption, activation, installation, or top-up status where available;
  11. refund history;
  12. chargeback or dispute history;
  13. invoice or receipt information;
  14. risk review status;
  15. product-category review status.

3.3 Payment and Settlement Data

Depending on the payment method, we or our payment providers may process:

  1. payment authorisation data;
  2. masked card details;
  3. payment processor customer ID;
  4. payment reference;
  5. wallet address;
  6. blockchain transaction hash;
  7. bank reference;
  8. payment risk score;
  9. refund destination;
  10. proof of payment ownership;
  11. merchant settlement records;
  12. reconciliation data;
  13. source-of-funds information where required.

Tokenstore does not normally store full card numbers. Card payments are processed by third-party payment processors.

Payment and settlement data is processed for Tokenstore’s own ecommerce sales, merchant settlement, fraud prevention, reconciliation, accounting, compliance, refunds, dispute management, and legal record-keeping.

3.4 Delivery and Product Data

Depending on the Product, we may process:

  1. email address for delivery;
  2. recipient email address;
  3. phone number for mobile top-up;
  4. country code;
  5. operator;
  6. game account ID;
  7. platform account identifier;
  8. eSIM activation details;
  9. device type;
  10. installation status;
  11. support diagnostics;
  12. screenshots you provide;
  13. Product redemption or activation information where available.

3.5 Identity and Verification Data

Where required for fraud prevention, compliance, high-risk Orders, business accounts, refunds, disputes, or legal obligations, we may collect:

  1. full legal name;
  2. date of birth;
  3. residential address;
  4. nationality;
  5. identity document;
  6. selfie or liveness check;
  7. business registration documents;
  8. beneficial ownership details;
  9. source-of-funds or source-of-wealth information;
  10. sanctions, politically exposed person, adverse media, or compliance screening results;
  11. proof of payment method ownership;
  12. proof of wallet ownership.

3.6 Technical, Device, and Usage Data

We may collect:

  1. IP address;
  2. device identifiers;
  3. browser type and version;
  4. operating system;
  5. device model;
  6. language;
  7. time zone;
  8. session logs;
  9. pages viewed;
  10. clicks;
  11. referral URLs;
  12. order flow events;
  13. error logs;
  14. fraud signals;
  15. cookie identifiers;
  16. analytics identifiers;
  17. approximate location derived from IP address;
  18. VPN, proxy, bot, emulator, or automation indicators.

3.7 Product Compliance and Prohibited Category Data

Tokenstore strictly prohibits Products connected with alcohol, tobacco, nicotine, vaping, gambling, betting, casino, lottery, adult content, drugs, controlled substances, forex, trading, investment schemes, and similar restricted or prohibited categories.

To enforce these restrictions, we may collect and process information relating to:

  1. Product names, descriptions, images, categories, denominations, countries, currencies, and redemption instructions;
  2. Issuer, supplier, merchant, brand, website, platform, and redemption destination information;
  3. Product availability, disabling, delisting, rejection, or removal records;
  4. transaction patterns, purchase history, refund history, chargeback history, and abuse indicators;
  5. Customer location, IP address, device data, payment method, wallet address, and risk signals;
  6. communications, support messages, screenshots, and complaint records;
  7. supplier, payment processor, fraud prevention, sanctions screening, and compliance information;
  8. evidence showing whether a Product, Order, Customer, Issuer, supplier, or transaction may be connected with a prohibited category.

We process this information to identify, prevent, investigate, disable, remove, and report Products, Orders, accounts, or activities that may breach Tokenstore’s Terms, supplier rules, payment processor rules, sanctions requirements, applicable laws, or prohibited-category policies.

3.8 Support and Communication Data

When you contact us, we may process:

  1. support messages;
  2. email content;
  3. chat transcripts;
  4. screenshots;
  5. attachments;
  6. call notes where applicable;
  7. complaint records;
  8. investigation history;
  9. feedback and reviews.

3.9 Marketing and Preference Data

Where applicable, we may process:

  1. newsletter preferences;
  2. campaign interactions;
  3. referral data;
  4. discount code usage;
  5. loyalty activity;
  6. product interests;
  7. abandoned cart data;
  8. advertising identifiers;
  9. consent records;
  10. opt-out records.

