Privacy Policy
Last updated: March 26, 2026
1. Who We Are
36dollars.com is operated by Certified, LLC, a South Carolina limited liability company ("Company," "we," "us"). We are the data controller for personal data collected through this website.
2. What We Collect
We collect the following personal data:
- Email address — provided at checkout, used for delivery and watermarking
- Payment information — processed by Stripe (we do not store card numbers)
- Transaction records — purchase date, amount, product, transaction ID
- Download logs — IP address, user agent, timestamp of each download
- Digital fingerprint data — unique identifiers embedded in delivered files, linked to your transaction
3. Why We Collect It
- Email — to deliver your purchased files and embed license watermarks
- Payment data — to process your purchase (handled entirely by Stripe)
- Transaction records — for accounting, tax compliance, and customer support
- Download logs — to enforce download limits and detect unauthorized access patterns
- Fingerprint data — to trace unauthorized distribution and enforce copyright
4. Legal Basis for Processing (GDPR)
We process your data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR) — processing necessary to deliver your purchased product
- Legitimate interest (Art. 6(1)(f) GDPR) — copyright protection, fraud prevention, and enforcing our Terms of Service
- Legal obligation (Art. 6(1)(c) GDPR) — tax and accounting requirements
5. Third-Party Processors
- Stripe (stripe.com) — payment processing. Stripe's privacy policy applies to payment data.
- Amazon Web Services (AWS) — file storage, delivery infrastructure, and download tracking. Data stored in us-east-1 (Virginia, USA).
- Google Fonts — web fonts loaded from Google's CDN. No personal data sent.
We do not sell, rent, or share your personal data with any other third parties. We do not use your data for advertising or profiling.
6. Data Retention
- Transaction records — retained for 7 years (tax/accounting compliance)
- Download logs — retained for 90 days, then automatically deleted
- Delivered files — personalized copies expire from our servers after 90 days
- Digital fingerprint mappings — retained for the duration of copyright protection (life of the work)
7. International Transfers
Your data is processed in the United States (AWS us-east-1, Stripe). For EU/EEA/UK residents, transfers are conducted pursuant to Standard Contractual Clauses and/or the EU-US Data Privacy Framework.
8. Your Rights (GDPR/UK GDPR)
If you are in the EU, EEA, or UK, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure (subject to our legitimate interest in copyright enforcement and legal retention obligations)
- Restrict processing
- Data portability
- Object to processing based on legitimate interest
- Lodge a complaint with your local supervisory authority
To exercise any right, email ivan.delvalle@rsit.ai with your request and the email used at purchase.
9. Your Rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal data we collect, request deletion (subject to exceptions), and opt out of the sale of personal data. We do not sell personal data. To make a request, email ivan.delvalle@rsit.ai.
10. Cookies
36dollars.com does not use cookies. We do not use analytics tracking, advertising pixels, or third-party tracking scripts. The only external requests are Google Fonts (for typography) and Stripe (for payment processing).
11. Children
Our products are not directed at individuals under 16. We do not knowingly collect personal data from children.
12. Security
We use industry-standard security measures including encryption in transit (TLS), encryption at rest (AWS S3 server-side encryption), and access controls. However, no method of electronic transmission is 100% secure.
13. Changes
We may update this policy at any time. The updated version will be posted at this URL with the revision date.
14. Contact
Certified, LLC
Charleston, South Carolina, United