Legal

Privacy policy

Last updated: January 26, 2026
At Orphilia, we take your privacy seriously. This policy explains how we collect, use, disclose, and safeguard your information when you use our Spotify Premium upgrade service.

Table of contents

  1. Information we collect
  2. How we use your information
  3. Data sharing and disclosure
  4. Cookies and tracking
  5. Data security
  6. Data retention
  7. Your rights (GDPR)
  8. Third-party services
  9. Children's privacy
  10. Changes to this policy
  11. Contact us

01 Information we collect

1.1 Information you provide

  • Account information: email, password (encrypted), username.
  • Spotify credentials: username and password — transmitted over TLS, used immediately for the upgrade, never stored in our database or logs.
  • Payment information: handled by secure payment providers. We do not store card details.
  • Purchase information: purchase ID, transaction history, keys purchased.
  • Reseller information: API keys, business details.

1.2 Automatically collected

  • Usage data: IP address, browser type, device info, access times.
  • Log data: API requests, key usage, upgrade history.
  • Cookies: session cookies, authentication tokens.
  • Security data: bot-detection verification, rate-limit data.

02 How we use your information

  • Service delivery: process Spotify Premium upgrades and renewals.
  • Account management: create and maintain your account, manage API keys.
  • Payment processing: transactions via secure providers.
  • Email communications: order confirmations, key delivery, password resets.
  • Customer support: respond to inquiries, technical assistance.
  • Security: prevent fraud, abuse, and unauthorized access.
  • Improvements: analyze usage to improve the service.
  • Legal compliance: meet legal obligations and enforce our Terms.

03 Data sharing and disclosure

We do not sell your personal information. We share data only in these cases:

3.1 Service providers

  • Payment processors: PCI DSS compliant.
  • Email service: transactional email delivery.
  • CDN provider: DDoS protection, content delivery.
  • Hosting provider: server infrastructure.

3.2 Legal requirements

We may disclose information if required by law, court order, or to protect our rights and safety.

04 Cookies and tracking

We use cookies for:

  • Authentication: keep you logged in (HTTP-only, secure cookies).
  • Security: CSRF protection, session management.
  • Performance: caching for faster page loads.
  • Bot protection: automated security verification.

05 Data security

We implement industry-standard security measures:

  • Encryption: TLS/SSL in transit, AES-256 at rest.
  • Password security: bcrypt hashing with salt.
  • API security: SHA-256 hashed keys, rate limiting.
  • Database: encrypted storage with access controls.
  • Monitoring: automated scanning, intrusion detection.
  • Staff access: need-to-know basis only.
Note: no transmission method over the internet is 100% secure. While we strive to protect your data, absolute security cannot be guaranteed.

06 Data retention

  • Account data: while your account is active.
  • Transaction records: 7 years (legal/tax requirements).
  • Support tickets: 2 years for quality assurance.
  • Logs: 90 days for security and debugging.
  • Deleted accounts: data anonymized or removed within 30 days.

07 Your rights (GDPR)

Under GDPR and CCPA, you have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion (the "right to be forgotten").
  • Portability: export your data in machine-readable format.
  • Restriction: limit how we process your data.
  • Objection: object to processing of your data.
  • Withdraw consent: opt out of marketing communications.
To exercise these rights: email [email protected] or use the account deletion feature in your dashboard.

08 Third-party services

We use third-party services to help deliver our service. They have their own privacy policies. We are not responsible for their practices.

All third-party providers we work with are vetted for security and compliance standards.

09 Children's privacy

Our service is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has provided personal information, contact us at [email protected].

10 Changes to this policy

We may update this policy from time to time. Changes are posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance.

11 Contact us

For privacy questions or to exercise your rights:

Important: Orphilia is not affiliated with, endorsed by, or sponsored by Spotify AB. Spotify is a registered trademark of Spotify AB.
See also: Terms of service · FAQs · Contact
Lock in Lifetime Premium - From $25.99