Privacy Policy

1. Overview

This Privacy Policy explains how we may collect, use, store, share, and protect information when you use WoPixel, purchase marketplace projects, request delivery, access handoff details, use plugins, contact support, or interact with our websites and services.

Customers who operate their own delivered websites are responsible for their own privacy notices, cookie notices, data processing obligations, end-user consents, and legal compliance. This policy covers our marketplace and service operations, not the customer's independent business operations.

2. Data We May Collect

We may collect account details such as name, email address, username, password hashes, preferred language, workspace information, profile data, support messages, and account status. We may also collect purchase records, project selections, selected plugins, selected domains, payment references, transaction metadata, invoice details, purchase codes, fulfillment status, handoff notes, admin login URLs, delivery credentials, and access account details provided for handoff.

We may collect technical information such as IP address, browser, device data, user agent, session data, logs, security events, login activity, error reports, and timestamps. We may collect communications you send to us, including support tickets, live chat messages, emails, complaint responses, and documents or screenshots you provide.

3. Payment and Transaction Data

Payments may be handled by third-party payment providers, crypto payment processors, banks, or wallet providers. We may store transaction references, payment status, amount, currency, provider identifiers, order IDs, payment URLs, confirmations, dispute records, and related metadata. We generally do not store full payment card numbers unless explicitly provided by a payment provider under its own rules.

4. Why We Use Data

We use data to create accounts, authenticate users, process purchases, deliver projects, configure domains, grant plugin access, verify purchase codes, provide support, send service notices, maintain transaction records, detect fraud, prevent abuse, investigate complaints, enforce legal terms, respond to payment disputes, maintain security, and comply with legal or payment-provider obligations.

5. Legal and Safety Uses

We may use information to investigate suspected scams, fraud, phishing, illegal activity, chargeback abuse, policy violations, security incidents, intellectual property complaints, impersonation, platform abuse, or other harmful activity. This may include preserving relevant records, reviewing account activity, comparing reports, and restricting access while an issue is investigated.

6. Sharing Information

We may share necessary information with payment providers, hosting providers, domain providers, infrastructure vendors, security vendors, email providers, analytics or logging providers, professional advisers, debt collection or dispute providers, law enforcement, regulators, courts, or other parties when needed to operate the service, protect rights, prevent abuse, respond to complaints, comply with law, or enforce policies.

If a customer is accused of scams, fraud, illegal activity, or serious abuse, we may share relevant records with payment providers, hosting providers, reporting platforms, authorities, or affected parties where we believe it is necessary or appropriate.

7. Cookies and Similar Technologies

We may use cookies, sessions, local storage, and similar technologies for authentication, security, preferences, language settings, fraud prevention, analytics, and core website functionality. Disabling cookies may prevent login, checkout, dashboard access, or support features from working properly.

8. Data Retention

We retain records for as long as needed for account operation, purchase delivery, support, security, fraud prevention, legal compliance, tax, accounting, dispute handling, chargeback defense, and policy enforcement. Some records may be retained after account closure where necessary to prevent abuse, comply with obligations, resolve disputes, or preserve evidence.

9. Security

We use reasonable administrative, technical, and organizational measures to protect information. No system is perfectly secure. Customers are responsible for protecting their own devices, email accounts, admin credentials, staff access, customer data, delivered websites, and any data they collect from their own end users.

10. Customer Websites and End Users

Delivered software may allow customers to collect information from their own users. The customer is the responsible operator for that collection and must provide appropriate privacy notices, legal bases, consents, cookie disclosures, retention rules, security controls, user rights processes, and compliance documents for their own business.

11. International Transfers

Information may be processed in countries where we, our service providers, hosting providers, support contractors, or payment providers operate. Privacy protections may differ by country. By using the service, you understand that information may be transferred and processed outside your location where legally permitted.

12. Your Requests

Depending on applicable law, you may have rights to request access, correction, deletion, restriction, portability, or objection. We may need to verify identity before responding. Some requests may be limited where retention is required for security, fraud prevention, tax, accounting, legal, dispute, or abuse-prevention purposes.

13. Policy Updates

We may update this Privacy Policy to reflect changes in our services, legal obligations, security practices, or business operations. Continued use of the service after an update means you accept the updated policy where legally permitted.

14. Legal Acceptance Records

When you place an order, we may record that you accepted our Terms of Service, Acceptable Use Policy, Privacy Policy, and Refund Policy. These records may include the accepted policy version, timestamp, account ID, order ID, IP address, user agent, checkout method, and payment method. We use these records to prove consent, process purchases, handle disputes, and enforce policy requirements.

15. Handoff Credentials and Access Details

For delivery, an administrator may store or provide admin URLs, usernames, temporary passwords, email accounts, login links, plugin information, setup notes, and other handoff details. Customers should change passwords after delivery and remove any access they no longer need. We may retain handoff records where needed for support, dispute handling, fraud prevention, or legal compliance.

You should not send us unnecessary sensitive information. If you provide passwords, wallet information, identity documents, private customer data, or other sensitive material, you are responsible for making sure you have a lawful reason to provide it and that it is necessary for the requested support.

16. Abuse Reports and Complaint Data

We may collect reports from users, platforms, payment providers, hosting providers, regulators, law enforcement, or other third parties who claim that a customer is involved in scams, fraud, impersonation, payment abuse, intellectual property violations, phishing, or other misconduct. These reports may include names, emails, domains, screenshots, messages, payment references, wallet addresses, transaction IDs, and descriptions of the complaint.

We may use complaint data to review risk, contact the customer, suspend access, respond to providers, preserve records, protect affected parties, and defend our business. We may not be able to disclose every report to the customer if doing so would create safety, legal, privacy, or investigation concerns.

17. Automated and Manual Review

We may use manual review and automated signals to detect payment risk, abuse, suspicious login activity, unusual order behavior, repeated disputes, license misuse, high-risk domains, or possible policy violations. Automated signals may help prioritize review, but important enforcement decisions may also involve human assessment where practical.

18. Service Providers

We may rely on service providers for hosting, databases, payments, email delivery, analytics, logging, security monitoring, customer support, domain services, backups, development tools, and fraud prevention. These providers may process information for us under their own security and privacy terms. We try to use providers that are appropriate for the service, but no provider can guarantee perfect security or availability.

19. Account Closure

You may request account closure where available. Closure does not automatically delete all records. We may retain information needed for tax, accounting, fraud prevention, chargeback defense, legal compliance, security, abuse prevention, enforcement, backup integrity, or unresolved disputes. If an account was suspended for abuse or risk, we may retain additional records to prevent repeat violations.

20. Children and Age Restrictions

Our marketplace and services are intended for adults and business users. We do not knowingly sell marketplace projects or business software services to children. If you operate a delivered customer-facing website, you are responsible for setting and enforcing appropriate age restrictions for your own users.

21. Marketing Communications

We may send transactional emails about account activity, orders, delivery, support, security, policy updates, and payments. Where permitted, we may also send product updates or promotional messages. You may be able to opt out of promotional messages, but transactional and security messages may still be sent while you maintain an account or active order.

22. Backups and Deletion Timing

Information deleted from active systems may remain in backups, archives, logs, or disaster recovery systems for a limited period. Backup deletion may follow normal rotation schedules unless earlier deletion is technically practical and legally appropriate.

23. Contact and Verification

Privacy, data, and account requests should be sent through the support channel connected to your account. We may ask you to verify your identity, account ownership, order ID, payment reference, or email access before we respond. We may decline requests that are fraudulent, abusive, impossible, legally restricted, or harmful to another person.