Privacy Policy

This is the short version: we keep the data we need to run the service and nothing else. We don't sell anything to anyone. Here's exactly what gets stored where.

1. Data we collect

Account: email, display name, password (hashed, never stored in plaintext), and your first/last name if you provide one. Created when you sign up.
Purchases: the WooCommerce order record — item, price, payment processor (Stripe or PayPal), billing country, and the redacted last 4 of the card when applicable.
Downloads: for every file you grab, we log the resource id, your IP, user-agent, and timestamp. This is used for rate-limit enforcement and refund-prorating only.
Wishlist: the product ids you've saved, stored against your user record.
Support tickets: the messages you send via the Report / Update / General forms.

2. Data we do NOT collect

Credit-card numbers — Stripe and PayPal store those, we never see the full PAN.
Browsing patterns outside this site. No third-party trackers are loaded by default.
Anything you do with files after you've downloaded them.

3. Third parties

Stripe — processes card payments. Their privacy policy applies to cardholder data.
PayPal — when you check out with PayPal, the same applies for that data.
Cloudflare — sits in front of the site as a CDN and rate-limiter. Cloudflare may log IPs at the edge for abuse prevention.
Gravatar — if you have a Gravatar attached to the email you signed up with, your account avatar is loaded from gravatar.com (a hash of your email goes out per request). You can remove or change your Gravatar from gravatar.com directly.
Meta (Facebook) Conversions API — when enabled by the admin, we send anonymised purchase events to Meta to attribute paid-ad performance. The data sent is hashed; raw PII never leaves our server. Disable by opting out in our cookie banner when present, or by emailing us.

4. Cookies

We set a minimum set: a session cookie for the JWT auth, a cart cookie that holds the items in your cart while you're logged out, and a preference cookie for your light/dark mode choice. See the Cookies page for the full list.

5. Your rights

You can:

Export your account data — open a ticket and we'll email it within 7 days as JSON.
Delete your account — from Settings or by request. We hard-delete within 30 days; downloads stay yours.
Object to specific processing (e.g. Meta Conversions tracking) — email us; we'll honour the request immediately.

6. Data retention

Active accounts: indefinitely while in use.
Inactive accounts: archived after 24 months, deleted after 36.
Orders + download history: 7 years (tax / accounting requirement).
Support tickets: 3 years from last activity.

7. Security

Everything is over HTTPS. Passwords are bcrypt-hashed (via WordPress). JWTs are short-lived. Database backups are encrypted at rest. If we ever suffer a breach affecting your data, we'll notify the affected accounts within 72 hours.

8. Contact

Open a ticket on your account for anything privacy-related and we'll respond within 7 days, faster on account-deletion or breach-related issues.

Last updated: May 19, 2026.

This is the short version: we keep the data we need to run the service and nothing else. We don't sell anything to anyone. Here's exactly what gets stored where.

1. Data we collect

Account: email, display name, password (hashed, never stored in plaintext), and your first/last name if you provide one. Created when you sign up.
Purchases: the WooCommerce order record — item, price, payment processor (Stripe or PayPal), billing country, and the redacted last 4 of the card when applicable.
Downloads: for every file you grab, we log the resource id, your IP, user-agent, and timestamp. This is used for rate-limit enforcement and refund-prorating only.
Wishlist: the product ids you've saved, stored against your user record.
Support tickets: the messages you send via the Report / Update / General forms.

2. Data we do NOT collect

Credit-card numbers — Stripe and PayPal store those, we never see the full PAN.
Browsing patterns outside this site. No third-party trackers are loaded by default.
Anything you do with files after you've downloaded them.

3. Third parties

Stripe — processes card payments. Their privacy policy applies to cardholder data.
PayPal — when you check out with PayPal, the same applies for that data.
Cloudflare — sits in front of the site as a CDN and rate-limiter. Cloudflare may log IPs at the edge for abuse prevention.
Gravatar — if you have a Gravatar attached to the email you signed up with, your account avatar is loaded from gravatar.com (a hash of your email goes out per request). You can remove or change your Gravatar from gravatar.com directly.
Meta (Facebook) Conversions API — when enabled by the admin, we send anonymised purchase events to Meta to attribute paid-ad performance. The data sent is hashed; raw PII never leaves our server. Disable by opting out in our cookie banner when present, or by emailing us.

4. Cookies

5. Your rights

You can:

Export your account data — open a ticket and we'll email it within 7 days as JSON.
Delete your account — from Settings or by request. We hard-delete within 30 days; downloads stay yours.
Object to specific processing (e.g. Meta Conversions tracking) — email us; we'll honour the request immediately.

6. Data retention

Active accounts: indefinitely while in use.
Inactive accounts: archived after 24 months, deleted after 36.
Orders + download history: 7 years (tax / accounting requirement).
Support tickets: 3 years from last activity.

7. Security

8. Contact

Open a ticket on your account for anything privacy-related and we'll respond within 7 days, faster on account-deletion or breach-related issues.

Last updated: May 19, 2026.

Privacy Policy

1. Data we collect

2. Data we do NOT collect

3. Third parties

4. Cookies

5. Your rights

6. Data retention

7. Security

8. Contact

Ship a client site this weekend — for $8.99.

Privacy Policy

1. Data we collect

2. Data we do NOT collect

3. Third parties

4. Cookies

5. Your rights

6. Data retention

7. Security

8. Contact

Ship a client site this weekend — for $8.99.