Common's VBX
Legal · Privacy

Privacy Policy

Short version: we collect the bare minimum we need to deliver your tokens and prevent fraud, we don't sell your data, and you can ask us to delete it any time.

Last updated · April 2026
01

What we collect

When you place an order on common.sell.app we collect the email you provide at checkout, your payment method (only the type: Cash App, Crypto, Card, PayPal, never the underlying card or wallet credentials), your order ID, and the IP address used to complete the purchase.

When you redeem a code in our Discord we collect your Discord user ID, server-level activity related to redeem and wallet commands, and timestamps for those events.

This website uses minimal first-party analytics to understand which pages are visited. We do not run third-party advertising or behavioural-tracking pixels.

02

Why we collect it

Order email and ID let us deliver your redemption code, send transactional notifications, and resolve support requests. Without them we cannot fulfil purchases.

Discord ID and redeem activity let our bot credit the right wallet, prevent double-redemptions, and detect abuse such as automated farming or scripted exploits.

Payment method type and IP help us spot fraud patterns (mismatched regions, mass orders from a single IP). We never see or store underlying payment credentials. Those stay with Sell.app's payment processor.

03

Who we share it with

Sell.app, our payment processor, handles checkout. They see whatever Sell.app's own privacy policy describes; we recommend reading it. Common's VBX only receives the minimum data Sell.app forwards to fulfil the order.

Discord, our community platform, sees whatever Discord normally collects from your usage of their platform. We have no special data exchange with Discord beyond what their bot API exposes.

We do not sell, rent or trade your data with marketers or any third party. We may disclose data to law-enforcement only when legally compelled.

04

How long we keep it

Order records (email, order ID, payment type) are kept for 24 months for tax, accounting and dispute resolution.

Discord redemption logs are kept for 12 months and used for fraud prevention and support history.

Server-side analytics are aggregated and retained for 6 months.

05

Your rights

You can ask us to show you what data we hold on you, correct it if it's wrong, or delete it entirely. Open a #support-ticket in Discord with the request. We respond within 14 days.

Note that deleting order records before the 24-month retention period may affect our ability to process refunds or resolve disputes after the fact.

You can opt out of transactional emails at any time, but we still need to email you the redemption code at purchase. That's contractually required.

06

Security

Sell.app handles all payment data and PCI-relevant security. Our own systems use TLS for all traffic, scoped credentials per service, and access logs.

No system is perfect. If a breach affects you, we will notify you by email at the address used on your order within 72 hours of discovery, with details on what happened and what you should do.

07

Contact

Privacy questions or data requests? Open a ticket in #support-ticket (https://discord.com/channels/1204064534579519539/1204064536433528878). Privacy requests are handled by the same team and routed through the ticket system for accountability.