Privacy Policy

Last updated · April 26, 2026

This Privacy Policy explains what information Tebex collects, why we collect it, and what we do with it. It applies to everyone who visits our storefront or buys a FiveM script through it.

If anything below is unclear, reach us through the contact form.

Who we are

Tebex operates a digital storefront that sells FiveM scripts and related resources. In this policy, “we”, “us” and “our” refer to Tebex; “you” refers to the visitor or customer.

Information we collect

We try to collect only what we need to deliver your purchase and keep the store online.

What you provide

  • Email and name entered at checkout, used to deliver download links and order receipts.
  • Postal code (zip) required by our payment processor for card verification (AVS) and tax compliance.
  • Support tickets — anything you write in the contact form, plus the email address you submit it from.
  • Reviews — the display name and review text you choose to publish.

What we collect automatically

  • IP address and approximate location, recorded in server logs and used for fraud prevention, abuse blocking, and basic analytics (request counts, error rates).
  • Browser user-agent, captured in the same server log line.
  • Order metadata — order number, line items, total, currency, the timestamp of each state transition.
  • Bot-detection signals from Cloudflare Turnstile when you submit a form, used to block automated abuse.

Payment data

Card numbers, expiry dates, CVV and 3-D Secure tokens are entered into our payment processor’s hosted form (Ayden). They are never seen by Tebex servers and never stored by us. We receive only a non-sensitive transaction reference and the result of the charge.

How we use it

  • Fulfilling your order — generating the per-order download link and emailing it to you.
  • Customer support — responding to questions you submit through the contact form.
  • Fraud prevention and abuse mitigation.
  • Tax, accounting and statutory record-keeping.
  • Occasional product updates and new-release announcements to the email you used at checkout, including for orders that did not complete payment. You can unsubscribe at any time from any email we send, or by contacting us.
  • Improving the storefront — debugging errors, tuning performance, prioritising what to build next.

We do not sell your personal data and we do not use it for cross-site advertising.

Cookies and local storage

We use a small set of strictly-functional storage entries:

  • Session cookie — only set after admin sign-in; absent for normal shoppers.
  • Cart — kept in your browser’s localStorage so refreshing the tab doesn’t lose your selections. Never sent to our servers until you check out.
  • Cloudflare Turnstile — sets short-lived cookies on form pages to prove you’re human.
  • Cloudflare bot management — sets the __cf_bm cookie automatically as part of CDN protection.

We do not use marketing or third-party analytics cookies.

Third-party processors

We share the minimum information needed to operate the store with these providers:

  • Ayden — payment processing. They handle your card details directly under their own privacy policy.
  • Cloudflare — DNS, CDN, DDoS protection and Turnstile bot-detection.
  • SMTP email provider — used to deliver your order email and any support replies.
  • Plesk hosting — physical infrastructure that runs the store and stores its database.

Data retention

  • Order records — retained for the period required by tax and accounting law (typically 7 years).
  • Support tickets — retained for up to 2 years from the last reply, then deleted.
  • Server logs — rolled and deleted after 30 days.
  • Reviews — kept while the product is published; removed if you ask us to take them down.

Your rights

You can ask us to:

  • Confirm what personal data we hold about you.
  • Correct anything that is wrong.
  • Delete your data, subject to records we are legally required to keep (chiefly tax-related order records).
  • Export a copy of the data you have given us.

Send a request from the email address on the account through the contact form. We aim to respond within 30 days.

International transfers

Our infrastructure and processors operate across multiple jurisdictions. Where personal data is transferred outside its country of origin, we rely on the standard contractual clauses or equivalent safeguards offered by each processor.

Children

This service is not directed at children under 16. We do not knowingly collect personal data from anyone under that age. If you believe a child has submitted information to us, contact us and we will delete it.

Changes to this policy

If we make a material change, we will update the “Last updated” date at the top of this page. Substantive changes that affect existing customers will also be sent by email.

Contact

Questions about this policy or your data: /contact.