Privacy policy
Last updated: 7 May 2026
1. Data we collect
Embedded.az collects email, name, and (when signing in with Google) profile picture to create an account. When you place an order in the shop, delivery address and phone number are also recorded. No third-party ad trackers (Google Analytics, Facebook Pixel, etc.) are used.
2. How we use data
- Account and session management (BetterAuth)
- Order processing, delivery, and receipts
- Storing loyalty point balance and reviews
- Service error tracking (Sentry — personal data is redacted)
- Anti-abuse checks (Cloudflare Turnstile, velocity limits)
3. Data sharing
No customer data is sold to third-party ad networks. Data is shared only with the following technical providers:
- Cloudflare — DDoS protection and CDN
- Cloudinary — image upload and CDN
- Sentry — error tracking
- Hetzner — servers (in EU)
4. Your rights (GDPR)
- You can request access to your data
- You can request corrections
- You can fully delete your account — this triggers anonymization of data across all services (shop, forum, listings, rewards)
- You can turn off email notifications at any time
5. Device recognition (anti-fraud)
To prevent customer accounts from creating multiple fake accounts, an anonymous device identifier is computed in your browser during sign-up and sign-in (FingerprintJS open source v3). This identifier is a mathematical hash computed from your browser's technical capabilities (Canvas, WebGL, font list, screen size) — it does not contain your name, address, or device serial number. Processed under GDPR Article 6(1)(f) on the basis of legitimate interest (anti-fraud) , used when 3+ fake accounts are attempted from the same device. Cleared from browser cache after 24 hours; old records on the server are purged after 30 days.
6. Cookies and local storage
We use only essential cookies (session, cart, CSRF token). Details: About cookies.
7. Data retention period
- Orders: 5 years per tax law
- Session cookies: 30 days
- Audit logs: 90 days
- Device fingerprint records: 30 days
- After account deletion: fully revoked within 30 days
8. Contact
For questions, complaints, or data requests: [email protected]