PII Policy

1. Purpose & Scope

This Personally Identifiable Information ("PII") Policy describes how VivoLane collects, uses, shares, secures, and retains information that can reasonably be used to identify an individual. This policy applies to our websites, plugins, stores, support channels, and any services we operate (collectively, the "Services"). By using the Services, you agree to this Policy.

Note: This document is provided for transparency and does not constitute legal advice.

2. Definitions

• PII: Information that identifies, relates to, describes, or could reasonably be linked with a person (e.g., name, email, phone, postal address, account identifiers, IP address, device IDs).
• Sensitive PII: Data such as government IDs, financial account numbers, precise geolocation, health data, racial/ethnic origin, or children’s data.
• Processing: Any operation performed on PII, including collection, storage, use, sharing, or deletion.

3. What We Collect

• Account & Contact Data: Name, email, company, role, billing details, and support communications.
• Transaction Data: Order history, license keys, fulfillment records (processed via our payment partners; we do not store full credit card numbers).
• Usage & Telemetry (Plugins): Non-content technical events (e.g., version, OS, error logs, feature usage counts, performance metrics). We do not collect screenshots, keystrokes unrelated to our UI, or raw project content unless you explicitly provide it for support.
• Device & Network: IP address, device type, browser, and language for security, fraud prevention, and localization.
• Optional Data: Beta feedback, surveys, or testimonials you submit.

4. How We Collect PII

• Directly from you: When you purchase, register, contact support, or opt into communications.
• Automatically: Through cookies and similar technologies for essential functionality, analytics, and security.
• From third parties: Payment processors, distribution platforms, and anti-fraud providers.

5. How We Use PII

• Provide, maintain, and improve the Services and our plugins.
• Authenticate users, manage licenses, and prevent unauthorized use.
• Process transactions and deliver purchases.
• Provide customer support and respond to inquiries.
• Send essential service messages (e.g., updates, security notices). Marketing messages are optional and honor your preferences.
• Protect against fraud, abuse, and security incidents.
• Comply with legal obligations and enforce terms.

6. Sharing & Disclosures

• Service Providers/Processors: We share PII with vendors who process it on our behalf (e.g., payment, hosting, email). They are bound by contractual confidentiality and security obligations.
• Legal & Safety: We may disclose PII to comply with law, respond to legal requests, or protect rights, property, or safety.
• Business Transfers: If we undergo a merger, acquisition, or asset sale, PII may be transferred as permitted by law.
• No Selling of PII: We do not sell PII. If laws define “sharing” for targeted advertising, you can opt out (see Your Rights).

7. Cookies & Similar Technologies

We use essential cookies for authentication and security, and optional analytics cookies to improve the Services. Where required, we seek consent and provide controls to manage preferences.

8. Data Security

• Encryption in transit (TLS) and at rest for appropriate systems.
• Least-privilege, role-based access control and audit logging for administrative access.
• Secure software development practices, dependency monitoring, and vulnerability management.
• Subprocessor due diligence and data processing agreements.

9. Data Retention

We retain PII only for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. When no longer needed, data is deleted or de-identified according to our retention schedules.

10. Regional Rights & Choices

Depending on your location, you may have rights to access, correct, delete, port, or restrict/opt out of certain processing. We honor valid requests under applicable laws (e.g., GDPR, UK GDPR, CCPA/CPRA, VCDPA, and other state laws).

• Access/Correction/Deletion: Request a copy of your data, ask for corrections, or request deletion where permitted.
• Opt-Out of Targeted Ads/Sharing: Where applicable, you can opt out of targeted advertising and data “sharing.”
• Marketing Preferences: Unsubscribe from marketing at any time. Essential service notices will continue.
• Appeals: Where required, you may appeal a decision on your request.

To exercise rights, contact us using the details below. We may verify your identity before fulfilling requests.

11. Children’s Privacy

The Services are not directed to children under 13 (or the age required by local law). We do not knowingly collect PII from children. If you believe a child provided PII, contact us to remove it.

12. International Transfers

Your data may be processed in the United States and other countries. Where required, we implement appropriate safeguards for cross-border transfers (e.g., standard contractual clauses) and ensure equivalent protection.

13. Incident Response

We maintain an incident response program. In the event of a breach impacting PII, we will investigate, mitigate, and notify affected individuals and authorities as legally required.

14. Developer & Plugin-Specific Notices

• Default telemetry is limited to operational metrics and error diagnostics. Content data is excluded unless you opt in or submit it for support.
• Configuration allows you to disable or limit telemetry where feasible; disabling may affect product quality or support.
• License checks and anti-piracy measures may validate environment identifiers to prevent fraud and unauthorized distribution.

15. Changes to This Policy

We may update this Policy to reflect changes to our practices or for legal, technical, or business reasons. Updates become effective when posted. Material changes will be highlighted or otherwise communicated. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.