1. Introduction
Bazaar Flipper Mod ("BFM", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Minecraft modification and related services.
By using BFM, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.
2. Information We Collect
2.1 Information You Provide
We collect information that you voluntarily provide when creating an account or using our services:
| Data Type |
Purpose |
Required |
| Minecraft UUID |
License verification, account linking |
Yes |
| Email Address |
Account recovery, notifications, support |
Yes |
| Password |
Account security (hashed client-side) |
Yes |
| Discord ID |
Role automation, community access |
No |
2.2 Information Automatically Collected
When you use BFM, we automatically collect certain technical information:
- Usage Data: Mod version, feature usage, session duration, flip statistics
- Device Information: Operating system, Java version, Minecraft version, hardware specifications
- Network Data: IP address, connection type, network performance metrics
- Log Data: Error reports, crash logs, performance diagnostics
- Transaction Data: Purchase history, subscription status, payment method (last 4 digits only)
2.3 Hypixel Data
While using the Mod, we collect data from the Hypixel Skyblock Bazaar API:
- Item prices (buy/sell orders)
- Market volume and velocity
- Historical price trends
- Your bazaar transaction history (for analytics)
Note: This data is aggregated and anonymized. We do not access your Minecraft account credentials or personal Hypixel data beyond public API endpoints.
2.4 Cookies and Tracking Technologies
Our website uses cookies and similar technologies:
- Essential Cookies: Required for authentication and basic functionality
- Preference Cookies: Remember your theme selection and settings
- Analytics Cookies: Track website usage and performance (optional)
You can control cookie preferences through your browser settings.
3. How We Use Your Information
We use collected information for the following purposes:
3.1 Service Delivery
- Verify your license and account status
- Provide access to the Mod and web dashboard
- Deliver real-time bazaar market data
- Synchronize settings across devices
- Automate Discord role assignments
3.2 Communication
- Send important service announcements and updates
- Provide customer support and respond to inquiries
- Notify you of license expiration or payment issues
- Send marketing communications (with your consent)
3.3 Improvement and Analytics
- Analyze usage patterns to improve features
- Monitor performance and identify bugs
- Conduct A/B testing for new features
- Generate aggregated, anonymized statistics
3.4 Security and Fraud Prevention
- Detect and prevent unauthorized access
- Identify and block fraudulent transactions
- Enforce Terms of Service compliance
- Investigate violations and abuse
3.5 Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests and court orders
- Protect our rights and property
- Enforce our agreements
4. How We Protect Your Information
4.1 Security Measures
We implement industry-standard security measures to protect your data:
- Encryption: All data transmitted between your device and our servers uses TLS 1.3 encryption
- Password Security: Passwords are hashed using SHA-256 client-side before transmission; we never store plaintext passwords
- Secure Storage: All stored data is encrypted at rest using AES-256 encryption
- Access Controls: Strict role-based access controls limit who can view your data
- Regular Audits: Periodic security audits and penetration testing
- Monitoring: 24/7 intrusion detection and anomaly monitoring
4.2 Client-Side Security
Your password and sensitive data are processed client-side whenever possible:
- Passwords are hashed in your browser using Web Crypto API before being sent to our servers
- We never store credentials in browser localStorage (only account metadata)
- Session tokens expire after 24 hours of inactivity
4.3 Data Breach Protocol
In the event of a data breach:
- We will notify affected users within 72 hours
- We will provide detailed information about the breach
- We will offer guidance on protective measures
- We will cooperate with law enforcement as required
5. Information Sharing and Disclosure
5.1 Third-Party Service Providers
We share limited data with trusted third-party services that help us operate:
| Service |
Purpose |
Data Shared |
| Stripe |
Payment processing |
Email, payment method, transaction amount |
| Discord |
Community access, role automation |
Discord ID, license status |
| Cloudflare |
CDN, DDoS protection |
IP address, request metadata |
| AWS/Cloud Hosting |
Data storage, API hosting |
All account and usage data |
All third-party providers are contractually required to protect your data and use it only for the specified purposes.
5.2 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5.3 Legal Requirements
We may disclose your information if required by law, court order, or government request, or to:
- Comply with legal obligations
- Protect our rights or property
- Prevent fraud or abuse
- Protect user safety
5.4 Business Transfers
If BFM is acquired, merged, or undergoes a business transition, your information may be transferred to the successor entity. We will notify you before your information is transferred and becomes subject to a different privacy policy.
6. Data Retention
6.1 Active Accounts
We retain your account data as long as your account is active or as needed to provide services.
6.2 Inactive Accounts
If your account is inactive for 24 months, we may:
- Send a notice asking if you want to keep your account
- Archive your account after 30 days of no response
- Delete archived accounts after an additional 12 months
6.3 Deleted Accounts
When you delete your account:
- Personal data is deleted within 30 days
- Anonymized usage statistics may be retained indefinitely
- Transaction records are retained for 7 years for tax/legal compliance
- Backup copies are purged within 90 days
6.4 Log Data
- Server logs are retained for 90 days
- Error logs are retained for 1 year
- Aggregated analytics are retained indefinitely
7. Your Rights and Choices
7.1 Access and Portability
You have the right to:
- Request a copy of your personal data
- Export your data in a machine-readable format (JSON)
- Access your account dashboard to view stored information
7.2 Correction and Update
You can update your information at any time through:
- Account settings on the website
- In-Mod settings panel
- Contacting support for assistance
7.3 Deletion and "Right to be Forgotten"
You can request deletion of your account and personal data by:
- Using the "Delete Account" button in account settings
- Contacting support with a deletion request
Note: Some data may be retained as required by law or for legitimate business purposes (e.g., transaction records).
7.4 Marketing Communications
You can opt out of marketing emails by:
- Clicking "Unsubscribe" in any marketing email
- Adjusting preferences in account settings
You will still receive transactional emails (receipts, password resets, etc.).
7.5 Cookie Preferences
You can control cookies through:
- Browser settings (disable third-party cookies)
- Our cookie consent banner on first visit
- Privacy settings on the website
8. Children's Privacy
BFM is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information within 30 days.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
We ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by regulatory authorities
- Certification under recognized data protection frameworks
- Equivalent security measures regardless of location
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
10.1 Right to Know
You can request disclosure of:
- Categories of personal information collected
- Sources of personal information
- Business purpose for collecting information
- Categories of third parties we share data with
- Specific pieces of personal information we hold
10.2 Right to Delete
You can request deletion of your personal information, subject to certain exceptions.
10.3 Right to Opt-Out of Sales
We do not sell personal information. If our practices change, we will update this policy and provide an opt-out mechanism.
10.4 Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
10.5 Submitting CCPA Requests
To exercise your rights, contact us at: [email protected]
We will verify your identity and respond within 45 days.
11. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right of Access: Request copies of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive data in a portable format
- Right to Object: Object to certain processing activities
- Rights Related to Automated Decision-Making: Contest automated decisions
To exercise these rights, contact us at: [email protected]
You also have the right to lodge a complaint with your local data protection authority.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
When we make changes:
- We will update the "Last Updated" date at the top
- For material changes, we will notify you via email or in-Mod notification
- Your continued use of the Service constitutes acceptance of the changes
We encourage you to review this policy periodically.
Back to Dashboard