Braiins Forge

Legal

Privacy policy.

This policy explains what personal data we collect when you use the Braiins Store, why we collect it, who we share it with, and the rights you have over it. We collect only what we need to fulfill your order, run the store, and meet our legal obligations. We do not sell your personal data. We use advertising and measurement tools, such as the Meta Pixel and Google Ads, but only with your consent.

Who we are

The controller of your personal data is Braiins Shop s.r.o., Id. No. 09639900, with registered office at Křižíkova 148/34, Karlín, 186 00 Prague 8, Czech Republic, registered in the commercial register kept by the Municipal Court in Prague under file No. C 339509.

For any question about this policy or your personal data, contact us at support@braiins.com. We have not appointed a Data Protection Officer, as we do not consider our processing to require one under Article 37 GDPR.

What we collect

We collect the following categories of personal data:

  • Identification and contact data: your name, email address, shipping and billing address, and phone number if you provide one.
  • Order data: the products you order, your order and invoice history, and any returns or warranty claims.
  • Payment data: the payment method you choose and the transaction reference. We accept card, PayPal, bank transfer, and bitcoin. Card details are entered directly with the payment provider; by design we do not collect or store your full card number on our systems. If you pay by bank transfer, we process the details needed to match your payment and to refund it if necessary.
  • Account data: if you create an account, your email and a securely hashed password.
  • Communications: the content of messages you send us and our replies.
  • Technical data: your IP address and basic request information. We use your IP address on our server to estimate your country and region (so we show the right currency and VAT) and to keep the store secure. We do not use your IP address to build an advertising profile.

Some data, such as payment confirmation and delivery status, we receive from our payment and shipping providers rather than from you directly.

Why we use it and our legal basis

  • To process and deliver your order, manage your account, and handle returns, warranty claims, and support. Legal basis: performance of our contract with you (Art. 6(1)(b) GDPR).
  • To issue invoices and keep accounting and tax records, including the records required by Czech law. Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).
  • To keep the store secure, prevent fraud, show you the right currency and VAT for your location, and establish, exercise, or defend legal claims. Legal basis: our legitimate interests (Art. 6(1)(f) GDPR).
  • To send you commercial messages, only if you have given us your consent, which you can withdraw at any time. Legal basis: your consent (Art. 6(1)(a) GDPR).
  • To measure our advertising and show you relevant ads on Google, Facebook, Instagram, and across the web, using the Meta Pixel and Google Ads tags. We do this only with your consent, which you can withdraw at any time. Legal basis: your consent (Art. 6(1)(a) GDPR).

Providing your identification, contact, and payment data is necessary to conclude and perform your purchase; without it we cannot process or deliver your order. Some data, such as invoice details, is also required by Czech tax and accounting law.

Where we rely on our legitimate interests, you can object to that processing at any time on grounds relating to your situation; write to support@braiins.com and we will stop unless we have compelling grounds that override your interests. You can object at any time to any use of your data for direct marketing, and we will stop without exception.

Who we share it with

We share your data only with the providers we need to run the store, and only to the extent each one needs it. These act as our processors under data processing agreements:

  • Payment providers: one of our payment providers, ThePay, a.s. or PayPal (Europe) S.à r.l. et Cie, S.C.A., may process your payment. Their own privacy policies govern the data you submit directly to them. Bitcoin payments are handled by our own self-hosted payment system (BTCPay), so no third-party payment processor is involved; the payment itself settles on the public Bitcoin network, whether on the Bitcoin mainnet or the Lightning Network. Payments by bank transfer are settled through our bank, which receives the details of your transfer.
  • Fulfillment and shipping: our fulfillment provider (ShipMonk) and the carrier that delivers your parcel receive your name, delivery address, phone number, and email so they can pack, ship, and deliver your order. For shipments that cross a customs border, they also receive the information needed for the customs declaration.
  • Email delivery: our email is hosted by Google (Gmail). Google sends you order confirmations, invoices, and support replies, and hosts our own internal mailbox where we keep copies of order and invoice emails for record-keeping, processing those messages on our behalf.
  • Advertising and measurement partners: with your consent, Google (Google Ireland Limited) and Meta (Meta Platforms Ireland Limited) receive data through the Google Ads and Meta Pixel tags to measure how our ads perform and to show you relevant ads. This can involve a transfer to the United States.
  • Public authorities, where we are required by law to disclose data (for example to tax authorities).

When you choose to pay with PayPal, your browser loads PayPal's payment SDK, which sees your IP address as any asset host does. We do not sell or rent your personal data, and we do not exchange it for money.

International transfers

Where one of our providers processes data outside the European Economic Area (for example our fulfillment provider, our email hosting (Google), or our advertising partners Google and Meta), the transfer relies on the European Commission's adequacy decision where the provider is certified under the EU-US Data Privacy Framework, and otherwise is safeguarded by the European Commission's Standard Contractual Clauses. You can request a copy of these safeguards by writing to support@braiins.com.

How long we keep it

  • Orders and invoices: for as long as required by Czech accounting and tax law, which can be up to 10 years.
  • Warranty and returns data: for the statutory warranty period of two years and any related limitation period.
  • Account data: until you ask us to delete your account.
  • Support correspondence: for as long as needed to handle your matter and any follow-up.
  • Security and technical data: only as long as needed to keep the store secure and to investigate any incident.

Cookies and similar technologies

We use cookies in three situations.

Strictly necessary cookies do not require your consent, because the store cannot work without them. They are first-party and expire after seven days:

  • _medusa_jwt keeps you signed in to your account.
  • _medusa_cart_id remembers your shopping cart.
  • _medusa_region_id remembers your selected region and currency.
  • _medusa_country_code remembers your selected country, which sets the right VAT treatment.

Advertising and measurement cookies are off by default and are set only with your consent. When you agree through our cookie banner, the Meta Pixel (Meta) and Google Ads (Google) set cookies and similar identifiers so we can measure how our ads perform and show you relevant ads, including remarketing on Facebook, Instagram, and across the web. We do not set these cookies until you agree, and you can withdraw your consent at any time.

Payment cookies are set when you pay. Card payments are completed on ThePay's own hosted page, which you are sent to and which sets cookies under ThePay's policy, not ours. The PayPal buttons run on our checkout and PayPal may set its own cookies there. Bitcoin payments are completed on our own self-hosted invoice page. Third-party payment cookies are set by the provider and governed by its own privacy policy.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased, where we are not required to keep it;
  • restrict or object to our processing;
  • receive your data in a portable format;
  • withdraw any consent you have given, at any time; this does not affect the lawfulness of any processing we carried out before you withdrew it.

To exercise any of these rights, write to support@braiins.com. If you believe we have mishandled your data, you may lodge a complaint with the Czech supervisory authority, the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, +420 234 665 111, uoou.cz.

How we protect your data

We serve the store over encrypted connections (HTTPS), store passwords only in hashed form, and limit access to personal data to the people and providers who need it. We do not make solely automated decisions that produce legal or similarly significant effects on you; where our payment providers run automated fraud checks, those are governed by their own terms.

Children's privacy

The store is intended for adults and is not directed at children. We do not knowingly collect personal data from anyone under the age of 15. If you believe a child has provided us with personal data, write to support@braiins.com and we will delete it.

Changes to this policy

We may update this policy from time to time. The current version always applies, and the date below shows when it last changed.

Last updated: 8 June 2026.