Privacy Policy

Last Updated: April 3, 2026

1. Introduction

Welcome to Mi-CPID ("we", "our", "us"). We provide Xiaomi IMEI Certificate Delivery services to device repair professionals and resellers worldwide. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

By accessing or using our platform, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services immediately.

2. Information We Collect

We collect the following categories of personal and technical data:

• Account Data: Name, email address, password (hashed), registration date.
• Transaction Data: Credit purchase history, payment references, cryptocurrency transaction IDs (wallet addresses are not stored beyond what is needed for verification).
• Service Data: Device IMEI numbers, device models, certificate request details, ticket numbers, and approval status submitted when you order IMEI certificates.
• Usage Data: IP address, browser type, operating system, pages visited, access timestamps, and referring URLs — collected automatically via server logs.
• Communication Data: Messages you send to our support team or through contact forms.

3. How We Use Your Information

We use collected information for the following purposes:

• To create and manage your account and verify your identity.
• To process certificate orders and deliver approved files.
• To process credit purchases and maintain billing records.
• To communicate service updates, order status changes, and support responses.
• To detect, prevent, and investigate fraudulent or unauthorized activity.
• To improve our platform, user experience, and service reliability.
• To comply with applicable legal obligations and law enforcement requests.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal bases for processing your personal data include:

• Contract Performance: Processing is necessary to deliver the services you ordered.
• Legitimate Interests: Fraud prevention, platform security, and improving our services.
• Legal Obligation: Compliance with applicable laws and regulations.
• Consent: Where required, we obtain your explicit consent (e.g., marketing communications).

5. Sharing of Information

We do not sell, rent, or trade your personal data. We may share your information only in the following circumstances:

• Service Providers: Trusted third-party vendors (e.g., hosting, payment processors) who assist in operating our platform, under strict confidentiality obligations.
• Reseller Partners: If you registered through a reseller, your account email and activation status may be shared with the authorising reseller.
• Legal Requirements: When required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of business assets, subject to equivalent privacy protections.

We never share IMEI or device data with third parties outside the scope of certificate delivery.

6. Cookies and Tracking

We use essential session cookies to maintain your login state and deliver core functionality. For full details, please see our Cookie Policy. We do not use third-party advertising trackers or analytics cookies without your consent.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained for the duration of your account and up to 3 years after deletion for legal compliance.
• Certificate and IMEI data is retained for a minimum of 2 years for audit and dispute resolution purposes.
• Payment records are retained for a minimum of 7 years as required by financial regulations.
• Server logs are retained for up to 90 days and then deleted.

8. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

• HTTPS/TLS encryption for all data in transit.
• Bcrypt hashing for all stored passwords.
• Access controls and role-based permissions limiting data access to authorised personnel only.
• Regular security assessments of our infrastructure.

Despite our efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your data, subject to legal retention requirements.
• Restriction: Request that we limit processing of your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at our support page. We will respond within 30 days.

10. International Data Transfers

Our servers may be located outside your country of residence. By using our services, you consent to the transfer of your data to these locations. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with applicable law.

11. Children's Privacy

Our services are intended for professional use by individuals aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of our services after changes constitutes acceptance of the revised policy. We encourage you to review this page periodically.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy, please contact us through our Support page. We are committed to resolving any privacy-related concerns promptly and transparently.