Legal

Privacy Policy.

What we collect. What we don't. What we do with it.

Real runs projectreal.net, Real accounts, license redemption, downloads, and the Real software. This policy explains the personal data we process and why.

Short version: we use data to run accounts, verify licenses, secure the service, provide support, and prevent abuse. We do not sell personal data, and as of May 2026 we do not use analytics or marketing cookies on projectreal.net.

1. Data we collect

  • Account data: Account data: username, email address, password hash, email verification state, password reset records, account status, account balance/expiry, plan tier and plan expiry, creation time, last login, and limited account history for support and abuse prevention.
  • License and device data: License and device data: license records, redemption status, balance and plan expiry, plan tier granted, reseller attribution where applicable, HWID hash, device public key, key-protection level, optional device label, last-seen time, and revocation state.
  • Discord and support data: Discord and support data: Discord ID, username, avatar URL, email returned by Discord OAuth, temporary OAuth/setup tokens, and messages or details you send to support.
  • Security data: Security data: IP address, user agent, request metadata, Cloudflare country/security signals where available, rate-limit state, audit logs, and security events.

We do not intentionally read your scripts, personal files, browser history, or unrelated content on your device.

2. Why we use it

  • To create accounts, verify emails, reset passwords, and keep users signed in.
  • To redeem keys, validate licenses, manage account balance, and enforce device limits.
  • To detect fraud, key abuse, account takeover attempts, bot traffic, and security incidents.
  • To operate Discord login/linking, support, transactional email, admin actions, and audit trails.
  • To enforce the Terms and protect Real, our users, and the service.

3. Legal bases

Where GDPR-style laws apply, we rely on contract performance for account and license features, legitimate interests for security and fraud prevention, consent for optional features or future non-essential cookies, and legal obligations where records must be kept by law.

4. Cookies

We use essential cookies for login, CSRF protection, cookie preferences, and Cloudflare bot protection. Optional functional storage is only used if you allow it. The full cookie list is in the Cookies.

5. Sharing

We do not sell your personal data or share it with advertisers. We share data only when needed to operate, secure, or support Real, including with hosting/security providers, transactional email providers, Discord OAuth, ad-step providers when you leave our site for those flows, legal authorities when required, or in connection with a business transfer.

6. Retention

We keep account and device records while your account is active. Deleted accounts are archived first, then permanently deleted when deletion is processed. Short-lived verification, reset, OAuth, setup, device challenge, and launch-token records expire quickly, typically from about 60 seconds to 24 hours depending on the flow. Audit logs, security logs, license history, dispute records, and backups may remain longer when needed for security, fraud prevention, support, legal compliance, or backup-retention cycles.

7. Security

We use HTTPS, HttpOnly session cookies, CSRF protection, rate limits, Cloudflare security controls, password hashing, device public keys, short-lived tokens, and audit logging. No system is perfectly secure. Never paste commands, cookies, CSRF tokens, or one-time codes into the browser developer console.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. You may also withdraw consent for optional features where consent applies. Contact [email protected]; we may need to verify your identity first.

9. Third-party services

We use or link to third-party services such as Cloudflare, Resend, Discord, Work.ink, and reseller pages. Their services are governed by their own policies when they process data directly.

10. Children and international use

Real is not intended for anyone under 13, and we do not knowingly collect data from children under 13. We and our providers may process data in countries other than your own, using lawful transfer mechanisms where required.

11. Changes and contact

We may update this policy by posting a new version at projectreal.net/privacy. Privacy questions can be sent to [email protected] or our Discord.

Last updated: May 14, 2026.