G
GetCID
Buy code

Legal

Privacy Policy

Last updated May 26, 2026. This policy explains exactly what data we collect, why, and what you can do about it.

Overview

GetCID ("we", "us") is operated by Livezen Technologies LLC. We provide Microsoft activation utility tools and access codes. We collect only the data we need to deliver the service, never sell personal data to third parties, and keep operational logs for a bounded period.

What we collect

Account information

  • Your name and email address, supplied when you register or check out as a guest
  • A hashed password (bcrypt) — we never store the plaintext
  • Your role (customer or reseller) and email-verification status

Payment information

We use Stripe to process all card payments. Card numbers, CVV, and billing-address data go directly to Stripe — we never see them. We retain only the Stripe PaymentIntent ID, amount, currency, and status.

Service data

  • Installation IDs (IIDs) and Confirmation IDs (CIDs) you submit or generate, plus their timestamps
  • Product keys you check via the Check Key / Redeem tools (used in transit only — see retention below)
  • Uploaded screenshots — processed in memory for OCR, then discarded; never written to disk

Operational metadata

  • IP address and browser user-agent on every request, for anti-abuse and rate-limiting
  • API call timestamps, endpoint, response time, success/failure — kept in our request log
  • Login attempt history (email + IP + outcome) for brute-force protection

How we use it

  • Deliver the service — generate CIDs, deliver access codes, run the API
  • Email transactional messages — purchase receipts, code delivery, verification, password reset, support replies
  • Audit + support — investigate refunds, disputes, and abuse reports
  • Anti-abuse — rate-limit, detect credential-stuffing, block obviously malicious traffic
  • Service improvement — aggregate dashboards (e.g., "requests per hour"); we never use the content of your CIDs or keys for analytics

We do not run third-party advertising trackers. We do not use your data to train any machine-learning model.

Who we share with

We use a small number of sub-processors strictly to deliver the service:

Sub-processor Purpose Data shared
Stripe, Inc. Card payments + receipts Email, payment method, amount, IP
pidkey.com Upstream CID + key-check serviceIID, product key (for the request only — they retain per their own policy)
Cloudflare, Inc. DDoS protection, CDN IP, request path, user-agent
Hetzner Online GmbH Server hosting (EU) Everything stored at rest
Your SMTP provider Email delivery Recipient email + message content

We do not sell or rent personal data. We will disclose data only if compelled by valid legal process and will notify you where lawful to do so.

How long we keep it

  • Account record — for the life of your account; deleted on request (see "Your rights")
  • Purchase history — 7 years for tax + accounting compliance
  • Access codes — retained linked to your account so you can see your history; the code value itself becomes useless after first use
  • CID + key check history — 180 days, then aggregated and the per-row IID/key value is deleted
  • Request logs — 90 days
  • Login attempts — 30 days
  • Uploaded screenshots — discarded immediately after OCR; never persisted

Cookies

We set only two cookies, both strictly necessary:

  • getcid_session — your signed-in session (HTTP-only, Secure, SameSite=Lax)
  • getcid_csrf — CSRF protection token (HTTP-only, Secure, SameSite=Lax)

We don't use analytics cookies, advertising cookies, or third-party tracking pixels. Your browser's localStorage stores one item — theme (your dark/light preference) — which never leaves your device.

Your rights

You can:

  • Access — request a copy of every record we hold about you
  • Correct — fix inaccurate data (e.g. update your name from your account page)
  • Delete — request account deletion; we keep only the minimum required for tax compliance
  • Export — get a machine-readable copy of your purchases + codes
  • Object — opt out of any non-transactional email (we don't send marketing today)
  • Withdraw consent — for any optional processing

Email support to exercise any of these. We respond within 30 days.

If you're in the EU/UK, you also have the right to lodge a complaint with your national data-protection authority.

Security

  • HTTPS everywhere (TLS 1.2+), HSTS preloaded
  • Passwords stored with bcrypt; we never see plaintext
  • Stripe API keys, SMTP credentials, and other secrets stored encrypted at rest
  • API tokens stored as SHA-256 hashes; plaintext is shown once at creation
  • Rate limiting + brute-force protection on the login + API paths
  • CSRF protection on every state-changing form
  • Daily encrypted backups

Children

GetCID is not directed at people under 16, and we do not knowingly collect data from them. If you believe we've inadvertently received such data, contact support and we'll delete it.

Changes

We'll update this page when our practices change. Material changes (anything that broadens the data we collect or who we share with) will be announced by email to active account holders at least 14 days before they take effect.

Contact

Privacy questions, data requests, or breach reports: /support. Address: Livezen Technologies LLC.