Privacy

Privacy Policy

404 BRAND FZCO · United Arab Emirates, Dubai · Effective February 18, 2026

This Privacy Policy explains what information IT CRP processes when you use it-crp.com, create an account, obtain a free key, purchase a subscription, contact support, or use the Service. It also explains why we process that information and how you can contact us about privacy questions.

1. Who Controls Your Data

1.1. The data controller is 404 BRAND FZCO, United Arab Emirates, Dubai ("IT CRP", "we", "us", "our").

1.2. Privacy contact: support@it-crp.com.

2. Scope

2.1. This Policy applies to the website, account dashboard, payment flow, support communications, referral features, and technical systems used to provide the Service.

2.2. Payment providers, app stores, client apps, hosting providers, analytics tools, email providers, and other third parties may process data under their own policies. We are not responsible for their independent privacy practices.

3. Information We Process

3.1. Account data. We process your email address, password hash, account status, email verification status, referral code, referral attribution, language or locale settings, and account timestamps.

3.2. Subscription data. We process your plan, subscription status, start date, end date, device limit, free-trial or paid status, subscription URL/key metadata, and related account state needed to provide access.

3.3. Payment data. We process payment identifiers, order identifiers, amount, currency, payment status, payment provider, invoice or checkout link, and transaction timestamps. We do not store full card numbers or card security codes.

3.4. Referral and payout data. If you use the referral program, we process referral codes, referred-account relationships, reward ledger entries, withdrawal requests, payout amount, payout network, wallet address, payout status, and related support notes.

3.5. Support data. If you contact us, we process your email address, message content, request type, support history, and any information you choose to send so we can answer and resolve your request.

3.6. Security and operational data. We may process limited technical events such as authentication events, API errors, abuse-prevention signals, server health, payment webhook status, and infrastructure logs needed to operate and protect the Service.

4. No-Logs Position

4.1. We do not store the content of your internet traffic, the websites you visit, the messages you send through third-party services, or DNS queries as a browsing history.

4.2. Network parameters may be processed technically while the Service routes traffic, but we do not build a profile of your browsing activity from that traffic.

4.3. Limited technical events may be retained for security, abuse prevention, infrastructure troubleshooting, and service reliability. These events are not intended to contain the content of your traffic.

5. Why We Process Data

We process data for the following purposes:

  • 5.1. to create and secure your Account;
  • 5.2. to provide free keys, paid subscriptions, subscription URLs, and account access;
  • 5.3. to process orders, payments, refunds, renewal status, and payment-provider callbacks;
  • 5.4. to operate the referral program and handle payout requests;
  • 5.5. to answer support requests and send operational emails;
  • 5.6. to prevent fraud, trial abuse, referral abuse, spam, attacks, and unauthorized access;
  • 5.7. to maintain service reliability, diagnose incidents, and improve setup flows;
  • 5.8. to comply with legal, accounting, tax, and regulatory obligations where applicable.

6. Legal Bases

6.1. Where applicable law requires a legal basis, we rely on contract performance to provide the Service, legitimate interests to secure and improve the Service, legal obligations for accounting and compliance, and consent where we specifically ask for it.

6.2. Our legitimate interests include fraud prevention, abuse prevention, infrastructure security, service reliability, customer support, and product improvement.

7. Cookies and Local Storage

7.1. We use authentication cookies and browser local storage to keep you signed in, store access tokens, remember account state, preserve referral attribution, and support the dashboard experience.

7.2. Referral codes may be stored in local storage so that a referral is not lost if you move between internal pages before signing up.

7.3. You can clear cookies and local storage in your browser. Doing so may sign you out or remove referral attribution from that browser session.

8. Sharing Data With Third Parties

8.1. We may share or provide access to data only as needed for the Service with categories such as hosting providers, server infrastructure providers, payment processors, email providers, support tools, security providers, and professional advisers.

8.2. We may disclose data if required by applicable law, a valid legal request, court order, or to protect the rights, safety, and security of IT CRP, users, or third parties.

8.3. We do not sell your personal data.

9. International Transfers

9.1. We operate from the United Arab Emirates and use infrastructure and service providers that may be located in different countries. Your data may therefore be processed outside your country of residence.

9.2. Where required, we use reasonable safeguards for international transfers, including contractual and technical controls appropriate to the nature of the data.

10. Retention

10.1. Account and subscription records are kept while your Account is active and for a reasonable period afterward for support, fraud prevention, dispute handling, and operational continuity.

10.2. Payment, order, refund, and payout records may be kept longer where needed for accounting, tax, anti-fraud, chargeback, or legal obligations.

10.3. Support communications are kept for as long as reasonably needed to resolve requests, maintain service history, and protect against abuse.

10.4. Security and operational events are kept for a limited period appropriate to incident investigation, infrastructure protection, and service reliability.

11. Security

11.1. We use organizational and technical measures designed to protect data, including access controls, least-privilege access, encrypted transport, infrastructure segmentation, monitoring, backups, and security updates.

11.2. No internet service can guarantee absolute security. You are responsible for using a strong password, keeping your email secure, and protecting your Configuration Data.

12. Your Rights

Depending on applicable law, you may have the right to:

  • 12.1. request access to personal data we hold about you;
  • 12.2. request correction of inaccurate data;
  • 12.3. request deletion of data, subject to legal, anti-fraud, accounting, and security retention needs;
  • 12.4. request restriction or objection to certain processing where applicable;
  • 12.5. request a copy of certain data in a portable format where applicable;
  • 12.6. withdraw consent where processing is based on consent.

Send privacy requests to support@it-crp.com. We may need to verify that the request comes from the account owner.

13. Children

The Service is not intended for children under 18. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will be published on it-crp.com. Continued use of the Service after publication means the updated Policy applies from that date onward.

15. Contact

404 BRAND FZCO
United Arab Emirates, Dubai

Privacy / Support Email: support@it-crp.com
Website: it-crp.com