Privacy Policy

Last updated: March 18, 2026

1. Information We Collect

Account Information: Email address, username, display name, password (hashed), and optional profile information (bio, social links, location, avatar).

Payment Information: Processed by Stripe and PayPal. We do not store full card numbers. We store transaction records (order IDs, amounts, dates) for accounting.

Usage Data: IP addresses, browser user agent, pages visited, downloads performed, search queries, and timestamps. Used for security, analytics, and improving the Platform.

Creator Data: Stripe Connect account IDs, PayPal merchant IDs, payout history, and sales analytics.

Third-Party Tokens: API tokens for connected platforms (e.g., Codefling) are encrypted at rest using AES-256 and stored only for the features you explicitly enable.

2. How We Use Your Information

  • To provide and operate the Platform
  • To process purchases and payouts
  • To send transactional emails (receipts, password resets, notifications)
  • To detect and prevent fraud, abuse, and security threats
  • To improve the Platform through aggregated analytics
  • To enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

3. Data Sharing

We share data only with:

  • Payment processors (Stripe, PayPal) — to process transactions
  • Cloud infrastructure (AWS, Cloudflare) — to host and serve the Platform
  • Security review services — plugin source code may be analyzed by third-party services for security and quality review purposes. No personal user data is included in this process.
  • Law enforcement — when required by valid legal process

4. Data Security

We implement industry-standard security measures including:

  • Passwords hashed with Argon2id
  • API tokens and sensitive data encrypted with AES-256
  • HTTPS/TLS encryption for all connections
  • Database encryption at rest
  • HttpOnly, Secure session cookies
  • CSRF protection on all state-changing requests
  • Redis-backed rate limiting

5. Cookies

We use essential cookies for session management and CSRF protection. We do not use tracking cookies or third-party analytics cookies.

6. Data Retention

Account data is retained as long as your account is active. Upon account deletion:

  • Profile information is deleted within 30 days
  • Transaction records are retained for 7 years for legal/tax compliance
  • Reviews and support posts may be anonymized rather than deleted
  • Purchase access records are retained so buyers keep their downloads

7. Your Rights

You may:

  • Access your personal data through your account settings and API
  • Update or correct your information at any time
  • Delete your account through settings
  • Request a copy of your data by contacting us
  • Revoke third-party platform connections at any time

8. Children

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from minors.

9. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification.

10. Contact

For privacy-related questions: privacy@roguedepot.com