Privacy Policy

Last updated: 10 March 2026 · Contact: privacy@kylenworld.it

    Summary: We collect only what is necessary to run the service. We do not sell your data. We do not show ads. Files are encrypted before storage. You can delete your account at any time.
  

1. Who we are

Kylenworld ("we", "us") operates the platform at kylenworld.it. For privacy matters, contact privacy@kylenworld.it.

2. Data we collect

Account data: username, email address, hashed password (bcrypt). Never stored in plain text.
Execution logs: timestamp, IP address (hashed), script slug, license key used, result.
HWID data: device identifiers are hashed with SHA-256 + a server secret before storage. The raw HWID is never retained.
Uploaded files: encrypted with AES-256-CBC before writing to disk. The encryption key is shown to you once and not stored.
Session data: stored server-side; client only holds a signed session token.
Payment data: we do not process payments directly. Upgrades are handled manually via email.

3. How we use your data

To authenticate you and secure your account.
To run and log script executions you trigger.
To enforce license restrictions and HWID binding you configure.
To send security emails (login alerts, verification, key rotation confirmations).
We do not use your data for advertising or sell it to third parties.

4. Data retention

Execution logs are retained according to your plan limits. When you delete a snippet, its file is removed from disk immediately. Deleting your account removes all associated data within 30 days.

5. Cookies & sessions

We use a single HttpOnly, Secure, SameSite=Lax session cookie for authentication. No advertising cookies or third-party trackers are used.

6. Third-party services

IONOS (EU hosting): servers located in the European Union.
Google Fonts: loaded on the public homepage only. See Google Privacy Policy.

7. Your rights (GDPR)

You have the right to access, correct, export, or delete your personal data. To exercise these rights, email privacy@kylenworld.it. We will respond within 30 days.

8. Security

All traffic is encrypted via TLS. Passwords are hashed with bcrypt. HWIDs and IPs are never stored in plaintext. Session tokens are rotated on each request. We log all authentication attempts for abuse detection.

9. Changes to this policy

We may update this policy. The "Last updated" date at the top will reflect changes. Significant changes will be notified by email.