Effective date · 2026-06-13

Privacy Policy

This Privacy Policy explains how Buy A Star ("Buy A Star", "we", "us") collects, uses, shares, and protects personal data when you use our symbolic star registry website and related services. We are committed to transparency and compliance with applicable data protection laws, including the EU/EEA General Data Protection Regulation (GDPR), UK GDPR, and other international frameworks where relevant.

These documents are provided for transparency and compliance purposes. If you need advice on your specific situation, consult qualified legal counsel in your jurisdiction.

1. Data controller

The data controller responsible for your personal data is Buy A Star.

Privacy contact: privacy@buyastar.space. For contractual matters: legal@buyastar.space.

2. Scope

This Policy applies to visitors, purchasers, and recipients who interact with our website, checkout, public star pages, emails, and support channels.

It does not apply to third-party websites or payment processors' own privacy practices. Please review their policies when you pay or follow external links.

3. Personal data we collect

We collect only data necessary to provide the service, comply with law, and improve security.

Identity and contact data: buyer email, optional recipient email, recipient name.
Registration content: star name, dedication/message, occasion, special date, certificate language preference.
Transaction data: payment provider references (e.g., PayPal order ID, Stripe session ID), amount paid, currency, payment status — not full card numbers.
Technical data: IP address, browser type, device information, timestamps, and server logs.
Usage data: pages visited, locale, and aggregated analytics events (via privacy-oriented analytics tools where enabled).
Communications: messages you send to support.

4. Purposes and legal bases (GDPR)

Where GDPR or similar laws apply, we process personal data on the following bases:

Contract performance (Art. 6(1)(b)): to create your registration, deliver certificates, process payments, and provide support.
Legal obligation (Art. 6(1)(c)): tax, accounting, fraud prevention, and responding to lawful requests.
Legitimate interests (Art. 6(1)(f)): security, abuse prevention, service improvement, and defending legal claims — balanced against your rights.
Consent (Art. 6(1)(a)): where required for optional marketing or non-essential cookies; you may withdraw consent at any time.

6. International data transfers

Our processors may store or process data in the United States and other countries. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, or other lawful transfer mechanisms.

You may request information about safeguards by contacting privacy@buyastar.space.

7. Data retention

We retain registration and transaction records for as long as necessary to provide the service, comply with legal obligations (typically up to 7 years for accounting and tax), resolve disputes, and enforce agreements.

Server logs and security records are retained for a limited period unless needed for incident investigation.

When data is no longer required, we delete or anonymize it using commercially reasonable methods.

8. Cookies and similar technologies

We use essential cookies and local storage necessary for checkout, locale preferences, and security.

Where enabled, we may use privacy-friendly analytics that do not track individuals across third-party sites. You can control non-essential cookies through your browser settings; disabling essential cookies may affect functionality.

9. Your privacy rights

Depending on your location, you may have the following rights regarding your personal data:

Access — obtain a copy of data we hold about you.
Rectification — correct inaccurate or incomplete data.
Erasure — request deletion where legally applicable.
Restriction — limit processing in certain circumstances.
Portability — receive data in a structured, machine-readable format where applicable.
Objection — object to processing based on legitimate interests or direct marketing.
Withdraw consent — where processing is consent-based.

EEA and UK residents

You may lodge a complaint with your local supervisory authority. Contact privacy@buyastar.space first so we can address your request. We respond within one month, extendable where permitted.

California residents (CCPA/CPRA)

We do not sell or share personal information for cross-context behavioral advertising as defined by California law. You may request access, deletion, or correction of personal information, and limit use of sensitive personal information where applicable, by emailing privacy@buyastar.space.

Brazil (LGPD) and other regions

Users in Brazil and other jurisdictions with data protection laws may exercise applicable rights by contacting privacy@buyastar.space. We verify requests to protect your data.

10. Children's privacy

Our service is not directed to children under 16 (or under 13 where applicable under local law). We do not knowingly collect personal data from children without verifiable parental consent.

If you believe a child has provided data without consent, contact privacy@buyastar.space and we will take appropriate steps to delete it.

11. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS), access controls, and secure payment handling via certified providers.

No method of transmission or storage is 100% secure. You are responsible for keeping your registration code and email account secure.

12. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The effective date will be revised at the top of this page. Material changes will be communicated where required by law.

We encourage you to review this page periodically.