1. Who we are
CryptoNight Mafia is an independent crypto-merch brand operated by an individual (pessoa singular) based in Portugal, trading on Etsy as CryptonightM.
This site (cryptonight-mafia.vercel.app) is the brand's public face. Etsy is the merchant of record for all sales — purchases happen on etsy.com, not on this site.
Privacy contact: cryptonightmerch@gmail.com
Short version: this site doesn't process payments, doesn't run a checkout, and doesn't store account data. The only personal data we collect here is your email (if you join the newsletter) and aggregate visit analytics. All purchases go through Etsy, who handle that data under their own privacy policy.
2. What data this site collects
Newsletter email (only if you sign up)
- Your email address
- The timestamp + IP from your signup (kept by MailerLite for spam-protection compliance)
- Double opt-in confirmation status
Processed by MailerLite on our behalf. We don't sell, rent, or share your email with third parties.
Site visit data (everyone — privacy-friendly)
- Page views, referrer, country (no IP storage)
- Browser type + viewport size for layout debugging
- Aggregate click events on CTAs and product links (no per-user identification)
Processed by Vercel Web Analytics — cookieless, GDPR-compliant by design. No persistent identifiers.
What we do NOT collect:
- Card numbers, payment data, billing/shipping addresses (Etsy handles those for purchases)
- Account credentials (no accounts on this site)
- Government IDs, tax IDs
- Cross-site tracking cookies
3. What data Etsy + Printful collect (when you buy)
When you click through to Etsy and complete a purchase, the data flow looks like this:
- Etsy collects your name, email, shipping address, and payment details for the order. They are the data controller for that transaction. Their privacy policy: etsy.com/legal/privacy.
- Printful receives only the data needed to print and ship your order (name, shipping address, design files, sizes). They act as a data processor under Etsy's instruction. Their privacy policy: printful.com/policies/privacy.
- We (the brand) see the order summary in our Etsy seller dashboard — usually just first name + city + items ordered. We never see card numbers or full billing addresses.
4. Why we use this data (GDPR lawful basis)
- Consent (Art. 6(1)(a)): newsletter signup. Double opt-in required; you can unsubscribe from every email or by contacting us.
- Legitimate interest (Art. 6(1)(f)): basic site analytics for UX improvements and abuse detection. Limited to aggregate, non-identifying data. You can opt out via browser-level "Do Not Track" or by disabling JavaScript.
5. Your rights under GDPR
If you're in the EU/EEA/UK, you have the following rights regarding data we hold:
- Access — request a copy of your data we hold
- Rectification — correct inaccurate data
- Erasure ("right to be forgotten") — delete your newsletter subscription + any associated record
- Restriction — pause our processing of your data
- Portability — receive your data in a portable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — unsubscribe from the newsletter at any time
To exercise any of these rights, email cryptonightmerch@gmail.com with your request. We respond within 30 days (typically same week).
For order-related data (held by Etsy), use Etsy's account-level privacy controls or contact Etsy directly.
6. Retention + breach notification
- Newsletter: retained until you unsubscribe. After unsubscribe, MailerLite holds a suppression-list record (email hash only) for ~12 months to prevent accidental re-add.
- Vercel Analytics: aggregated visit data retained for 12 months, then deleted.
- Etsy order data: handled by Etsy under their own retention policy — see Etsy's privacy notice.
Personal-data breach notification: in the unlikely event of a personal-data breach affecting newsletter subscriber data, we will notify the Portuguese supervisory authority (CNPD) within 72 hours of becoming aware of the breach, per GDPR Art. 33. Where the breach is likely to result in a high risk to your rights and freedoms (Art. 34), we will also notify affected subscribers directly without undue delay.
7. International data transfers
Some of the processors above (Vercel, MailerLite) are based outside the EU. They rely on Standard Contractual Clauses (SCCs) and/or EU-US Data Privacy Framework participation for lawful EU-to-third-country transfers under GDPR Art. 46. Full details in each processor's privacy notice.
8. Cookies + similar technologies
This site does not set any cookies of its own. Third-party scripts loaded on the page:
- MailerLite + Google reCAPTCHA — only loaded when you interact with the newsletter form. MailerLite uses Google reCAPTCHA for spam protection, which sets its own cookies for fraud detection under Google's terms.
- Vercel Analytics — cookieless. No persistent identifiers.
- Google Fonts — used to load Bebas Neue / Space Mono / Inter. Google may log the IP that requests the font, under Google's privacy policy.
9. Complaints
If you believe we've handled your data unlawfully, you can file a complaint with the Portuguese data protection authority:
- CNPD — Comissão Nacional de Proteção de Dados
- Web: cnpd.pt
If you're in another EU/EEA country, your local supervisory authority can also handle the complaint.
10. Changes to this policy
Material changes will be communicated via the brand's social channels (@cryptonight_m, @cryptonight_m) and reflected in the "Last updated" date at the top of this page. Continued use after a change indicates acceptance of the updated policy.
When the brand incorporates as a Sociedade Unipessoal por Quotas (Phase 0.5), this policy will be updated to reflect the new data controller (the Lda.) and any new processing introduced by the own-site crypto checkout.