Back to shop

Privacy Policy

Effective date: June 1, 2026

This Privacy Policy explains how The Golden Market ("we", "us", "our") collects, uses, shares, and protects information about you when you use goldenstock.ca and related services (the "Site"). By using the Site you agree to the practices described below.

1. Information We Collect

  • Account data: name or display name, email address, hashed password, Roblox username, and optional Discord username.
  • Technical data: IP address, device type, browser, operating system, language, and approximate location derived from your IP.
  • Payment data: the payment method you chose, transaction amount, and a transaction reference (e.g., crypto TXID, PayPal order ID). We do not store full card numbers, bank credentials, or crypto private keys on our servers. Card and bank details, where applicable, are handled by our payment processors.
  • Transaction history: order IDs, items purchased or sold, prices, timestamps, delivery status, and dispute records.
  • Communications: support messages, chat logs with our support bot, and review content you submit.
  • Cookies and similar technologies: see Section 6.

2. Why We Collect It

  • Account & email — to create and secure your account, authenticate you, and send transactional emails (receipts, password resets, delivery confirmations).
  • IP address & device data — to prevent fraud, enforce rate limits, detect abuse, and meet legal record-keeping obligations.
  • Payment data — to process your orders, verify on-chain payments, issue refunds where applicable, and prevent chargeback fraud.
  • Roblox username — to deliver purchased items via in-game trade.
  • Discord username (optional) — as an alternative contact method for delivery coordination and customer support.
  • Transaction history — to provide order history, support, accounting, and tax compliance.
  • Communications — to provide customer support and improve our service.

3. How We Share Information

We share information only with the parties below, and only as needed:

  • Payment processors (e.g., PayPal, blockchain networks, Interac, Zelle's underlying bank network) — to process your payment.
  • Infrastructure providers — hosting, database, email delivery, error monitoring, and analytics vendors acting as our processors under appropriate contracts.
  • Law enforcement and regulators — when we are legally required to comply with a valid court order, subpoena, or government request, or when we reasonably believe disclosure is necessary to prevent fraud, protect users, or comply with applicable law.
  • Successor entities — in connection with a merger, acquisition, or sale of assets, subject to confidentiality.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.

4. Data Retention and Account Deletion

  • Active account data is retained for as long as your account is active.
  • Transaction records are retained for up to 7 years to comply with tax, accounting, and anti-fraud regulations.
  • Support communications are retained for up to 2 years.
  • When you delete your account, we purge personally identifying account data within 30 days, except where retention is required by law (e.g., financial records) or necessary to resolve open disputes or prevent fraud.
  • Backups are rotated and overwritten on a routine schedule.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or outdated information.
  • Delete your account and associated personal data (see Section 4).
  • Port a copy of your data in a structured, machine-readable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.

EU and UK residents (GDPR): In addition to the rights above, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your rights under the GDPR.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete your personal information (subject to legal exceptions), the right to opt out of any sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights.

To exercise any of these rights, email support@goldenstock.ca from the address registered to your account. You can also delete your account directly from Settings. We respond to verified requests within 30 days.

6. Cookies

We use cookies and similar storage for:

  • Essential cookies — authentication sessions, CSRF protection, cart state. The Site cannot function without these.
  • Preference cookies — language, theme, and other UI preferences.
  • Analytics — privacy-respecting metrics about page usage to improve the Site.
  • Third-party cookies — set by payment processors during checkout and by embedded support tools. These are governed by those parties' own privacy policies.

You can clear or block cookies in your browser settings. Disabling essential cookies will break login and checkout.

7. Security and Breach Notification

  • All traffic to the Site is served over HTTPS with a valid TLS certificate.
  • Passwords are hashed using industry-standard algorithms (bcrypt/Argon2 via our authentication provider) — never stored in plaintext.
  • We enforce rate limiting on login, signup, and password-reset endpoints to mitigate brute-force and bot abuse.
  • New passwords are checked against the Have I Been Pwned database of known-leaked passwords.
  • Two-factor authentication is enforced for administrative accounts.
  • Access to production data is restricted to authorized personnel on a need-to-know basis.

No system is perfectly secure. In the event of a personal-data breach that creates a risk to your rights or freedoms, we will notify affected users and the relevant data-protection authorities within 72 hours of becoming aware of the breach, as required by applicable law.

8. Children's Privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. Users aged 13 to the age of majority in their jurisdiction may only use the Site with verifiable parental or guardian consent. If you believe a child has provided us with personal information without proper consent, email support@goldenstock.ca and we will promptly delete the account and associated data.

9. International Users and Data Transfers

The Golden Market operates from Canada. By using the Site, you understand that your information may be processed and stored in Canada and other countries where our service providers operate, which may have different data-protection laws than your country of residence. When we transfer personal data outside the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure an adequate level of protection. We take appropriate technical and organizational measures to protect your data in transit and at rest.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via a banner on the Site and, where reasonably possible, by email to your registered address. The "Effective date" at the top of this page will be updated. Continued use of the Site after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For privacy questions, data requests, or to report a concern, email support@goldenstock.ca. We aim to respond within 30 days.

See also our Terms of Service.