Endromeda ("Endromeda," "we," "our," or "us") operates the website endromeda.xyz and provides creator-focused digital products and services, including the Brand DNA Kit, Full Creator System, and Done-For-You Brand service.
This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding that information. It applies to all interactions with our website, products, and services.
By using our website or purchasing a product, you agree to this Privacy Policy. If you do not agree, please do not use our services.
We collect information in three ways: information you give us directly, information collected automatically, and information from third parties.
Information you provide directly:
Information collected automatically:
We do not collect sensitive personal data such as government IDs, health information, or financial account details (your payment card data goes directly to Stripe).
| Purpose | Legal Basis |
|---|---|
| Deliver your purchased product or service | Contract performance |
| Process payments via Stripe | Contract performance |
| Send order confirmations and delivery emails | Contract performance |
| Respond to support inquiries | Legitimate interest / contract |
| Send product updates, tips, and relevant offers (with opt-out) | Legitimate interest / consent |
| Improve and troubleshoot our website | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We will never use your data to train AI models, create profiles for advertising networks, or sell to data brokers.
We do not sell, rent, or trade your personal information — full stop.
We may share limited information only with the following trusted service providers, solely to operate our business:
We may also disclose information if required by law, court order, or to protect the rights, property, or safety of Endromeda, our customers, or the public.
In the event of a business acquisition or merger, your information may be transferred, and we will notify you via email or prominent website notice before your data is subject to a different privacy policy.
We retain your personal information only as long as necessary to fulfil the purposes described in this policy:
You may request deletion of your data at any time (see Section 7).
Our website uses cookies and similar technologies for the following purposes:
You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the website. Most browsers allow you to refuse new cookies, receive alerts when cookies are set, and delete existing cookies.
We do not use advertising cookies, retargeting pixels, or Facebook Pixel on our core landing page at this time.
Depending on your location, you may have the following rights regarding your personal data:
California residents (CCPA): You have the right to know what personal information we collect, the right to delete it, the right to opt out of sale (we do not sell data), and the right to non-discrimination for exercising these rights.
To exercise any right, email hello@endromeda.xyz with the subject line "Privacy Request." We will respond within 30 days.
Unsubscribing from emails: Every marketing email contains an unsubscribe link. Clicking it immediately removes you from our mailing list. Transactional emails (e.g., order confirmations) cannot be unsubscribed from while your account is active.
We take the security of your personal information seriously. Endromeda implements a layered set of technical and organisational measures designed to protect your data against unauthorised access, disclosure, alteration, and destruction.
Technical Controls
Organisational Controls
Payment Security
Payment card data is handled exclusively by Stripe, a PCI DSS Level 1 certified payment processor. We never receive, process, or store your card number, CVV, or expiry date. Stripe's Privacy Policy and Terms govern the handling of your payment details.
Security Monitoring
Incident Response
Despite best efforts, no system is completely immune to security incidents. In the event we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
Vulnerability Disclosure
If you discover a potential security vulnerability in our systems, we encourage responsible disclosure. Please report it to hello@endromeda.xyz with the subject line "Security Disclosure." We will acknowledge receipt within 48 hours and investigate promptly. We ask that you not publicly disclose any vulnerability until we have had a reasonable opportunity to investigate and address it.
Our website may contain links to third-party websites (e.g., Instagram, Stripe). This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third parties and encourage you to review their policies before providing any personal information.
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will delete it promptly. If you believe we have inadvertently collected information from a child, please contact us at hello@endromeda.xyz.
Endromeda operates globally and your data may be processed in countries outside your own, including the United States and European Economic Area. Where we transfer data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or we transfer data only to recipients in countries deemed to provide adequate protection.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. We encourage you to review this page periodically.
Continued use of our website or services after changes take effect constitutes acceptance of the updated policy.
For any privacy questions, requests, or concerns, contact us directly:
Include your full name and email address in your request, and we will respond within 30 days. If you are located in the EU/UK and believe we have mishandled your data, you also have the right to lodge a complaint with your local data protection authority.