PlugKit

Privacy Policy

Last updated: May 20, 2026

1. Data Controller

Digital Soft Distribution Sp. z o. o.(operating as "PlugKit")
ul. Hoลผa 86/410, 00-682 Warszawa, Poland
KRS: 0000960920 ยท NIP: PL7011079724 ยท REGON: 521497508
Email: support@plugkit.io

2. Data We Collect

When you interact with plugkit.io, we may collect the following personal data:

  • Email address โ€” provided during checkout
  • Name โ€” if provided during checkout (optional)
  • IP address โ€” automatically collected for security and fraud prevention
  • License keys โ€” generated upon purchase and associated with your email
  • Download logs โ€” timestamps and IP addresses of product downloads
  • Domain activations โ€” the domains on which you activate your license
  • Payment information โ€” processed by Stripe; we never see or store your card number

3. Legal Bases for Processing (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)) โ€” processing necessary to fulfill your purchase: delivering the product, providing license keys, enabling downloads, and customer support.
  • Legitimate interest (Art. 6(1)(f)) โ€” security logs, fraud prevention, and IP address logging to protect our service and users.
  • Consent (Art. 6(1)(a)) โ€” analytics cookies, if you consent via the cookie banner. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) โ€” retaining purchase records for tax compliance (Polish tax law).

4. Third-Party Processors

We share your data with the following processors, all of whom have appropriate data processing agreements in place:

  • Stripe (payments) โ€” USA. Protected by EU Standard Contractual Clauses (SCCs). See Stripe Privacy Policy.
  • Neon (database hosting) โ€” EU (eu-central-1, Frankfurt). Data remains within the EEA.
  • Resend (transactional email) โ€” USA. Protected by EU Standard Contractual Clauses (SCCs).
  • Cloudflare (CDN, R2 storage) โ€” Global network with EU presence. Protected by EU Standard Contractual Clauses (SCCs).

Marketplace Purchases

When you purchase our products through a third-party marketplace (such as the Shopify App Store, Adobe Commerce Marketplace, PrestaShop Addons, or WooCommerce.com), that marketplace acts as an independent data controller for your transaction. It shares limited information with us โ€” typically your contact email, license entitlement, and country โ€” so that we can deliver the product, validate your license, and provide support. The marketplaceโ€™s own privacy policy governs the data it collects directly from you.

5. Cookies

We use only essential cookies required for the site to function. Analytics cookies are only set if you consent via the cookie banner. For full details, see our Cookie Policy.

6. Data Retention

  • Purchase and license data: 5 years (Polish tax obligation under Ordynacja Podatkowa, Art. 86 ยง1)
  • Authentication tokens: 30 days
  • Download logs: 2 years
  • Analytics data: 26 months (if consented)

7. Your Rights (GDPR Art. 15-22)

Under the EU General Data Protection Regulation, you have the right to:

  • Access (Art. 15) โ€” request a copy of your personal data
  • Rectification (Art. 16) โ€” correct inaccurate data
  • Erasure (Art. 17) โ€” request deletion of your data ("right to be forgotten")
  • Restriction of processing (Art. 18) โ€” limit how we use your data
  • Data portability (Art. 20) โ€” receive your data in a machine-readable format
  • Objection (Art. 21) โ€” object to processing based on legitimate interest

8. How to Exercise Your Rights

To exercise any of these rights, email support@plugkit.io. We will respond within 30 days. If your request is complex, we may extend this by an additional 60 days (we will inform you of any extension).

9. Supervisory Authority

You have the right to lodge a complaint with the supervisory authority:
UODO (Urzฤ…d Ochrony Danych Osobowych)
ul. Stawki 2, 00-193 Warsaw, Poland
Website: uodo.gov.pl

10. International Transfers

Where your personal data is transferred outside the European Economic Area (EEA) โ€” specifically to processors in the United States (Stripe, Resend) โ€” such transfers are protected by EU Standard Contractual Clauses (SCCs) as adopted by the European Commission, and where applicable the EU-US Data Privacy Framework.

11. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, and hosting with GDPR-compliant providers. In the event of a data breach likely to result in a high risk to your rights, we will notify affected users and the UODO within 72 hours as required by GDPR Art. 33โ€“34.

12. Childrenโ€™s Privacy

Our products are intended for businesses and developers. We do not knowingly collect data from anyone under 16. If we learn we have, we will delete it.

13. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

14. Changes

We may update this policy from time to time. Material changes will be communicated via email to existing customers. The "last updated" date at the top of this page reflects when the policy was last modified.