Legal
Privacy Policy.
How we collect, use, and protect your data.
Last updated: April 2026
GPLCoffee ("we", "us", "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
Information you provide
- Account data: Name, email address, and password when you register.
- Payment data: Processed by PayPal - we do not store credit card numbers. We receive your PayPal email, transaction IDs, and subscription status.
- Support communications: Messages you send to our support team.
Information collected automatically
- Download records: Product name, version, timestamp, and IP address for each download.
- Usage data: Pages visited, search queries, browser type, operating system, and referring URLs.
- IP addresses: Collected with each download and login for security and abuse detection purposes.
2. How We Use Your Information
- Service delivery: Process downloads, manage subscriptions, allocate credits.
- Security and abuse prevention: Monitor download patterns, detect automated bulk downloading, investigate Terms of Service violations, and generate evidence reports for account review.
- Transactional communications: Receipts, password resets, subscription changes, download notifications.
- Service improvement: Analytics to understand usage patterns and improve the platform.
- Marketing (with consent): Product updates and promotional emails. You can unsubscribe at any time.
3. Data Sharing
We do not sell your personal data. We share information only with:
- PayPal: Payment processing and subscription management.
- Resend: Transactional and marketing email delivery.
- PostHog: Privacy-friendly product analytics (with consent).
- Cloudflare: CDN, DDoS protection, and DNS.
- DigitalOcean Managed PostgreSQL: Database hosting (data stored in Singapore, sgp1).
We may also disclose information if required by law or to protect our rights in legal proceedings, including PayPal disputes.
4. Cookies
- Essential cookies: Authentication session tokens and CSRF protection. Always active.
- Analytics cookies: PostHog analytics. Only set with your explicit consent via our cookie banner.
You can manage cookie preferences at any time via the cookie settings in the site footer.
5. Data Retention
- Account data: Retained as long as your account is active.
- Download logs: Retained for the lifetime of the account for security, dispute evidence, and credit tracking purposes.
- Payment records: Retained as required for accounting, tax, and dispute resolution.
- After account deletion: Personal data is permanently deleted. Anonymized aggregate statistics may be retained.
6. Your Rights
You have the right to:
- Access your personal data via your account dashboard.
- Update your profile information and email preferences.
- Delete your account from your account settings, which permanently removes your personal data.
- Export your data - contact support for a data export request.
- Withdraw consent for marketing emails at any time.
7. Data Security
We use industry-standard security measures including encrypted connections (HTTPS/TLS), bcrypt password hashing, secure session management, and regular security reviews. No system is 100% secure - we cannot guarantee absolute security.
8. International Data
Our database is hosted in Singapore (DigitalOcean Managed PostgreSQL, sgp1). Our application servers are in Singapore (DigitalOcean, sgp). If you access the Service from outside Singapore, your data may be transferred to and processed in Singapore.
9. Changes to This Policy
We may update this Privacy Policy at any time. Material changes will be communicated via email or a notice on the Service.
10. Contact
For privacy-related questions or data requests, contact us via our help page.