Privacy Policy – Freemius

General Introduction

We, at Freemius, respect your privacy and are committed to protecting your personal data. 

We believe that you have the right to know our practices regarding the data we may collect and use about you when you use our service.

Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.

In summary, when using the service, we may collect some personal data, all in order to provide you with services and improve what we offer. We may also send you messages with updates, notifications, and promotional material. If you have used our services to purchase software or other products from developers that we provide the platform to, we will provide them the option to contact you as well.

We may use third-party services to run the service; they have access to some of your personal data under a confidentiality obligation. 

We use industry-standard practices to ensure that your data is kept secure, and we allow you to exercise your personal data rights granted under the GDPR (even if you live outside the EU and even if they are provided with some variation).

You may exercise your legal rights under the GDPR even if you are not a European national; meaning you have the right to review all data relating to you, amend it if it is inaccurate, request that we stop processing it, request that we delete it, and seek remedies for any breach.

If you are a resident of Brazil, we will comply with the Lei Geral de Proteção de Dados.

We are GDPR compliant, but not a European entity. 

Also, we never sell your data.

While we may use your data to present you with offers and various benefits, we will not use it for direct marketing purposes.

And now for the full legal text:

About this Privacy Policy

This privacy policy was set up to let you know what personal data is collected. When we say Personal Data, we mean personal data as defined in the GDPR, which is the EU Directive for data protection. Also, we’ve done our best to adhere to the California Consumer Privacy Act of 2018, and therefore we do not sell your data; and we give you Californian rights even if you do not reside in California.

Who Are We?

Freemius Inc is the legal entity operating the service. It is located at 1732 1st Ave, New York 10128, NY, USA.

Your Acknowledgment of this Policy

You are not legally required to provide us with any personal data. This means that if you provide us with data, you are doing so out of your own volition and consent; we cannot force you to provide any personal data, but without your personal data we cannot provide you with the services.

You have the right to withdraw from this consent at any time, and in such case request that we either cease processing your personal data, or that we delete whatever personal data is no longer required to retain under law. However, in such a case, we will need to terminate your account and terminate the licenses you bought (if you are a client) or continue to hold some data (if you are a developer).

Which Personal Data Do We Collect About You?

We collect these types of personal data:

Non-personally identifiable Data. The first type is non-personally-identifiable data and statistical information. Non-personally identifiable data that is being gathered consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Data”). This includes your device type, browser type and version, IP data, screen size and resolution, language, and other technical data. While it is not specifically personally identifiable, it may be reverse-engineered to be identifiable and therefore is considered personal data.

Usage Data. Usage data may include your search queries performed in the service and your activities on the services and the software you purchase and additional information of a similar nature, such as the pages you viewed and the software you bought using our service. You may opt-out from collection when using the software using the dashboard, but we still need to collect some of the data to operate, such as your identity and license keys.

Personally Identifiable Data. The other type of data we collect is individually identifiable data. To put it simply, this data identifies an individual or is of a private and/or sensitive nature, such as your contact information, including: (i) Personal Data that is provided by you voluntarily, such as your username, email address, and other data you filled when signing up or using our services; and (ii) Personal Data we learn from your use of the services; including your IP address, payment type, and similar information.

Please note that we use JavaScript to collect your input on various forms in our website, and therefore this data may be retained even if you did not press “Submit” or a similar button.

If you’re a developer who uses our service, we also collect the following: (i) we require your billing address, company name, payout method and details to invoice you and send you payouts; (ii) we need your shipping address and t-shirt size to send you promotional material.

How Do We Collect Personal Data?

Personal data is collected from your use of the services (including the use of the software bought using the services) and by making purchases; we also receive data from developers that use our service for managing their subscriptions and licenses. We may receive personal data directly from the developers who use our service when they import data into our platform. We do not buy personal data from third parties and do not collect it in any other way.

What Are The Purposes of the Collection and Processing of Data?

The purposes of collecting and processing the data are to provide you with the services, which means we use your data to provide you with software, verify your license and ensure no fraud takes place.

