Privacy Policy

Last Updated: 10/12/2025

HRMNYX ("we", "us", "our") is committed to protecting your privacy and minimizing data collection. This Privacy Policy explains the flow of information when you use our website (www.hrmnyx.com) and purchase our products.

1. Our Philosophy on Data Privacy

Our systems are architected to avoid collecting or storing your personal information wherever possible. We have intentionally chosen secure, best-in-class third-party services to handle sensitive data so that we do not have to. We do not operate our own databases of customer personal information. This policy outlines the necessary data processing performed by these services to complete your purchase.

2. Data Collection: A Step-by-Step Explanation

To be fully transparent, here is what happens with your data when you make a purchase:

  • At Checkout: You provide personal and payment information directly to our third-party Merchant of Record, Paddle.com. This includes your email address, country, and full payment details.
    • Crucially, we do not directly collect, handle, or store your sensitive payment information. This is all handled securely by Paddle's PCI-DSS compliant systems.
  • For Order Fulfillment: After successful payment, Paddle sends a webhook confirmation to our secure backend system (a Cloudflare Worker). This payload from Paddle includes your email address. Our system's first and only action with this information is to cryptographically verify the webhook's authenticity. Immediately following verification, all personally identifiable information, including your email address, is permanently discarded before any further processing. We create an anonymous internal record tied only to your Order Number to facilitate the delivery. We do not store your email address on our systems.

3. Data Roles: Controller and Processors

Under data protection law (like GDPR), there are different roles for handling data:

  • Data Controller (HRMNYX): That's us. As the owner of this website and the provider of the products, we are considered the Data Controller. This means we have a direct relationship with you and determine the overall purpose of the transaction. However, as part of our privacy-first design, we have delegated all personal data processing activities, including payment and customer record-keeping, to our designated Data Processor.
  • Data Processors (Our Service Partners): These companies process data on our behalf. They are:
    • Paddle.com: Our Merchant of Record for processing all payments and billing information.
    • Cloudflare, Inc.: Provides our website hosting, security, and the backend logic (Cloudflare Workers) that orchestrates product delivery.

4. How Your Information Is Used

We have architected our system to not use your personal information for fulfillment. The PII that flows through our system ephemerally during the webhook verification is used for that single security step and is then immediately discarded.

All fulfillment, delivery, and customer support actions on our platform are handled using your anonymous Order Number. If you require support (such as locating a lost Order Number), we will use our partner, Paddle, to look up your purchase information using the details you provide to us (like your email address). Our system cannot perform this lookup, as we do not store your personal data.

We do not sell your personal information or use it for marketing purposes.

5. Data Security and Retention

We employ a "privacy-first" architecture that separates transactional data from personal data.

  • Data with our Merchant of Record: Your purchase record, including your email address and transaction history, is maintained securely within Paddle's system.
  • Our Legally-Defensible Audit Trail: To protect both you and our business, our system generates a permanent, anonymous audit log for every purchase. After you are granted access to the download page, we create a log entry tied to your anonymous Order Number. This log serves as definitive proof that delivery was successfully initiated. Crucially, this permanent audit log does not contain any of your personal information like your email address, name, or raw IP address.

6. Your Data Protection Rights and How to Exercise Them

As the business you have a direct relationship with, HRMNYX is your single point of contact for exercising your data protection rights. Depending on your location, you have the right to request access to, correction of, or deletion of your personal data.

  • How to Make a Request: To exercise any of these rights, you must prove your identity to protect your data from unauthorized access. Please send your request to us at hrmnyxofficial@gmail.com from the email address you used to make the purchase.
  • What to Include: In your request, you must also include your unique Order Number, which can be found on your official receipt from Paddle.com.
  • What Happens Next: Upon receiving your request, we will verify that the requesting email address and the Order Number match the transaction records held by our payment processor, Paddle. We require both pieces of information to proceed. Once verified, we will coordinate with our service providers to fulfill your request as required by law.

7. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at hrmnyxofficial@gmail.com.