Back to Home

Privacy Policy

Last updated: February 2026

1. Controller

The controller responsible for data processing on this website pursuant to Art. 13(1)(a) GDPR is:

Luca-Bastien Strussione

Evolve Performance (Einzelunternehmer)

Mainzer Allee 17-19, 65232 Taunusstein, Germany

Email: support@evolveperf.com

2. What Data We Collect

When you use Evolve Performance, we collect the following data:

  • Discord account information: User ID, username, and avatar (provided via Discord OAuth2)
  • System specifications: CPU, GPU, RAM, motherboard, storage, and cooler details you submit during checkout
  • Purchase records: Plan purchased, transaction ID, payment amount, currency, and email address associated with payment
  • Support ticket references: Discord channel IDs for your support tickets
  • Hardware ID (HWID): A unique identifier derived from your hardware configuration, used for license activation and binding

3. Why We Collect This Data

We process your data based on the following legal grounds (GDPR Art. 6):

  • Contract fulfillment (Art. 6(1)(b)): Discord OAuth2 authentication, system specs processing, purchase record management, license activation, and support ticket creation
  • Contract fulfillment (Art. 6(1)(b)): Avatar storage for user profile display
  • Legitimate interest (Art. 6(1)(f)): Fraud prevention via HWID binding (one license per device), purchase record maintenance for accounting and support

4. Third-Party Services

We share data with the following third parties, only as needed to provide our services:

  • Creem — Payment processing. Receives your email and payment details. Creem acts as Merchant of Record. Registered in Estonia (EU). No third-country transfer.
  • Discord — Authentication and support delivery. We access your public profile via OAuth2 and create support tickets in our server. Registered in the US. Transfer safeguard: EU-US Data Privacy Framework.
  • Vercel — Hosting provider. Processes HTTP requests and logs. Registered in the US. Transfer safeguard: EU-US Data Privacy Framework.
  • MongoDB Atlas — Database provider. Stores purchase records. Cluster located in EU (Frankfurt). No third-country transfer.

5. Data Retention

We retain your purchase records for as long as your account exists or as required by applicable tax and accounting laws (typically 10 years for financial records in Germany). You may request deletion at any time — see Your Rights below.

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access (Art. 15): You can export all data we store about you from your profile page.
  • Right to erasure (Art. 17): You can delete all your data from your profile page. This removes your purchase records from our database.
  • Right to rectification (Art. 16): You can request correction of inaccurate personal data.
  • Right to restriction of processing (Art. 18): You can request restriction of processing under certain conditions.
  • Right to data portability (Art. 20): Your data export is provided as a standard JSON file.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Hessischer Beauftragter für Datenschutz und Informationsfreiheit.

Right to object (Art. 21): You have the right to object at any time to the processing of your personal data based on legitimate interests (Art. 6(1)(f)). We will then no longer process your data unless we can demonstrate compelling legitimate grounds.

7. Automated Decision-Making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

8. Cookies & Local Storage

We do not use cookies. We use browser localStorage solely to keep you logged in across page reloads. This data never leaves your device and is cleared when you log out. No tracking cookies, analytics cookies, or third-party cookies are used.

9. Contact

For any privacy-related questions or to exercise your rights, contact us at: support@evolveperf.com or through our Discord server.

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG).