Privacy Policy

Introduction

AddonLab respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal information.

At AddonLab, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes in detail how we collect, use, disclose, and safeguard your information when you visit our website, purchase our products, use our services, or interact with us in any way.

We understand that your privacy is important to you, and we take our responsibility to protect it seriously. This policy applies to all information collected through our website (addonlab.io), our WordPress plugins, email communications, and any related services (collectively referred to as "Services").

Scope of This Policy: This Privacy Policy applies to:

• Personal information collected when you create an account or make a purchase
• Technical data collected when you use our plugins or visit our website
• Communications between you and AddonLab, including support requests
• Marketing and promotional materials you choose to receive from us

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with this policy, please do not access or use our Services.

Information We Collect

We collect the following types of information:

We collect information in several ways when you interact with our Services. The types and amount of information we collect depend on how you use our Services. We collect information directly from you, automatically through your use of our Services, and sometimes from third-party sources.

1. Account Information: Account information (name, email, billing details)

• Personal identifiers: Full name, email address, username, and password
• Billing information: Payment card details, billing address, VAT number (for EU customers), and company information if applicable
• Profile data: Account preferences, communication preferences, and profile photo (if provided)

2. License Activation Data: License activation data (website URL, WordPress version)

• Website information: Domain name, website URL, installation path, and site title
• WordPress environment: WordPress version, PHP version, MySQL version, active theme, and installed plugins (names only, not settings)
• Server information: Server software, operating system type, and hosting provider (where detectable)
• Activation details: License key, activation timestamp, deactivation timestamp, and number of active installations

3. Usage Data: Usage data (plugin downloads, support requests)

• Download activity: Plugin downloads, version numbers accessed, and download timestamps
• Support interactions: Support tickets, email correspondence, chat transcripts, and resolution status
• Account activity: Login dates and times, password changes, settings modifications, and account updates
• Purchase history: Order details, transaction amounts, payment methods used, and invoice history

4. Technical Information: Technical information (IP address, browser type)

• Network information: IP address, internet service provider, geographic location (country/region level only), and network connection type
• Device information: Browser type and version, operating system, device type (desktop/mobile/tablet), screen resolution, and language settings
• Website analytics: Pages visited, time spent on pages, referring websites, search terms used to find us, and navigation patterns
• Error and diagnostic data: Error logs, crash reports, performance data, and plugin compatibility information (collected only when errors occur)

Information We Do NOT Collect: We do not collect sensitive personal information such as social security numbers, racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data. We also do not intentionally collect any information from children under the age of 13.

How We Use Your Information

We use your information to:

The information we collect is used for legitimate business purposes to provide, maintain, and improve our Services. We process your information based on the following legal bases: contract performance, legitimate interests, legal obligations, and your consent where required.

• Service Delivery: Provide and maintain our services This includes creating and managing your account, processing your orders, delivering plugin files, activating licenses, providing updates, and enabling access to your account dashboard.
• Transaction Processing: Process transactions and manage licenses We use your billing information to process payments, issue invoices, handle refunds, detect fraud, and maintain accurate financial records for tax and accounting purposes.
• Communications: Send important updates and support messages We send you transactional emails (order confirmations, license keys, password resets), service updates, security alerts, support responses, and with your consent, promotional emails about new products and offers.
• Product Improvement: Improve our products and services We analyze usage patterns, error reports, and feedback to identify bugs, improve compatibility, develop new features, and enhance overall user experience.
• Security and Fraud Prevention: To protect our Services, users, and business from fraudulent transactions, unauthorized access, abuse, security threats, and violations of our Terms of Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests, including tax obligations, data protection laws, and intellectual property rights enforcement.
• Customer Support: To respond to your inquiries, troubleshoot problems, provide technical assistance, and resolve disputes or complaints in a timely and effective manner.
• Analytics and Research: To understand how users interact with our Services, conduct market research, analyze trends, measure the effectiveness of our marketing campaigns, and make data-driven business decisions.

We will only use your information for the purposes described in this Privacy Policy or as disclosed to you at the time of collection. If we need to use your information for a new purpose not covered by this policy, we will notify you and, where required by law, seek your consent.

Information Sharing

We do not sell your personal information to third parties.

We Do NOT Sell Your Personal Information: AddonLab does not sell, rent, or trade your personal information to third parties for their marketing purposes. Your privacy and trust are paramount to us.

However, we may share your information with trusted third parties in the following limited circumstances:

• Payment Processors: We use secure third-party payment processors (such as Stripe or PayPal) to handle payment transactions. These processors have access to your payment information only to process your purchase and are bound by strict security and privacy requirements.
• Service Providers: We engage trusted service providers to assist with business operations, such as email delivery services, cloud hosting providers, analytics services, and customer support platforms. These providers only access information necessary to perform their functions and are prohibited from using it for other purposes.
• Legal Requirements: We may disclose your information if required by law, court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.
• With Your Consent: We may share your information with third parties when you have given us explicit permission to do so, such as when you authorize us to share information with a third-party integration or service.

All third parties with whom we share your information are required to maintain the confidentiality and security of your information and are prohibited from using it for purposes other than those for which it was provided. We carefully vet our service providers and enter into data processing agreements with them to ensure your data is protected.

Data Security

We implement appropriate security measures to protect your personal information.

