Privacy
Privacy Policy
How LicenceForge collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR).
1. Data Controller
The data controller responsible for your personal data is:
352 Digital S.à r.l.
Luxembourg
Email: [email protected]
This website is hosted by CloudHosting.lu (Luxembourg), ensuring your data is processed within the European Economic Area (EEA).
2. Data We Collect
2.1 Data you provide directly
- Contact form submissions: name, email address, subject, and message content when you use our contact form (powered by Contact Form 7).
- Purchase information: name, email address, billing address, and payment details (processed by Stripe — we never store full card numbers on our servers).
- Licence activation data: site URL, licence key, and product information when you activate a licence.
2.2 Data collected automatically
- Server logs: IP address (anonymised), browser type, referring URL, pages visited, and timestamps. These logs are retained for security purposes and automatically purged.
- Cookies and similar technologies: See Section 5 and our Cookie Policy for full details.
- Analytics data: Anonymised usage data collected via Google Analytics with IP anonymisation enabled. See Section 6.
2.3 Data we do not collect
We do not collect special categories of personal data (e.g. health data, racial or ethnic origin, political opinions, religious beliefs, or biometric data).
3. Legal Basis for Processing
Under the GDPR, we process your personal data on the following legal bases:
| Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|
| Fulfilling your purchase and delivering licence keys | Performance of a contract (Art. 6(1)(b)) |
| Responding to contact form enquiries | Legitimate interest (Art. 6(1)(f)) |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Analytics (with consent) | Consent (Art. 6(1)(a)) |
| Setting non-essential cookies | Consent (Art. 6(1)(a)) |
| Legal compliance (tax, accounting records) | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
We use your personal data to:
- Process purchases, issue licence keys, and manage your account.
- Provide software updates and validate active licences.
- Respond to support requests and contact form enquiries.
- Improve the security and performance of our website and services.
- Analyse anonymised usage patterns to improve our product and website (only with your consent).
- Comply with applicable legal and tax obligations.
We will never sell, rent, or trade your personal data to third parties for marketing purposes.
5. Cookies & Tracking
This website uses cookies and similar technologies. We use the 352 Consent plugin to manage cookie consent, ensuring compliance with the GDPR and ePrivacy Directive.
No non-essential cookies are placed until you give explicit consent. You can withdraw your consent at any time by adjusting your cookie preferences through the consent banner or by visiting our Cookie Policy page.
Consent records are logged and stored to demonstrate compliance. The consent mechanism implements Google Consent Mode v2, which communicates your preferences to Google services.
For full details on each cookie used, its purpose, and its duration, please see our Cookie Policy.
6. Analytics
We use Google Analytics 4 (via Google Site Kit) with the following privacy-preserving measures:
- IP anonymisation is enabled — your full IP address is never transmitted to Google.
- Google Consent Mode v2 is implemented — analytics only runs after you grant consent.
- No advertising features are enabled (no remarketing, no demographics and interests reporting).
- Data retention is set to the minimum period.
- Data Processing Agreement with Google is in place.
- Analytics data is not combined with data from other Google services.
We use Google Search Console for understanding search performance. This processes anonymised, aggregated search query data and does not identify individual users.
7. Third-Party Services
We share personal data with the following third parties, each acting as a data processor under a Data Processing Agreement (DPA):
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| CloudHosting.lu | Website hosting | All data stored on our servers | Luxembourg (EEA) |
| Cloudflare | CDN, DDoS protection, DNS | IP address, request headers | Global (EU-compliant) |
| Stripe | Payment processing | Name, email, billing address, card details | EU/US (SCCs in place) |
| Google Analytics | Anonymised website analytics | Anonymised IP, page views, events | EU/US (consent-based) |
| Zoho Mail | Business email | Email correspondence content | EU data centres |
| Microsoft 365 | Business email and productivity | Email correspondence content | EU data centres |
| Mailgun | Transactional email delivery | Email address, email content | EU/US (DPA in place) |
| Imagify | Image optimisation | Uploaded images only (no personal data) | France (EEA) |
8. International Data Transfers
Where data is transferred outside the EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- EU–US Data Privacy Framework certification where applicable (Stripe, Google, Microsoft, Cloudflare).
- Adequacy decisions where available.
Our primary hosting is in Luxembourg via CloudHosting.lu, keeping the majority of your data within the EEA.
9. Data Retention
We retain personal data only as long as necessary for the purpose it was collected:
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 12 months, then deleted |
| Purchase and licence records | Duration of licence + 10 years (Luxembourg tax law) |
| Server logs | 90 days |
| Analytics data | 14 months (Google Analytics default minimum) |
| Cookie consent records | 12 months from consent date |
10. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17) — request deletion of your personal data (“right to be forgotten”).
- Right to restrict processing (Art. 18) — request that we limit how we use your data.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3)) — withdraw previously given consent at any time.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (CNPD), the Luxembourg data protection authority:
CNPD — cnpd.public.lu
11. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, including:
- TLS/SSL encryption for all data in transit.
- AES-256 encryption for sensitive data at rest (licence keys, API credentials).
- Cloudflare DDoS protection and Web Application Firewall.
- WordPress security hardening via Wordfence and iThemes Security.
- Regular automated backups via BackupBuddy.
- Rate limiting on API endpoints and login pages.
- HMAC-SHA256 hashing for licence keys (never stored in plaintext).
- Access restricted to authorised personnel only.
12. Children’s Privacy
Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Any material changes will be communicated by updating the “Effective” date at the top of this page. We encourage you to review this policy periodically.
14. Contact
For any privacy-related questions, data requests, or concerns:
352 Digital S.à r.l.
Email: [email protected]
Website: licenceforge.com/contact