Moreover, we may use the personal data to improve the services. This means that we use aggregated understandings of how our users interact with our services to obtain insights that lead to the improvement of future versions, bug reports, and feature requests.

We may also use your email address to send you information relating to our services and promotional material.

When we say “our services” we mean the provision of licensing services to developers and purchasers, our online store, our analytics & usage-tracking services and our web-based affiliate services.

How Can We Contact You?

If you registered to our newsletter, or if you purchased some product using our service, we may contact you with periodic updates and promotional emails relating to the service and the products or services you purchased.

You may opt out of these at any time, including by opting out from usage tracking in the WordPress Admin dashboard.

These updates may include license renewal reminders if you bought a license from one of our developers, and transactional emails, which may include invoices, license keys, or other data needed for your records or to use the service. .

Moreover, if you showed interest in one of our products or services, we may contact you in relation to such product or service.

If we obtained your email address when you opted-in for usage tracking with one of our developers, then we will only contact you with information relating to that specific service, such as if there’s a data breach, issues relating to downtime or updates in the software, or similar activities, and we will not send any promotional emails.

Your Personal Data Rights

Right of Access and Rectification

You have the right to know what personal data we collect about you and to ensure that such data is accurate and relevant for the purposes for which we collected it. You can receive a copy of your personal data, and to rectify such personal data if it is not accurate, complete, or updated. However, we may first ask you to provide us with certain credentials to permit us to identify you before rectifying, deleting, or reviewing.

Right to Delete Personal Data or Restrict Processing

Right to Withdraw Consent

You have the right to withdraw your consent to the processing of your personal data. Exercising this right will not affect the lawfulness of processing your personal data based on your consent before its withdrawal. Please note that in most cases, withdrawal of your consent would most likely cause us to delete your personal data rather than cease processing. 

You have the right to delete your personal data or restrict its processing by ourselves and third parties. We may postpone or deny your request if your personal data is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.

Right of Data Portability

Where technically feasible, you have the right to ask to transfer your personal data in accordance with your right to data portability. In order to apply for this, please contact us at [email protected].

The Right to Lodge a Complaint

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

Your California Privacy Rights and Do Not Track Notices

We do not convey your personal data to third parties for direct marketing purposes.

However, if we did, then the California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding its disclosure of personal data to third parties for their direct marketing purposes.

To make such a request, please send an email to [email protected], and we will let you know that none of your personal data was shared. We are only required to respond to one request per customer each calendar year.

Your Brazilian LGPD Rights

Notwithstanding anything in this privacy policy, you may exercise your LGPD rights, including your rights for (i) confirmation of the existence of the processing; (ii) access to the data; (iii) correction of incomplete, inaccurate or out-of-date data; (iv) anonymization, blocking or deletion of unnecessary or excessive data or data processed in noncompliance with the provisions of the LGPD; (v) portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency; (vi) deletion of personal data processed with your consent, except in the situations provided in Art. 16 of this the LGPD; (vii) information about public and private entities with which the controller has shared data; (viii) information about the possibility of denying consent and the consequences of such denial; (ix) revocation of consent as provided in §5 of Art. 8 of the LGPD.

We respond to “Do Not Track” signals

If you do not wish your browser to allow us to use trackers, please use your browser’s “Do Not Track” option.

Exercising Your Rights

We acknowledge you have the right to access and change the Personal Data we collect and process. If you wish to access or to correct, amend, or delete Personal Data, please send us an email to [email protected]. We will respond within a reasonable timeframe, but in any event, no later than permitted by applicable law.

Additionally, please note that in order to ensure you have as much control over your Personal Data and other information as possible, you may modify certain parts of your information by yourself in the service.

Sharing Personal Data with Third Parties

We respect your privacy and will not disclose, share, rent, or sell your Personal Data to any third party.

The sharing of your Personal Data is made upon your specific, explicit, request.

We do share your personal data with developers of products you purchased or opted in for their data collection who use the service to either manage their licenses and provide support to their products, or use our SDK for analytics and usage tracking. These third-party developers receive your email address and data relating to your transaction as a part of the service, and all according to its privacy policy.

