Privacy Policy

"We" / "Denge Themes" is the operator of dengetheme.com. The data controller is the Denge Themes operating entity; specific corporate registration details are published on the operating-entity record before commercial launch. Contact for any privacy matter: support@dengetheme.com.

• Account data— email address (required), display name, and a bcrypt-hashed password if you don't sign in via Google.
• Purchase data — order details, payment-provider identifiers (Stripe payment intent ID, Cryptomus invoice UUID), the license keys we issue you. We do not store full card numbers — those live with Stripe.
• License usage signals — when your WordPress site calls our license API it reports the site URL (normalized to a bare hostname + SHA-256 hash), theme version, WP/PHP version, and the source IP address. This is how the activation cap works.
• Support content — anything you write into a support ticket, plus, for premium tickets only, the credentials you choose to attach (see Section 5).
• Audit logs — internal records of sensitive operations (license issuance, refund, credential read by staff, license revocation) with actor, timestamp, target, and IP.
• Analytics — anonymous request-level data via Plausible. No cookies, no personal identifiers. We do not run GA4 in the current launch configuration.

• Performance of contract(GDPR Art. 6(1)(b)) — account data, purchase data, license keys, license usage signals. We can't fulfill the purchase or run the activation cap without these.
• Legitimate interest (GDPR Art. 6(1)(f)) — audit logs (security + dispute resolution), analytics (product improvement).
• Consent(GDPR Art. 6(1)(a)) — marketing emails. We don't currently send any; if we start, you opt in explicitly.
• Legal obligation (GDPR Art. 6(1)(c)) — tax-relevant records of purchases, retained per local accounting rules.

These third parties process your data on our behalf:

• Vercel — hosting, edge network, log retention. Receives every request to dengetheme.com.
• Neon— managed PostgreSQL database. Stores everything in "What we collect" (Section 2) except the payment card details.
• Stripe — card payments. Stores card details and issues payment-intent IDs back to us.
• Cryptomus — crypto payments. Stores wallet details and issues invoice UUIDs back to us.
• Resend — transactional email (welcome, license delivery, password reset). Sees email addresses + email subject/body.
• Plausible — anonymous web analytics. No cookies, no personal identifiers.
• Sentry (planned, Faz 9) — error monitoring. Sees stack traces; PII scrubbing enabled at the SDK level.

Each sub-processor is bound by a Data Processing Agreement (DPA) executed before they handle production data. The list above is the full set — we do not add new sub-processors without updating this page first.

When you attach WordPress admin or hosting credentials to a premium support ticket so we can install for you:

• Credentials are encrypted with AES-256-GCM using a server-side key (CREDENTIAL_ENCRYPTION_KEY) before they touch the database. Each record gets a fresh random 12-byte IV and a 16-byte authentication tag.
• Plaintext credentials never persist and are never logged.
• Only support staff (role IN (admin, support)) can decrypt them. Each decrypt writes an audit-log entry recording actor, ticket ID, IP address, and timestamp.
• Credentials are auto-purged 7 days after the ticket is resolved by a daily cron job. You can also delete them immediately from the ticket detail page (/account/support).

• Account data — until you delete your account.
• Purchase records — for the period required by applicable tax law (typically 5-10 years depending on jurisdiction).
• License usage signals — until the license is revoked or the account is deleted.
• Support tickets — closed tickets kept for 2 years for reference; the attached credentials are purged 7 days after resolution regardless of the ticket retention.
• Audit logs — 2 years.
• Analytics — aggregated indefinitely by Plausible with no personal identifiers; raw request logs at the Vercel edge are retained for 30 days by default.

We set two first-party cookies:

• NextAuth session cookie — required to keep you logged in. HttpOnly, Secure, SameSite=Lax. Expires after 7 days of inactivity.
• denge_aff — set when someone visits via an affiliate referral link (/?ref=XYZ). HttpOnly, 30-day expiry. Used to attribute commission. No tracking outside dengetheme.com.

Plausible is cookieless. We do not run third-party advertising, re-marketing, or social-tracking pixels.

Under GDPR / UK GDPR / equivalent laws, you can:

• Access the personal data we hold about you. Email support@dengetheme.com.
• Correct inaccurate data — most fields are editable from /account/settings.
• Delete your data (right to erasure). We retain purchase records as required by tax law (Section 6), but everything else is purged.
• Export your data in a machine-readable format.
• Object to processing that relies on legitimate interest (Section 3).
• Lodge a complaintwith your local data-protection authority if you think we've mishandled your data.

Requests are answered within 30 days. We may ask you to verify your identity before acting on a request.

Some sub-processors (Stripe, Vercel) operate globally and may process data outside your country. Where personal data is transferred outside the EU/UK, transfers are governed by Standard Contractual Clauses or equivalent safeguards approved by the European Commission.

Material changes are emailed to active customers at least 14 days before they take effect. The "Last updated" date at the top reflects the current version. Substantive changes that affect what we collect or who processes it are highlighted in the email.