privacy policy
last updated: may 11, 2026
1. identity & contact
the controller responsible for personal data processed through drift is roberta gorczany, 558 w van buren st, chicago, illinois 60607, united states. for privacy requests, contact privacy@kfcclient.com.
2. data we collect
we collect personal data to provide service, manage licenses, and maintain security. hashed or pseudonymized identifiers are still treated as personal data where applicable law requires. we collect:
- identifiers: ip address, hwid/device ids, pc username, license/account ids.
- security & telemetry: app integrity, license status, crash logs, anti-tamper signals, abuse indicators, os info, version, session ids.
- logs: timestamps, diagnostic events, access logs.
3. purposes & basis
we process data based on: (a) contract necessity to provide service; (b) legitimate interests in preventing fraud, license abuse, and protecting ip; and (c) legal obligations to comply with law and respond to lawful requests. our legitimate interests include maintaining platform integrity and enforcing terms.
4. recipients & transfers
we don't sell personal data. we share with processors (hosting, cloud infrastructure, diagnostics, fraud prevention, security consultants) under strict confidentiality and data-protection agreements. where required, we use appropriate safeguards for international transfers, such as standard contractual clauses or other legally recognized mechanisms.
5. technical implementation, privacy requests & trade secrets
we disclose categories of personal data and legally required information about processing. privacy rights do not grant permission to reverse engineer, bypass, monitor, inspect, decompile, debug, intercept, or circumvent the service.
responses to privacy rights requests will not disclose source code, exact algorithms, signing keys, secrets, license validation logic, hwid/device-check logic, anti-tamper logic, anti-abuse logic, detection rules, registry/file checks, bypass methods, security architecture, or other confidential technical information except where disclosure is expressly required by applicable law.
where applicable law requires meaningful information about automated decisions or processing logic, we will provide an appropriate explanation of the general procedure, categories of data used, significance, and expected consequences, while protecting trade secrets, security measures, confidential technical information, and the rights and freedoms of others.
if a privacy request creates a conflict between access rights and trade secret or security protection, we may provide a generalized, redacted, or confidential response, or use another legally recognized method to balance those rights.
6. retention
we keep data while your access or use of the service is active or as needed for security, fraud prevention, legal duties, dispute resolution, or enforcement of the terms. retention criteria include the nature of the data, the purpose of processing, legal requirements, and the risk of harm from unauthorized use or disclosure. security logs may be retained for up to 24 months unless a longer period is required for abuse investigations, security incidents, disputes, legal claims, or compliance obligations. other personal data may be retained for the duration of your access or use of the service, plus up to 24 months after your last use where needed for fraud prevention, payment dispute handling if paid features are used, legal compliance, dispute resolution, or enforcement of the terms.
7. automated systems
we may use automated or partly automated systems for license/access verification, security, anti-abuse, fraud prevention, and protection of the service.
these systems may use technical signals such as license/access status, device or environment signals, integrity checks, abuse indicators, timestamps, diagnostics, and access logs.
we provide legally required information about automated decisions while protecting trade secrets, security measures, anti-abuse logic, detection rules, license validation logic, hwid/device-check logic, and other confidential technical information.
8. your rights
you may have rights to access, correct, delete, port, or object to processing. you may also request restriction of processing and withdrawal of consent where processing is based on consent. contact privacy@kfcclient.com to submit a request. we respond to privacy requests within the time required by applicable law. identity verification is required. you also have the right to lodge a complaint with a supervisory authority in your jurisdiction.
9. children & security
drift is not intended for children under 13. we do not knowingly collect personal data from children under 13. if you believe a child under 13 provided personal data, contact privacy@kfcclient.com and we will take reasonable steps to delete it. we implement appropriate technical measures (encryption, access controls) to protect your data.