Privacy Policy
Last updated: November 5, 2025
This Privacy Policy explains what we collect, how we use it, and the choices you have. It covers our website, checkout, account, licensing system, and subscription services (the “Service”).
1. What We Collect
We collect only what we need to operate accounts, process payments, prevent fraud/abuse, and run the Service.
Account & Checkout
- Email address (required to create your account, deliver licenses, and send receipts/important notices).
- Payments are handled by third-party payment processors. We do not store full card numbers.
- We may receive limited payment details (e.g., payment status, last-4, transaction IDs) for receipts and support.
Licensing & Activations
To manage activations, prevent fraud, and enforce trial limits, we store certain device and installation identifiers, which may include:
- Basic device information (e.g., device type/model, operating system type).
- Generated identifiers used to associate activations with your account and detect abuse.
Website Analytics
- We use an analytics/UX measurement provider (e.g., heatmaps and usage metrics) to understand site performance and improve usability.
- We avoid sending personal account identifiers to analytics tools where reasonably possible.
Email & Support
- Transactional messages (receipts, license notices, important service communications) may be delivered through an email delivery provider.
- Support communications you send to us (emails and attachments) are retained to resolve issues and maintain service history.
- Optional marketing (new plugin releases) is sent only if you opt in, and you can unsubscribe at any time.
2. How We Use Data (and Legal Bases)
- Provide the Service (create accounts, enable downloads, manage licenses/activations) — Contract
- Process payments and send receipts — Contract
- Fraud & abuse prevention (license integrity, trial limits) — Legitimate Interests
- Improve the website (performance and usability analytics) — Legitimate Interests
- Marketing (optional) new plugin releases — Consent
- Legal compliance (tax, accounting, security) — Legal Obligation
Transactional emails (receipts, license notices, important service messages) are necessary to operate the Service and are not subject to marketing opt-out.
3. Cookies & Similar Technologies
We use essential cookies for account/session and payment workflows, and (where enabled) analytics cookies for site measurement.
- Essential: required for login, checkout, and subscription management.
- Analytics: helps us understand site usage and improve the user experience.
Where required by law, we will request consent before setting non-essential analytics cookies.
4. Sharing & Service Providers
We do not sell personal information.
We share personal information only with service providers who help us operate the Service, such as:
- Payment processors (to process purchases and subscriptions).
- Email delivery providers (to send receipts and service messages, and optional marketing if you opt in).
- Analytics/measurement providers (to improve usability and performance).
- Hosting and infrastructure providers (to run and secure the Service).
These providers process data on our behalf under their own privacy and security terms. We share only what’s necessary to operate the Service. You can request a current list of key service-provider categories (and, where appropriate, names) by emailing admin@420plugins.com.
5. Data Retention
- Activation and fraud-prevention identifiers: retained for up to 2 years after last use.
- Invoices and transactional records: retained for up to 7 years for tax and accounting.
- You can request deletion (see Rights below). Some records may be retained where legally required or needed to protect the Service.
6. Your Choices & Rights
- Access/Deletion/Correction: Request a copy, deletion, or fix inaccuracies.
- Marketing opt-out: You can opt out of marketing emails at any time.
- Region-specific rights: We honor applicable rights under GDPR/UK GDPR and U.S. state privacy laws where you reside.
To make a request, email admin@420plugins.com. We may verify your identity to protect your account.
7. Security & International Transfers
We use reasonable technical and organizational measures to protect personal data. No method is 100% secure. Data may be processed in Canada and other jurisdictions where our service providers operate.
8. Children
The Service is not directed to children under 13. If you are under 18, a parent or legal guardian must handle payments. If you believe a child provided us personal data, contact us and we will delete it.
9. Changes to this Policy
We may update this Policy as our Service evolves. For material changes, we aim to provide notice (typically 30 days) by email and/or in-product messaging. Your continued use after the effective date constitutes acceptance.
10. Contact
Questions or requests: admin@420plugins.com