Last Updated: 14.11.2025
This Privacy Policy explains how YamCodes.com, operated by STP SOLUTIONS UAB, collects, uses, processes, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, and other applicable laws.
1. Data Controller
The Website is owned and operated by:
STP SOLUTIONS UAB
Company number: 307395097
Address: Maučiuvio g. 17-4, Nairių k., LT-39380 Pasvalio r.
Email for general inquiries: info@yamcodes.com
Email for privacy-related inquiries / GDPR requests: support@yamcodes.com
The Company acts as the Data Controller for all personal data collected through YamCodes.com.
2. Data We Collect
We collect the following categories of personal data:
2.1. Information you provide
Full name
Email address
Order details
Billing information (excluding full card numbers)
Country and region (if required for product delivery)
Customer support messages
Refund or dispute information
2.2. Payment Information
We do not process or store full payment card details.
Card data is processed directly by third-party acquiring/payment processors, compliant with PCI DSS standards. We may receive tokenized information such as:
transaction ID
last 4 digits of card
payment status
fraud-check results
chargeback alerts
2.3. Technical and Usage Data
Collected automatically:
IP address
Device type, browser version, OS
Website interactions (pages visited, session logs, clicks)
Error logs
Referrer URL
Cookie identifiers
2.4. API-Based Data Transfers
For product delivery (Activation Codes), we may send:
order ID
product ID
hashed IP or region information
technical identifiers to external suppliers via secure API connections.
These suppliers may operate servers in:
EU
United Kingdom
United States
Canada
Singapore
Other jurisdictions with adequate protection or SCCs
3. Purposes of Processing
We process your data for the following purposes:
3.1. Contract Performance (GDPR Art. 6(1)(b))
Processing orders
Delivering Activation Codes
Account management
Order communication
3.2. Customer Support
Email assistance
Technical troubleshooting
Verification of product issues
3.3. Fraud Prevention & Security (Legitimate Interest – Art. 6(1)(f))
Transaction security
Automated fraud checks
Abuse detection
Anti-spam filtering
3.4. API Product Delivery
Secure communication with suppliers for retrieving activation codes.
3.5. Legal & Regulatory Obligations (Art. 6(1)(c))
Accounting
Tax requirements
Compliance with financial regulations
Chargeback investigations
3.6. Analytics and Website Improvement (Art. 6(1)(a) or 6(1)(f))
Measuring performance
Improving load speed
Optimizing UX
3.7. Marketing (Consent – Art. 6(1)(a))
Newsletters
Promotional messages. You may withdraw consent at any time.
4. Automated Decision-Making and Fraud Detection
Certain actions (for example, fraudulent purchase detection or verification) may be processed automatically by:
payment processors
risk scoring systems
API suppliers
These systems may analyze:
IP reputation
device fingerprint
unusual behavior
patterns of previous disputes
These automated systems may lead to:
order delay
order cancellation
request for ID verification
Users can request manual review by contacting support@yamcodes.com.
5. Legal Bases for Processing (GDPR)
We rely on:
Performance of a contract – fulfilling your orders
Legitimate interests – fraud prevention, analytics, business operations
Legal obligations – tax, accounting, chargebacks
Consent – marketing and non-essential cookies
6. Data Sharing and Third-Party Processors
We may share data with the following categories of processors:
6.1. Payment Processors / Acquirers
Stripe
Nuvei
PayPal
Other PCI-DSS certified institutions
6.2. API Suppliers / Product Distributors
For Activation Code retrieval.
6.3. Hosting & Infrastructure
Cloudflare
DigitalOcean / AWS / European data centers
6.4. Email Services & Communication
SMTP/transactional email services
Customer support systems
6.5. Analytics & Performance Tools
Google Analytics
Server logs
Monitoring tools
6.6. Anti-Fraud Tools
IP scoring
Device fingerprinting
Risk analysis APIs
All third parties process data under binding agreements and GDPR-compliant safeguards.
7. International Transfers
Your data may be processed in:
EU / EEA
United Kingdom
United States
Canada
Singapore
Countries with EU adequacy decisions
Where required, we apply:
Standard Contractual Clauses (SCCs)
Data Processing Agreements (DPAs)
Encryption and security measures
8. Data Retention
We keep data only as long as necessary:
| Data Category | Retention |
|---|---|
| Order & invoice data | 5–10 years (legal obligation) |
| Customer support logs | up to 24 months |
| Payment verification data | 12–24 months |
| Analytics | up to 12 months |
| Marketing data | until consent withdrawn |
| Cookies | as defined in Cookie Policy |
After expiry, data is securely deleted or anonymized.