Moreover, in order to operate the service, we need to share your personal data with third parties, which are our hosting companies.

We use the analytics services that include both Smartlook analytics and Google Analytics to better understand our customers and to manage advertising and inventory.

We use Google, Facebook, Twitter and Quora “pixels” to collect data about our clients and to display advertisements based on their online presence and behavior.

We use Amazon AWS and Cloudflare to provide hosting and content delivery.

We use PayPal and Stripe as payment Gateways.

We may embed other third-party services, which shall be clearly marked as such.

We may also allow you to authenticate and connect using a third party authentication service, such as Google or Github.

MailChimp and SendGrid are used to send our customers with license information and periodic mailings.

Location of Your Data

The personal data collected from you, as detailed in this Privacy Policy, may be transferred to, and stored at, servers that may be located in countries outside of your jurisdiction and in a country that is not considered to offer an adequate level of protection under your local laws.

It may also be processed by us and our suppliers, service providers or partners’ staff operating outside your country.

We are committed to protecting your Personal Data and will take appropriate steps to ensure that your Personal Data is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy. Such steps include putting in place data transfer agreements or ensuring our third-party service providers comply with our data transfer protection measures.

We will ensure the confidentiality, integrity and availability of your Personal Data by Transferring your personal data only to (i) countries approved by the European Commission as having adequate data protection laws; (ii) entities that executed standard contracts that have been approved by the European Commission and which provide an adequate level of high-quality protection, with the recipients of your Personal Data; and (iii) Transferring your Personal Data to organizations that are Privacy Shield Scheme certified, as approved by the European Commission.

By submitting your personal data through the service, you acknowledge, and agree, in jurisdiction where such consent is required, to such transfer, storing and/or processing of personal data.

Cookies

We use both first-party and third-party cookies, as listed in our Cookie Policy. A cookie is a small file placed on your computer meant to authenticate or verify your session with us. However, a cookie may have some identifying features. You may opt out from cookies by clicking the “opt out” button there.

Minors / Children

The service is intended for users over the age of eighteen, or children over sixteen who obtained parental consent.

Therefore, we do not intend and do not knowingly collect directly Personal Data from children under the age of sixteen (16) and do not wish to do so.

We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the service.

If we learn that we collected Personal Data from minors under the age of thirteen (13) we will delete that data as quickly as possible.

If you have reasons to suspect that we collected Personal Data from minors under the age of sixteen (16), please notify us at [email protected], and we will delete that personal data as quickly as possible.

Security

We take appropriate measures to maintain the security and integrity of our service and prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures.

Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage, and we cannot guarantee that unauthorized access or use will never occur.

We will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Data and will inform you of such breach if required by applicable law.

To the extent that we implemented the required security measures under applicable law, we shall not be responsible or liable for unauthorized access, hacking, or other security intrusions or failure to store or the theft, deletion, corruption, destruction, damage, or loss of any data or information included in the personal data.

Data Retention

We will retain the Personal Data for as long as we believe that it is accurate and can be relied upon. Personal Data that is no longer required for the purpose for which it was initially collected will be deleted unless we have a valid justification to retain it that is permitted under applicable law, such as to resolve disputes or comply with our legal obligations.

Data Breach Notification

We comply with local authorities in data breach notifications. In any case where a severe data breach occurred, we will also notify data subjects after such breach, and cooperate with the legal authorities to reduce the exposure of personal data.

Complaints and Arbitration

If you feel or believe that your personal data rights were harmed in any way, you may contact our data protection officer at [email protected] and lodge a complaint. Such complaints shall include how and why you believe your personal data rights were harmed, and the required evidence. Our data protection officer will respond to most complaints within 14 days and shall offer the required remedies.

We will resolve all complaints according to applicable regulations. We also agree to resolve all complaints and deal with disputes with the local data protection authorities.

This section does not limit your right to lodge a complaint with your respective data protection authority.

Updates to the Privacy Policy

We reserve the right to amend this Privacy Policy at any time; we will provide you with updates on any change, and such updates shall not have a retroactive effect.

Last Updated: This Privacy Policy was last updated on Feb 4, 2021.