Privacy Policy

Effective date: [31-01-2026]

This Privacy Policy explains how GodotAsset.market (“we”, “us”, the “Platform”) processes personal data. It applies to visitors, registered users, buyers, and authors.

1) Data Controller

Controller: Ondřej Peška
Business ID (IČO): 74523881
Tax ID (DIČ): CZ8608076224
Registered address: Bří. Čapků 2723/30, 787 01 Šumperk, Czech Republic
Contact (privacy & support): support@darksheep.biz

If you have questions or want to exercise your data protection rights, contact us using the email above.

2) What personal data we collect

Depending on how you use the Platform, we may process the following categories of personal data:

A) Account & profile data

Email address, username/display name, account identifiers.
Profile information you choose to provide (bio, links, avatar).
Authentication data (hashed password and security logs; we do not store plain-text passwords).

B) Purchases & transactions

Order identifiers, purchased items, license type selection (e.g., Regular/Extended), timestamps.
Payment status and basic payment metadata (we do not store full card details; payments are handled by payment providers).
Invoices and accounting records where applicable.

C) Author-related data

Author profile details, published items, pricing, support period options (if offered).
Payout-related data (withdrawal records and payout status).
Verification/KYC data if required for payouts or compliance (only where applicable).

D) Support & communications

Support tickets, emails, and messages you send us (and our replies).
Technical information you provide for troubleshooting (e.g., engine version, logs, screenshots).

E) User-generated content

Reviews, ratings, comments, reports, and similar content you publish on the Platform.

F) Technical & security data

IP address, device and browser information, timestamps, approximate location derived from IP (coarse), diagnostic logs.
Security and anti-fraud signals (e.g., abnormal download activity).

G) Newsletter & marketing preferences

Email address and consent preferences if you subscribe to newsletters or marketing communications.
Unsubscribe and suppression records (to ensure we respect your choices).

3) Why we process personal data (purposes)

We process personal data for the following purposes:

Account creation and access (registration, login, account security).
Marketplace operations (purchases, downloads, license selection, delivering digital content).
Author operations (publishing items, managing author profiles, withdrawals/payouts, optional verification).
Customer support (responding to inquiries, troubleshooting, dispute handling).
Fraud prevention and security (abuse prevention, platform integrity, protection of users and authors).
Legal and accounting compliance (recordkeeping, handling complaints and legal requests).
Platform improvement (performance monitoring, bug fixing, improving usability).
Marketing (optional) (newsletter and announcements when you opt in, and only to the extent permitted by law).

4) Legal bases for processing

We rely on the following legal bases (depending on the situation):

Contract necessity – to provide the Platform, deliver purchases/downloads, and perform author-related services.
Legal obligation – to meet accounting, tax, and other legal requirements.
Legitimate interests – to secure the Platform, prevent fraud/abuse, maintain logs, and improve services.
Consent – for newsletter/marketing and for non-essential cookies or similar technologies (where required).

Where we rely on consent, you can withdraw it at any time (see Section 10).

5) Cookies and similar technologies

The Platform uses cookies and similar technologies (e.g., local storage) for essential functionality and, if enabled, for analytics/marketing. Some cookies are strictly necessary to operate the Platform (login, security, cart/session).

Detailed cookie information, categories, and how to manage or withdraw consent is described in Cookies (GDPR) at /gdpr-policy.

6) Who we share personal data with

We share personal data only when necessary to operate the Platform, deliver services, comply with law, or protect our rights. Depending on your usage, recipients may include:

Payment providers (to process payments and refunds).
Crypto payment gateways (only if you choose crypto payment methods).
Hosting, storage, and content delivery providers (to host the Platform and store/deliver files).
Email delivery providers (to send account, purchase, and support emails).
Security and anti-abuse providers (WAF/DDoS protection, bot protection, threat detection).
Verification/KYC providers (only where required for payouts or compliance, and only for applicable accounts).
Authorities where required by law (courts, regulators, law enforcement).

Where third parties act as processors, we require appropriate contractual safeguards.

7) International data transfers

Some service providers may process data outside the European Economic Area (EEA). Where that happens, we use appropriate safeguards such as adequacy decisions or standard contractual clauses, and we implement reasonable security measures.

8) Data retention

We retain personal data only for as long as necessary for the purposes described in this Policy:

Account data – while your account is active, and for a limited period after deletion for security, dispute handling, and compliance.
Purchase and accounting records – for the period required by applicable law and for legitimate accounting/audit needs.
Support communications – as long as needed to resolve the issue and maintain support history (then archived/deleted).
Security logs – retained for a limited period to protect the Platform and investigate abuse.
KYC/verification data – retained only where required and only for the period necessary for compliance and dispute prevention.

You can request deletion of your data where applicable, but some records must be kept for legal obligations.

9) Security

We apply reasonable technical and organizational measures to protect personal data, including access controls, encryption where appropriate, and security monitoring. However, no method of transmission or storage is 100% secure.

10) Your rights

Depending on your jurisdiction (and in particular under the GDPR), you may have the right to:

request access to your personal data,
request rectification (correction) of inaccurate data,
request erasure (deletion) in certain cases,
request restriction of processing,
request data portability,
object to processing based on legitimate interests,
withdraw consent at any time (where processing is based on consent),
not be subject to decisions based solely on automated processing where applicable.

To exercise your rights, email us at support@darksheep.biz. For security reasons, we may need to verify your identity before completing the request. We aim to respond within a reasonable time and in line with applicable law.

11) Complaints (supervisory authority)

If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with your supervisory authority. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection (ÚOOÚ).

Website: Office for Personal Data Protection (ÚOOÚ)
Email: posta@uoou.gov.cz
Data box: qkbaa2n
Address: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic

12) Children’s privacy

The Platform is intended for developers and is not directed to children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

13) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on this page with an updated effective date. Continued use of the Platform after changes means you acknowledge the updated Policy.