9. Cookies and Tracking Technologies
Our Website uses cookies and similar tracking technologies to ensure proper functionality, enhance user experience, analyze performance, support security, and enable optional marketing features. This section explains what cookies we use, why we use them, and how long they remain stored on your device.
9.1. What Are Cookies?
Cookies are small text files stored on your device when you visit the Website. They can be used to maintain sessions, remember preferences, or analyze traffic. Cookies may be:
session cookies (deleted when you close the browser)
persistent cookies (stored for a predefined period)
first-party cookies (set by YamCodes.com)
third-party cookies (set by service providers such as analytics or security tools)
9.2. Types of Cookies We Use
a) Strictly Necessary Cookies
These cookies are essential for the Website to function and cannot be disabled. They enable:
checkout and payment processes
session management
security and fraud-prevention mechanisms
load balancing and performance stability
Retention:
session cookies are deleted when the browser closes
persistent identifiers may be stored up to 30 days
Legal basis: Legitimate Interest – Art. 6(1)(f)
b) Preference Cookies
These cookies store your language, region, and user settings to improve your browsing experience.
Retention: 6–12 months
Legal basis: Legitimate Interest – Art. 6(1)(f)
c) Analytics & Performance Cookies
Used to understand how visitors interact with the Website, measure performance, detect errors, and optimize functionality. We may use tools such as Google Analytics (with IP anonymization enabled).
Retention: 12–26 months, depending on provider settings
Legal basis: Consent – Art. 6(1)(a)
d) Security & Anti-Fraud Cookies
These cookies help maintain site security, prevent malicious activity, and protect against fraud or automated abuse (e.g., Cloudflare security cookies, session integrity tokens).
Retention: 30 minutes to 1 year
Legal basis: Legitimate Interest – Art. 6(1)(f)
e) Marketing & Advertising Cookies
Used only with your explicit consent. These cookies support:
personalized advertising
retargeting
measurement of advertising campaign performance.
Providers may include Google Ads, Meta (Facebook) Pixel, and similar services.
Retention:
typically up to 90 days,
some tools may store identifiers up to 180 days
Legal basis: Consent – Art. 6(1)(a)
9.3. Third-Party Cookie Providers
Depending on your interactions, cookies may be set by:
Cloudflare (security & DDoS protection)
Google Analytics (performance and analytics)
Meta/Facebook Pixel (advertising, if consent given)
Payment providers’ security tools
Each provider processes data according to its own Privacy Policy and GDPR compliance mechanisms (SCCs, adequacy decisions, etc.).
9.4. Managing and Withdrawing Cookie Consent
You may manage or withdraw your cookie preferences at any time through:
our cookie banner (“Preferences” / “Manage Cookies”),
your browser settings,
or by contacting us at support@yamcodes.com.
Browsers allow you to:
block all cookies
block third-party cookies
delete existing cookies
receive alerts about new cookies
Please note that disabling essential cookies may affect website functionality, including checkout and secure session handling.
9.5. Duration and Deletion
Cookies are stored only for the minimum period required for their intended purpose and are automatically deleted after expiration.
Users can delete cookies manually at any time via browser settings.
10. Children’s Data
We do not intentionally collect or process data from individuals under 18 years of age.
If we learn that a minor provided personal data, it will be deleted immediately.
11. Your GDPR Rights
You have the right to:
Access your personal data
Correct inaccurate data
Request erasure (“right to be forgotten”)
Restrict processing
Object to processing
Data portability
Withdraw consent at any time
Lodge a complaint with your Data Protection Authority
To exercise any rights, contact:
support@yamcodes.com
12. Withdrawing Consent
You may withdraw your consent for:
marketing emails
cookies
tracking
Methods:
unsubscribe link in email
cookie banner “change preferences”
contacting support@yamcodes.com
Withdrawal does not affect processing prior to the withdrawal.
13. Security Measures
We implement:
HTTPS/TLS encryption
access control
tokenization of payment data
firewalls & DDoS protection
regular audits
14. Changes to this Privacy Policy
We may update this policy periodically.
The “Last Updated” date indicates the most recent revision.
15. Contact Information
For privacy questions or GDPR requests:
Email: support@yamcodes.com
Company: STP SOLUTIONS UAB