WWhiteLands
Order

Privacy Policy

Effective from January 1, 2026 · Last updated: 8 June 2026 · GDPR-compliant

1. Who we are

"WhiteLands" — a landing page generation service available at white-lands.com. We act as the data controller within the meaning of EU Regulation 2016/679 (GDPR).

Contact for data-related questions: Telegram

2. What data we collect

2.1. Order data

When you fill the form at /en/order, we collect:

  • Contact (Telegram username or email) — so we can reach out to fulfil the order
  • Order details (pack, lander type, niche, language, domain mode, notes) — to deliver the service
  • IP address (in hashed form) — for anti-fraud and basic analytics
  • User Agent (browser/OS family, truncated) — for stats

2.2. Visit data (analytics)

When you visit the site we automatically collect:

  • Hashed IP address (SHA-256 + salt — cannot be reversed)
  • URL path of the page visited
  • HTTP Referer (where you came from)
  • Browser language
  • Browser + OS type (category, not full fingerprint)

We do NOT collect: precise location, data from other sites, biometrics, browsing history outside our site, links to your Google/Facebook accounts.

2.3. Payment data

Payments are made in USDT cryptocurrency (TRC20/BEP20) to our wallet or via Monobank (₴). We see only the transaction hash/ID and the amount. We do not have access to your bank data, card details, or private wallet keys.

2.4. Account & balance data

If you register an account, we additionally store:

  • Email — for login and contact (the password is stored only as a cryptographic hash — we never see it)
  • Balance & operations log (top-ups, bonuses, deductions for orders) — for accurate accounting
  • API keys (if created) — stored only as a hash
  • Payment claims (method, transaction hash/ID) — for reconciling payments

3. How we use it

Data typePurposeLegal basis (GDPR)
ContactOrder fulfilmentContract (Art. 6.1.b)
Order detailsLander generationContract (Art. 6.1.b)
Email / accountLogin, balance, contactContract (Art. 6.1.b)
Balance / paymentsAccounting of payments & top-upsContract + legal obligation (Art. 6.1.b, 6.1.c)
Hashed IPAnti-fraud, analyticsLegitimate interest (Art. 6.1.f)
Visits (anonymous)Site improvementLegitimate interest (Art. 6.1.f)

We do NOT use your data for:

  • Advertising through third-party platforms (remarketing etc.)
  • Selling/transferring to data brokers
  • Profiling beyond what's needed to deliver the service

4. Cookies and tracking

Our site uses minimal cookies:

  • Technical (session token, language) — required for the site to function
  • Analytical (internal anonymous analytics) — to understand traffic

We do NOT use: Google Analytics, Facebook Pixel, TikTok Pixel, or third-party ad cookies.

You can block cookies in your browser settings — the site will continue to work with some limitations.

5. Third-party services

To deliver the service we use:

ServicePurposeData transferred
CloudflareCDN, DDoS protectionIP, HTTP headers
Anthropic APILander content generationGeneration parameters (niche, language)
MonobankAccepting UAH payments (jar)Amount + payment identifier
TelegramClient communicationUsername (with consent)
VPS providerSite and data hostingAll site data

We do not transfer your personal data to third parties for advertising or commercial purposes.

6. Data retention

  • Orders — stored for 12 months from fulfilment, then deleted
  • Generated landers — 30 days from delivery, then auto-deleted
  • Analytics data (hashed) — 12 months
  • Transaction logs — 24 months (for financial-compliance purposes)
  • Account & balance data — while the account is active; deleted on request (financial logs may be kept up to 24 months)

7. Your rights (GDPR)

If you are in the EU/EEA, you have the following rights:

  • Access — get a copy of your data
  • Rectification — correct inaccurate data
  • Erasure ("right to be forgotten") — request deletion of your data
  • Restriction of processing — prohibit certain types of processing
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Complaint — file a complaint with your country's supervisory authority

To exercise any right — write to Telegram. We respond within 30 days (usually faster).

8. Data security

We apply technical and organisational protection measures:

  • TLS 1.3 encryption for all traffic (HTTPS)
  • Passwords — PBKDF2-HMAC-SHA256, 600,000 iterations
  • IP addresses — SHA-256 hashing with salt
  • Sessions are signed (HMAC); API keys and passwords are stored only as hashes
  • Restricted server access (SSH keys only, no passwords)
  • Regular database backups
  • Admin access behind authentication (login/session) + request rate-limiting against brute-force

In case of a data breach — we notify within 72 hours (per GDPR Art. 33).

9. Contacts

Data-related requests: Telegram

General questions: Telegram

Address: provided on request for DPO communications