Legal

Privacy Policy

Last updated: March 19, 2026  ·  Effective: March 19, 2026

Your privacy matters to us.

This Privacy Policy explains how FPGABay, Inc. collects, uses, discloses, and protects your personal information. We are committed to transparency and will never sell your personal data to third parties.

1. Who We Are

FPGABay, Inc. operates the FPGABay website and sells FPGA development hardware. We are the data controller responsible for your personal information under applicable privacy laws, including the California Consumer Privacy Act (CCPA), and where applicable, the EU General Data Protection Regulation (GDPR).

Our Data Protection contact: privacy@fpgabay.com

2. Information We Collect

2.1 Information You Provide Directly:

  • Account Data: Name, email address, password (hashed and salted), and optional profile information (phone, company name)
  • Order Data: Shipping name and address, phone number, email, and product selection
  • Payment Data: We do not store cryptocurrency wallet addresses or private keys. Payment processing is handled entirely by NOWPayments. We only retain order amounts, selected currency, and payment status
  • Communications: Emails or support messages you send us

2.2 Information Collected Automatically:

  • Usage Data: Pages visited, time on site, referring URL, browser type, and device type — collected via our hosting infrastructure
  • Log Data: IP address, access times, and error logs retained for up to 90 days for security and debugging purposes

2.3 Information from Third Parties:

  • Payment Processors: NOWPayments may share transaction status and payment confirmation with us
  • Shipping Carriers: Tracking status and delivery confirmation

3. How We Use Your Information

We use your personal information for the following purposes and legal bases:

PurposeLegal Basis (GDPR)
Processing and fulfilling your ordersContract performance
Account creation and authenticationContract performance
Sending order confirmations and shipping notificationsContract performance
Responding to customer support inquiriesLegitimate interests
Preventing fraud and ensuring securityLegitimate interests / Legal obligation
Complying with legal obligations (tax, export records)Legal obligation
Improving our website and productsLegitimate interests
Sending promotional emails (only with consent)Consent

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share your data only in the following circumstances:

4.1 Service Providers: We share necessary data with trusted third-party service providers who assist us in operating our business:

  • Supabase: Database and authentication infrastructure (servers located in the USA)
  • NOWPayments: Cryptocurrency payment processing
  • Shipping Carriers: (e.g., FedEx, UPS, DHL) — your name and address are shared for delivery
  • Email Service Providers: For transactional emails only

All service providers are bound by data processing agreements and may only use your data as instructed by us.

4.2 Legal Requirements: We may disclose your information if required by law, court order, subpoena, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all our assets, your data may be transferred. We will notify you by email and/or prominent notice on our website prior to such transfer.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: For the lifetime of your account, plus 3 years after closure for legal compliance
  • Order records: 7 years for tax and accounting compliance
  • Communication logs: 2 years
  • Server/access logs: 90 days

After retention periods expire, data is securely deleted or anonymized.

6. Cookies and Tracking Technologies

We use minimal, strictly necessary cookies to operate the website, including session authentication tokens managed by Supabase. We do not use third-party advertising cookies or behavioral tracking technologies.

You can configure your browser to refuse cookies, but this may prevent you from using certain features of the website such as logging in or completing purchases.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit using TLS 1.2+
  • Encryption of data at rest in our database
  • Hashed and salted password storage (never stored in plain text)
  • Row-Level Security (RLS) enforced at the database level
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Regular security reviews and updates

Despite these measures, no system is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law within 72 hours of discovery.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention obligations
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we limit processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent
  • Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at privacy@fpgabay.com. We will respond within 30 days (or 45 days for complex requests). We may require identity verification before processing certain requests.

9. International Data Transfers

Our primary servers are located in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, your data may be transferred to countries that may not provide the same level of protection as your home jurisdiction.

When we transfer data from the EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, or other appropriate safeguards. You may request a copy of these safeguards by contacting us.

10. Children's Privacy

Our website and products are not directed to children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will promptly delete it. If you believe we have collected information from a child, contact us at privacy@fpgabay.com.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by email and by posting the updated policy with a new "Last Updated" date. Your continued use of the website after the effective date constitutes acceptance of the updated policy.

12. How to Contact Us

For privacy-related questions, requests, or complaints:

FPGABay, Inc. — Privacy Team

548 Market St PMB 12345, San Francisco, CA 94104, USA

Email: privacy@fpgabay.com

If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.