Privacy

Privacy Policy

Last updated April 01, 2026

Short version: we keep the minimum data needed to sell you scripts, flash them to your device, and stop people from cheating the licence system. We don’t sell data, run third-party tracking pixels, or retain anything longer than we need.

What we collect

Discord account data — your Discord ID, username, email, and avatar URL, shared by Discord when you sign in via OAuth
Purchase data — Whop sends us the product you bought, the plan, the timestamps. We don’t see your payment method
Flash logs — timestamp, your IP, browser user-agent, Zen device ID (not a hardware fingerprint of your PC), script slot. Used to investigate leaks and ban abusers
Watermark ledger — the 64-bit drift seed issued to your scripts, linked to your Discord ID. This is how we trace leaks
Server logs — standard Caddy access logs (IP, URL, referrer, UA). Rotated weekly

What we don't collect

Google Analytics, Facebook Pixel, Meta Advantage, or any third-party tracking
Your IP geolocation beyond country level (and only to decide if you see the EU cookie prompt)
Any data about your gameplay, K/D, ranking — the scripts run on the Zen, not on your console or PC, so we have no access to any of that
Keystrokes, mouse movement, session replays. Our analytics layer is minimal and custom-built on our servers

How long we keep it

Purchase / licence data — for the life of your account. If you ask us to delete, we delete within 30 days (legal exceptions: tax records kept 7 years per IRS)
Flash logs — 90 days
Watermark ledger — indefinitely (essential to anti-leak enforcement)
Server logs — 30 days

Who sees your data

Us (the two-person team) — yes
Whop (our billing processor) — they see purchase data by necessity
Discord (OAuth provider) — they see that you signed in, not what you did after
Nobody else. We don’t run a data sales business.

Your rights

Request deletion, access, or a copy of your data: email support@verascripts.com with "Privacy" in the subject. We respond within 30 days. EU / UK residents have GDPR rights; California residents have CCPA rights; we honour both regardless of residency.

Cookies

We set one essential cookie (vs_session) signed with HMAC to keep you logged in. Expires in 30 days of inactivity. No analytics cookies, no ad cookies, no third-party cookies.

Changes

If we materially change this policy, we post a note in Discord #announcements and update the date above. If you disagree with a change, email us for a data export and deletion.