4. How We Collect Personal Data

We collect personal data:

  1. directly from you when you create an account, place an Order, contact support, submit forms, verify your identity, or participate in promotions;
  2. automatically when you use the Platform;
  3. from payment processors, fraud prevention providers, KYC providers, eSIM providers, suppliers, Issuers, mobile operators, analytics providers, advertising partners, customer support tools, and other service providers;
  4. from blockchain networks where you make on-chain payments;
  5. from publicly available sources where necessary for fraud, sanctions, product-category, or compliance checks;
  6. from authorities, regulators, payment networks, card schemes, banks, dispute bodies, or law enforcement bodies where relevant.

5. Why We Use Personal Data

We use personal data for the following purposes:

  1. to operate Tokenstore;
  2. to create and maintain accounts;
  3. to process Orders;
  4. to receive and confirm payments for Tokenstore’s own ecommerce sales;
  5. to reconcile merchant settlements for Tokenstore’s own designated ecommerce transactions;
  6. to deliver Products;
  7. to provide customer support;
  8. to investigate Product issues;
  9. to process refunds, replacements, and chargebacks;
  10. to prevent fraud, abuse, unauthorised resale, money laundering, sanctions evasion, prohibited-category activity, and other unlawful activity;
  11. to verify identity, payment ownership, wallet ownership, source of funds, business status, or Product end-use where required;
  12. to comply with legal, regulatory, tax, accounting, payment processor, supplier, sanctions, and law enforcement obligations;
  13. to enforce our Terms, Refund Policy, Cookie Statement, prohibited-category rules, and other policies;
  14. to maintain security and prevent cyberattacks;
  15. to improve the Platform, products, checkout, delivery, and support experience;
  16. to personalise content, country, language, currency, and Product availability;
  17. to send transactional messages, order confirmations, delivery emails, security alerts, and support updates;
  18. to send marketing communications where permitted;
  19. to measure advertising performance and campaign effectiveness;
  20. to manage promotions, loyalty, referrals, and discounts;
  21. to establish, exercise, or defend legal claims;
  22. to verify that Products, Orders, Issuers, suppliers, Customers, and transaction activity do not involve alcohol, tobacco, gambling, adult, drug, forex, lottery, or similar prohibited categories;
  23. to detect, disable, remove, block, or investigate Products that may directly or indirectly lead to prohibited categories;
  24. to enforce Product restrictions, geographic restrictions, age restrictions, sanctions controls, supplier rules, payment processor rules, and compliance requirements;
  25. to demonstrate that payments received by Nebularsoft Limited relate to Tokenstore’s own Product sales and not to remittance, payment processing, acquiring, payment gateway, money-changing, stored value, or payment intermediary services provided to others;
  26. to respond to payment processor, bank, supplier, compliance, audit, legal, regulatory, or law enforcement enquiries relating to Tokenstore’s own ecommerce transactions.

6. Legal Bases for Processing

Where a legal basis is required, we rely on one or more of the following:

  1. Contract necessity: to process Orders, deliver Products, provide support, manage accounts, and perform our agreement with you.
  2. Legal obligation: to comply with tax, accounting, sanctions, anti-fraud, payment, regulatory, consumer protection, and law enforcement obligations.
  3. Legitimate interests: to operate and improve Tokenstore, prevent fraud, secure the Platform, investigate claims, enforce terms, manage risk, conduct business analytics, protect against prohibited-category activity, and receive settlement for our own ecommerce transactions.
  4. Consent: for optional marketing, non-essential cookies, certain verification flows, or other processing where consent is required.
  5. Legal claims: to establish, exercise, or defend legal claims.
  6. Vital or public interest grounds: where required by applicable law or urgent safety circumstances.

7. Fraud Prevention, Compliance, and Security

Because Tokenstore sells high-risk digital goods that can be delivered instantly and are difficult to recover after delivery, we use fraud prevention and compliance controls.

These may include:

  1. IP risk checks;
  2. device fingerprinting;
  3. email risk checks;
  4. payment risk scoring;
  5. velocity monitoring;
  6. order pattern analysis;
  7. transaction limits;
  8. blockchain analytics;
  9. sanctions screening;
  10. KYC and KYB verification;
  11. chargeback monitoring;
  12. account-linking detection;
  13. product-category screening;
  14. prohibited-category monitoring;
  15. manual review.

If an Order is flagged, we may delay delivery, request verification, cancel the Order, refuse a refund, suspend the account, block future purchases, remove Products, disable Product access, or report suspicious activity where legally required or permitted.

