Privacy Policy

We collect the minimum needed to run the service. No third-party ad-trackers, no fingerprinting, no sale of personal data.

What we collect

• Vote cookie: an anonymous random ID, one per browser, used to prevent duplicate votes.
• Email (only if you subscribe, submit a fit, or place a pre-order): stored encrypted at rest in our Postgres on Neon (EU/US regions). Used to notify you about the droplist, send order updates, and respond to your submissions.
• Pre-order details: name, email, shipping region (not full address unless you provide it), payment method selection, and order status.
• Server logs: IP, user-agent, request path — retained 14 days for debugging + abuse prevention, then rotated out.

What we don’t collect

• No third-party trackers (no Google Analytics, no Facebook pixel).
• No behavioural ads.
• No browser fingerprinting.
• No sale or licensing of user data to third parties.

Payment + third parties

Payments are processed by PayPal (for worldwide orders) or handled offline via Taiwan bank transfer on LINE. PayPal is a PCI-compliant processor; we never see your card details. For TW bank transfer we’ll message you from contact@bapeclub.co with account details; your bank sees standard transfer metadata.

Your rights

You can request a copy of your data, request deletion, or correct any field by emailing contact@bapeclub.co. We respond within 7 days. Deletion may be refused only when required to honour an open order or prevent fraud, and we’ll tell you why.

Cookies

• vote_id — anti-duplicate-vote cookie, ~365 days.
• supplier_session — HMAC-signed session for invited suppliers only (not set for the public).

See also: About · Disclaimer · Terms