← Legal

Privacy Policy

Last updated 14 May 2026

1. Summary

We collect the minimum personal data needed to run the service: your email + password (or Google ID) for sign-in, payment data via Stripe, and basic analytics about what gets downloaded. We don't sell your data. You can delete your account any time.

2. Who we are (Data controller)

The data controller is the operator of wallpaperzzz.net, based in Hungary. Contact for privacy questions: hello@wallpaperzzz.net.

3. What we collect

Account data

Email address, hashed password (or Google sign-in identifier), optional display name, account creation date.

Payment data

We use Stripe as the payment processor. Stripe collects card details directly — we never see or store them. We retain only the Stripe Customer ID, Stripe Subscription ID, payment IDs, amounts, currency, and status to fulfil purchases.

Usage data

When you download a wallpaper we log: which wallpaper, when, a one-way hash of your IP (so we can't reverse it), a one-way hash of your User-Agent, and country code (derived from headers set by our CDN). Used to detect abuse and tell us what content is popular. Retention: 24 months.

Cookies & local storage

We use a small number of strictly-necessary cookies to keep you signed in (Supabase auth) and to remember favorites/preferences. We don't use third-party advertising cookies.

4. Why we collect it (legal bases)

  • Contract: account, payments, downloads — we need this data to provide the service you asked for.
  • Legitimate interests: abuse detection, aggregated usage analytics, security logs.
  • Legal obligation: we keep invoices and transaction records as required by Hungarian/EU tax law.

5. Who we share with

We share data only with these processors, each under their own DPA:

  • Stripe — payment processing.
  • Supabase — database + authentication hosting.
  • Cloudflare — CDN + object storage (R2) for wallpaper files.
  • Vercel — application hosting.
  • Resend — transactional email (sign-up, password reset, receipts).

We don't sell your data and we don't share it with advertisers. If we ever add a third-party ad network in future, we'll update this policy and disclose it clearly.

6. International transfers

Some processors above store data outside the EU/EEA (mainly in the US). Each is bound by Standard Contractual Clauses or another appropriate transfer mechanism under GDPR Chapter V.

7. Your rights (GDPR)

If you're in the EU/EEA you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your account and personal data (we'll keep transaction records where law requires);
  • request a machine-readable copy (data portability);
  • object to processing based on legitimate interests;
  • withdraw consent at any time where consent is the basis;
  • lodge a complaint with your local data-protection authority (in Hungary: NAIH).

To exercise any of these, email us. We'll respond within 30 days.

8. Retention

Account data: while your account exists, plus 30 days after deletion (in case you change your mind). Transaction records: 8 years per Hungarian tax law. Download logs: 24 months.

9. Security

Passwords are hashed by Supabase (bcrypt). All traffic is HTTPS. Payment data never touches our servers. We're a small operation and we treat security seriously; if you find a vulnerability please email us.

10. Children

The service isn't directed at children under 16. We don't knowingly collect data from anyone under 16. If you think we have, contact us and we'll delete it.

11. Changes

We may update this policy. Material changes will be flagged at the top and notified to registered users via email.

Questions? Email hello@wallpaperzzz.net.