Our compliance controls may include screening and monitoring for prohibited Products and prohibited categories, including alcohol, tobacco, gambling, adult, drug, forex, lottery, and similar categories.

If our systems, suppliers, payment processors, staff, or compliance partners identify a Product, Order, Customer, Issuer, supplier, merchant, website, redemption destination, transaction pattern, or support claim that may be connected with a prohibited category, we may process relevant personal data to disable, remove, investigate, block, refund, report, or otherwise address the activity.

We may also process data to confirm that Nebularsoft Limited receives settlement only as merchant for its own designated ecommerce transactions and does not provide payment, remittance, acquiring, payment gateway, payment processing, money-changing, stored value, or similar regulated payment intermediary services to others.

8. Automated and Manual Reviews

Some fraud, security, compliance, product-category, sanctions, and payment checks may be automated or semi-automated.

Automated or semi-automated systems may flag Orders, accounts, devices, payment methods, wallet addresses, Products, Issuers, suppliers, or transaction patterns for review.

Where required by applicable law, you may have the right to request human review of certain automated decisions. However, Tokenstore may still refuse, delay, cancel, or restrict an Order where required for fraud prevention, compliance, legal obligations, payment processor rules, supplier rules, prohibited-category controls, or platform security.

9. Sharing Personal Data

We may share personal data with:

  1. payment processors;
  2. acquiring banks and payment networks;
  3. crypto payment processors;
  4. wallet providers;
  5. fraud prevention providers;
  6. KYC, KYB, and identity verification providers;
  7. sanctions and compliance screening providers;
  8. suppliers, distributors, Issuers, eSIM providers, mobile operators, game publishers, and fulfilment partners;
  9. customer support platforms;
  10. email and messaging providers;
  11. analytics providers;
  12. hosting, cloud, infrastructure, and security providers;
  13. accounting, tax, legal, compliance, and audit advisers;
  14. advertising and marketing providers where permitted;
  15. group companies, successors, buyers, restructuring parties, or assignees;
  16. courts, regulators, law enforcement, government authorities, dispute bodies, payment processors, banks, and card schemes where required or permitted.

Where necessary, we may share personal data, transaction data, Product data, risk data, and compliance data with relevant parties to verify Orders, receive merchant settlement for Tokenstore’s own ecommerce transactions, prevent prohibited-category activity, investigate fraud, enforce our Terms, comply with legal or contractual obligations, and protect Tokenstore, Customers, suppliers, payment processors, and the public.

Sharing data with payment processors, acquiring banks, wallet providers, crypto payment processors, or fraud prevention providers does not mean that Nebularsoft Limited provides payment services, remittance services, acquiring services, payment gateway services, payment processing services, money-changing services, stored value services, or regulated payment intermediary services to Customers, Issuers, suppliers, merchants, or third parties.

We do not sell your personal data in the ordinary sense of selling customer lists for money. Where privacy laws define “sale,” “sharing,” or “targeted advertising” broadly to include certain advertising or analytics activities, you may have opt-out rights as described in this Privacy Policy or our Cookie Statement.

10. International Transfers

Tokenstore is operated from Hong Kong but may use service providers, suppliers, payment processors, cloud providers, fraud prevention tools, compliance tools, and support systems located in other countries.

Your personal data may be processed in Hong Kong, the European Economic Area, the United Kingdom, the United States, Singapore, and other jurisdictions where our service providers, suppliers, or infrastructure partners operate.

Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, standard contractual clauses, transfer risk assessments, adequacy mechanisms, or equivalent measures.

11. Data Retention

We keep personal data only as long as reasonably necessary for the purposes described in this Privacy Policy.

Typical retention periods include:

  1. account data: for as long as your account remains active and for a reasonable period after closure;
  2. order and transaction records: generally up to 7 years or longer where required for tax, accounting, audit, payment, legal, or compliance reasons;
  3. payment and settlement records: for as long as required for reconciliation, accounting, tax, dispute, payment processor, legal, and compliance purposes;
  4. fraud, sanctions, KYC, KYB, prohibited-category, dispute, and chargeback records: for as long as necessary to manage risk, comply with law, prevent abuse, and defend claims;
  5. support records: for as long as needed to resolve issues, maintain service quality, and defend claims;
  6. marketing data: until you unsubscribe or withdraw consent, subject to suppression lists;
  7. cookies and analytics data: according to the Cookie Statement and applicable consent settings.