The security of your personal information is a top priority at AddonLab. We implement and maintain comprehensive technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. However, please note that no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Our Security Measures Include:

• Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols (256-bit encryption). Sensitive data stored in our databases, including passwords and payment information, is encrypted at rest using AES-256 encryption.
• Access Controls: We employ strict access controls and authentication mechanisms to ensure that only authorized personnel with a legitimate business need can access personal information. All access is logged and monitored. We use multi-factor authentication (MFA) for administrative access to our systems.
• Secure Infrastructure: Our servers and infrastructure are hosted with reputable cloud service providers that maintain SOC 2 Type II compliance and implement physical security controls including 24/7 surveillance, biometric access controls, and environmental monitoring.
• Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses. Our code undergoes security reviews before deployment.
• Monitoring and Intrusion Detection: We maintain 24/7 security monitoring and intrusion detection systems that alert us to suspicious activity, unauthorized access attempts, and potential security incidents in real-time.
• Firewall Protection: Our network infrastructure is protected by enterprise-grade firewalls and DDoS mitigation systems to prevent unauthorized access and service disruptions.
• Backup and Disaster Recovery: We maintain regular encrypted backups of all data and have comprehensive disaster recovery procedures in place to ensure business continuity and data availability in the event of a system failure or catastrophic event.
• Employee Training: All employees with access to personal information undergo regular security awareness training and are bound by confidentiality obligations. Employees are trained on data protection best practices, phishing prevention, and incident response procedures.
• Secure Development Practices: We follow secure coding standards and implement security controls throughout the software development lifecycle, including input validation, output encoding, parameterized queries to prevent SQL injection, and protection against common vulnerabilities (OWASP Top 10).
• Payment Security: We do not store complete credit card information on our servers. All payment processing is handled by PCI DSS Level 1 compliant payment processors (Stripe, PayPal) who specialize in secure payment handling.

Data Breach Response: In the unlikely event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities within 72 hours of becoming aware of the breach, as required by applicable law. We will provide information about the nature of the breach, the data affected, potential consequences, and steps we are taking to address the breach and prevent future incidents.

Your Responsibility: While we implement robust security measures, you also play a critical role in protecting your information. Please use a strong, unique password for your account, enable two-factor authentication if available, keep your login credentials confidential, log out after using shared computers, and report any suspicious activity or unauthorized access to your account immediately.

Security Limitations: Despite our best efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against interception or misuse. While we strive to protect your personal information, we cannot guarantee its absolute security. Any transmission of personal information is at your own risk.

Your Rights

You have the right to:

Depending on your location and applicable data protection laws (including the General Data Protection Regulation "GDPR" for European Union residents and the California Consumer Privacy Act "CCPA" for California residents), you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with control over your data.

Your Privacy Rights Include:

• Right to Access: Access and review your personal information You have the right to request a copy of the personal information we hold about you. This includes information about the categories of data we collect, the sources from which we collected it, the purposes for which we use it, and the third parties with whom we share it. We will provide this information in a clear, structured format.
• Right to Rectification/Correction: Request correction of inaccurate information You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can update most information directly through your account settings, or you may contact us for assistance with corrections.
• Right to Erasure/Deletion ("Right to be Forgotten"): Request deletion of your data You have the right to request that we delete your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected, you withdraw consent, or you object to processing. Please note that we may need to retain certain information for legal or legitimate business purposes (e.g., tax records, fraud prevention, resolving disputes).
• Right to Data Portability: Opt-out of marketing communications You have the right to receive your personal information in a structured, commonly used, and machine-readable format (such as CSV or JSON) and to transmit that data to another service provider. This right applies to information you provided to us with your consent or under a contract.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data, the processing is unlawful but you prefer restriction over deletion, or you need the data for legal claims even though we no longer need it.
• Right to Object: You have the right to object to our processing of your personal information where we rely on legitimate interests as the legal basis for processing. Upon receiving an objection, we will stop processing your information unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.
• Right to Opt-Out of Marketing: You have the right to opt out of receiving marketing communications from us at any time. You can unsubscribe by clicking the "unsubscribe" link in any marketing email, updating your communication preferences in your account settings, or contacting us directly. Please note that even if you opt out of marketing emails, you will still receive transactional emails related to your account and purchases.
• Right to Withdraw Consent: Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: If you believe we have not handled your personal information in accordance with applicable data protection laws, you have the right to lodge a complaint with your local supervisory authority or data protection regulator. For EU residents, a list of supervisory authorities is available at the European Data Protection Board website.

How to Exercise Your Rights: To exercise any of these rights, please contact us at hello@addonlab.io or through your account settings where applicable. When submitting a request, please include sufficient information to allow us to verify your identity and locate your information in our systems. This may include your name, email address, account username, and details of your request.

Response Time: We will respond to your request within 30 days (or as otherwise required by applicable law) of receiving a verifiable request. If we need additional time (up to 90 days total), we will inform you of the reason and extension period. If we decline to take action on your request, we will explain why and inform you of your right to appeal.

Verification Process: To protect your privacy and security, we will verify your identity before processing your request. We may request additional information to confirm your identity and ensure we are providing information to or deleting information for the correct person. The verification steps may vary depending on the sensitivity of the request and your relationship with us.

No Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive discriminatory treatment with respect to pricing, service quality, or access to our Services for exercising your rights.

Authorized Agents: You may designate an authorized agent to make a request on your behalf. The authorized agent must provide written proof of authorization, and we may also require you to verify your identity directly with us and confirm that you provided the authorized agent permission to submit the request.

Cookies

We use cookies to enhance your experience.

We use cookies and similar tracking technologies to track activity on our service and store certain information. Cookies are files with a small amount of data that are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

The types of cookies we use include:

• Essential Cookies: Required for the operation of our website, including authentication and security features.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.

International Data Transfers

Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located outside our primary operating region and choose to provide information to us, please note that we transfer the data to our servers and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Usage data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our service, or we are legally obligated to retain this data for longer time periods.

Children's Privacy

Our service is not intended for use by children under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers promptly.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of our service after any changes to this Privacy Policy constitutes your acceptance of such changes.