Privacy Policy
Last updated: 2026-06-07
Privacy Policy
Effective: March 2026
NeuroPeak is committed to protecting your privacy under the EU General Data Protection Regulation (GDPR).
Data We Collect
Order data: Name, email, shipping/billing address, phone (optional), payment method, order history.
Account data: Email, hashed password, wishlist, saved addresses.
Technical data: IP address, browser type, pages visited, referral source.
Communications: Support inquiries, newsletter subscription.
How We Use Your Data
Order processing and fulfillment, customer support, order status updates, marketing (with consent only), website improvement, legal compliance, fraud prevention.
Data Sharing
We never sell your data. We share with: payment processors (Mollie, CoinGate), shipping carriers, and hosting providers — all GDPR-compliant with data processing agreements.
Data Retention
Orders: 7 years (legal). Accounts: until deletion. Marketing: until unsubscribe. Analytics: 26 months.
Your GDPR Rights
Access, rectification, erasure, restriction, portability, objection, and consent withdrawal. Contact us to exercise any right.
Cookies
Essential cookies for functionality. Optional analytics and marketing cookies with consent. See our Cookie Policy.
Security
256-bit SSL encryption, secure password hashing, restricted data access, regular security audits. Data stored on EU servers.
Contact
Privacy inquiries: contact page.
Affiliate Program — how we use your data
This section applies to (a) people who apply to or take part in the NeuroPeak Affiliate Program (“affiliates”), and (b) visitors who reach our website through an affiliate referral link. It supplements, and does not replace, the rest of this Privacy Policy.
Affiliate tracking and how referrals are recorded
When you click an affiliate referral link, our website records that the visit was introduced by a specific affiliate, by storing a small identifier in your browser (see our Cookie Policy) and logging the referral in our affiliate system. If you place an order within the cookie’s validity period, the order may be attributed to that affiliate so commission can be calculated. We process the affiliate identifier, the date/time of the referral click and any resulting order, and the order reference and value (excluding shipping and tax) used solely to calculate commission, alongside standard technical data already described in this policy. We do not use affiliate tracking to build advertising profiles, and we do not sell referral or tracking data.
Personal data we collect from affiliates
- Identity & contact: your name and email address.
- Channel details: your website URL, social media profiles, and the domains you intend to use.
- Location: your country and the target countries you intend to promote in.
- Promotion plan: how you intend to promote the program.
- Account & performance: your affiliate ID, referral activity, attributed orders, and commission balances.
- Payout data (Bitcoin): the public BTC payout address you provide, and your payout history including transaction identifiers (TXIDs).
You provide this when you apply. Some fields are necessary to operate the program; without them we may be unable to approve or maintain your account or to send payouts. Every application is reviewed and approved manually.
Bitcoin payout address and payout history
To pay commissions we store the public BTC payout address you supply and a record of each payment (amount, date, and on-chain TXID as proof of payment). You are responsible for the accuracy of your address — cryptocurrency transactions are generally irreversible, so an incorrect address can mean permanent loss of a payout. We only ask for your public receiving address and will never ask for your seed phrase, recovery words, or private keys. Payouts are sent manually and a TXID is recorded for each.
Purposes and lawful bases
We process affiliate data to operate the program (registration, manual approval, account management), attribute referrals and calculate commission, communicate about your application/account/payouts, send BTC payouts and keep proof of payment, prevent fraud and abuse, and meet our legal, accounting and tax obligations. Our lawful bases under the GDPR are: performance of a contract / pre-contract steps (Art. 6(1)(b)); legitimate interests in operating, securing and protecting the program (Art. 6(1)(f)); consent for non-essential referral/analytics cookies (Art. 6(1)(a)); and compliance with legal obligations such as accounting and tax record-keeping (Art. 6(1)(c)).
Data retention
We keep affiliate data only as long as necessary. Active affiliate data is kept for the duration of your participation; after an account closes or an application is declined we retain relevant records for a limited period to handle queries, disputes and refund reversals. Payout/accounting records — including the BTC address used, the TXID, amount and date — are retained for the period required by accounting and tax law, and these statutory obligations override any erasure request: where we are legally required to keep payment records, we will retain them for the mandated period (restricting processing to that legal purpose) even if you ask us to delete your data. Referral/visitor tracking data is kept only as long as needed for attribution.
Your rights
Subject to applicable law you may access, rectify, erase, restrict or object to processing, request data portability, and withdraw consent for consent-based processing (such as non-essential cookies) at any time. The right to erasure is not absolute: where we must legally retain payment records (BTC address, TXID, amount, date), we cannot delete them until the applicable accounting/tax retention period expires, and we will limit processing to that purpose. To exercise your rights, contact us using the details in the main Privacy Policy; you may also lodge a complaint with your local data protection authority.