We may retain data longer where required by law, legal claims, investigations, fraud prevention, sanctions screening, regulatory obligations, or payment processor requirements.

12. Security

We use technical and organisational measures designed to protect personal data, including:

  1. access controls;
  2. encryption in transit;
  3. secure hosting;
  4. logging and monitoring;
  5. fraud detection;
  6. least-privilege access;
  7. staff confidentiality controls;
  8. supplier due diligence;
  9. incident response procedures;
  10. backup and recovery controls;
  11. transaction monitoring;
  12. product-category and compliance controls.

No online service can guarantee absolute security. You are responsible for keeping your account, email, device, wallet, passwords, and authentication methods secure.

13. Your Rights

Depending on your location and applicable law, you may have rights to:

  1. access your personal data;
  2. correct inaccurate data;
  3. delete data;
  4. restrict processing;
  5. object to processing;
  6. withdraw consent;
  7. receive a copy of your data;
  8. opt out of marketing;
  9. opt out of certain advertising, sharing, or targeted advertising;
  10. request information about international transfers;
  11. request human review of certain automated decisions where applicable;
  12. complain to a data protection authority.

To exercise rights, contact:

Email: [email protected]

We may need to verify your identity before acting on a request. Some requests may be limited by legal, fraud prevention, accounting, security, dispute, product-category, payment processor, sanctions, or compliance obligations.

14. Marketing Communications

We may send marketing emails, offers, product updates, or promotional messages where permitted by law.

You can unsubscribe using the link in marketing emails or by contacting us.

Transactional emails, order confirmations, delivery messages, refund updates, security alerts, legal notices, and support communications are not marketing and may still be sent.

15. Cookies and Similar Technologies

We use cookies, pixels, SDKs, local storage, session storage, and similar technologies as described in our Cookie Statement.

These technologies may be used for:

  1. website functionality;
  2. account login;
  3. checkout operation;
  4. country, language, and currency preferences;
  5. payment processing;
  6. fraud prevention;
  7. security;
  8. analytics;
  9. advertising;
  10. support tools;
  11. product-category and compliance controls.

Where required, non-essential cookies are used only with your consent.

16. Children

Tokenstore is not intended for children. You must be at least 18 years old, or the age of legal majority in your jurisdiction, to use Tokenstore.

We do not knowingly collect personal data from children.

17. Third-Party Links and Services

Tokenstore may contain links to Issuer websites, payment processors, wallet providers, review platforms, support systems, Telegram, blockchain networks, or other third-party websites and services.

We are not responsible for the privacy practices of third parties. You should review their privacy policies before using their services.

18. Business Transfers

If Tokenstore, Nebularsoft Limited, or any part of our business is involved in a merger, acquisition, restructuring, financing, sale of assets, transfer of business, insolvency process, or similar transaction, personal data may be disclosed or transferred as part of that transaction, subject to appropriate confidentiality and legal safeguards.

19. Legal Requests and Protection of Rights

We may disclose personal data where we believe disclosure is reasonably necessary to:

  1. comply with law, regulation, court order, subpoena, regulatory request, law enforcement request, sanctions obligation, or payment processor requirement;
  2. enforce our Terms, Refund Policy, Cookie Statement, and other policies;
  3. investigate fraud, abuse, unauthorised resale, prohibited-category activity, payment disputes, or unlawful conduct;
  4. protect the rights, property, safety, reputation, and security of Tokenstore, Customers, suppliers, Issuers, payment processors, service providers, and the public;
  5. establish, exercise, or defend legal claims.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on Tokenstore with a new “Last updated” date.

Material changes may be communicated through the Platform, by email, or by other reasonable means.

Your continued use of Tokenstore after the updated Privacy Policy becomes effective means that you acknowledge the updated policy.

21. Contact

For privacy questions, requests, or complaints:

Nebularsoft Limited
The L. Plaza, 367-375 Queen's Road Central, 74PX+CM, Sheung Wan, Hong Kong
Email: [email protected]

imageimageimageimageimageimageimageimageimage
White LogoTOKENSTORE
We process and sell gift cards, game topups, eSIMs, gaming gift cards, PC games globally.
This website is operated by Nebularsoft Limited with a registered address at The L. Plaza, 367-375 Queen's Road Central, Sheung Wan, Hong Kong
Terms & ConditionsPrivacy PolicyRefund PolicyCookie Statement
XLinkedin
Tokenstore © 2026. Solutions for Global Retail.

Products

Support

Company