PlugKit

Privacy Policy

Last updated: March 23, 2026

1. Data Controller

PlugKit
[Address], Poland
Email: hi@plugkit.io

2. Data We Collect

When you interact with plugkit.io, we may collect the following personal data:

  • Email address β€” provided during checkout
  • Name β€” if provided during checkout (optional)
  • IP address β€” automatically collected for security and fraud prevention
  • License keys β€” generated upon purchase and associated with your email
  • Download logs β€” timestamps and IP addresses of product downloads
  • Domain activations β€” the domains on which you activate your license
  • Payment information β€” processed by Stripe; we never see or store your card number

3. Legal Bases for Processing (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)) β€” processing necessary to fulfill your purchase: delivering the product, providing license keys, enabling downloads, and customer support.
  • Legitimate interest (Art. 6(1)(f)) β€” security logs, fraud prevention, and IP address logging to protect our service and users.
  • Consent (Art. 6(1)(a)) β€” analytics cookies, if you consent via the cookie banner. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) β€” retaining purchase records for tax compliance (Polish tax law).

4. Third-Party Processors

We share your data with the following processors, all of whom have appropriate data processing agreements in place:

  • Stripe (payments) β€” USA. Protected by EU Standard Contractual Clauses (SCCs). See Stripe Privacy Policy.
  • Neon (database hosting) β€” EU (eu-central-1, Frankfurt). Data remains within the EEA.
  • Resend (transactional email) β€” USA. Protected by EU Standard Contractual Clauses (SCCs).
  • Cloudflare (CDN, R2 storage) β€” Global network with EU presence. Protected by EU Standard Contractual Clauses (SCCs).

5. Cookies

We use only essential cookies required for the site to function. Analytics cookies are only set if you consent via the cookie banner. For full details, see our Cookie Policy.

6. Data Retention

  • Purchase and license data: 10 years (Polish tax obligation under Ordynacja Podatkowa)
  • Authentication tokens: 30 days
  • Download logs: 2 years
  • Analytics data: 26 months (if consented)

7. Your Rights (GDPR Art. 15-22)

Under the EU General Data Protection Regulation, you have the right to:

  • Access (Art. 15) β€” request a copy of your personal data
  • Rectification (Art. 16) β€” correct inaccurate data
  • Erasure (Art. 17) β€” request deletion of your data ("right to be forgotten")
  • Restriction of processing (Art. 18) β€” limit how we use your data
  • Data portability (Art. 20) β€” receive your data in a machine-readable format
  • Objection (Art. 21) β€” object to processing based on legitimate interest

8. How to Exercise Your Rights

To exercise any of these rights, email hi@plugkit.io. We will respond within 30 days. If your request is complex, we may extend this by an additional 60 days (we will inform you of any extension).

9. Supervisory Authority

You have the right to lodge a complaint with the supervisory authority:
UODO (Urzad Ochrony Danych Osobowych)
ul. Stawki 2, 00-193 Warsaw, Poland
Website: uodo.gov.pl

10. International Transfers

Where your personal data is transferred outside the European Economic Area (EEA) β€” specifically to processors in the United States (Stripe, Resend) β€” such transfers are protected by EU Standard Contractual Clauses (SCCs) as adopted by the European Commission.

11. Changes

We may update this policy from time to time. Material changes will be communicated via email to existing customers. The "last updated" date at the top of this page reflects when the policy was last modified.