Your privacy matters to us. This Privacy Policy explains what personal information ApaOne ("we", "us", "our") collects when you use our website and purchase our ready-made WordPress bundles, how we use that information, the legal bases we rely on, and the rights you have over your data.
1. Information we collect
We only collect the data we need to run our service and fulfil your orders:
- Account details — your first and last name, email address, and an encrypted (hashed) password when you register.
- Order & billing information — the bundles you buy, billing name, billing email, billing country, order date, and payment status.
- Support correspondence — the name, email, subject, and message you provide when you contact us or open a support ticket.
- Technical data — anonymised information such as browser type, device, and pages viewed, gathered through cookies and similar technologies.
We do not store full card numbers on our servers. Payments are processed by our PCI-compliant payment partners, who handle your card data under their own security standards.
2. How we use your information
We process your personal data to:
- Create and manage your account and deliver the bundles you have purchased.
- Issue license keys, provide download access, and send order confirmations.
- Respond to your questions and provide technical support.
- Send service and, where you have opted in, occasional product news you can unsubscribe from at any time.
- Protect our platform against fraud, abuse, and security threats, and meet our legal obligations.
3. Legal bases for processing
Where the General Data Protection Regulation (GDPR) applies, we rely on the following lawful bases: performance of a contract (to deliver your order and support), your consent (for marketing emails and non-essential cookies), our legitimate interests (to secure and improve the service), and compliance with legal obligations (such as tax and accounting rules).
4. How long we keep it
We retain account and order records for as long as your account is active and for a reasonable period afterwards to comply with financial and legal requirements. When data is no longer needed, we delete or anonymise it.
5. Sharing your data
We never sell your personal data. We share it only with trusted service providers who help us operate — such as payment processors, email delivery, and hosting providers — and only to the extent needed to perform their service. These partners are bound by contracts requiring them to protect your data.
6. Your GDPR rights
Depending on where you live, you have the right to:
- Access the personal data we hold about you and request a copy.
- Ask us to correct inaccurate or incomplete information.
- Request erasure of your data ("the right to be forgotten").
- Restrict or object to certain processing, including direct marketing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent at any time, without affecting prior lawful processing.
You also have the right to lodge a complaint with your local data protection authority.
7. Contact us
To exercise any of these rights, or if you have questions about this policy, email us at support@apaone.com. We aim to respond to every request within 30 days.