Privacy Policy
Last updated: December 2024
Ayelom ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and software products.
1. Information We Collect
Information you provide:
- Account information: Email address and encrypted password when you create an account
- Transaction information: Purchase details processed through Stripe (we do not store credit card numbers)
- Support requests: Information you provide when contacting customer support
Information collected automatically:
- Device identifiers: Machine IDs used solely for license activation verification
- Technical data: IP address (for security and rate limiting), browser type
2. Legal Basis for Processing (GDPR)
We process your personal data based on:
- Contract performance: To fulfill your software purchase and provide support
- Legitimate interests: To prevent fraud, ensure security, and improve our services
- Legal obligations: To comply with tax and accounting requirements
- Consent: For marketing communications (which you can withdraw at any time)
3. How We Use Your Information
- Process purchases and deliver software licenses
- Provide customer support and respond to inquiries
- Send transactional emails (order confirmations, license keys, password resets)
- Send product updates and security notices
- Verify license activations and prevent unauthorized use
- Detect and prevent fraud or abuse
- Comply with legal obligations
4. Data Sharing and Third-Party Services
We share data with the following service providers who help us operate:
- Stripe (USA) - Payment processing. Privacy Policy
- Supabase (USA) - Database hosting. Privacy Policy
- Resend (USA) - Email delivery. Privacy Policy
- Vercel (USA) - Website hosting. Privacy Policy
We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.
5. International Data Transfers
Your data may be transferred to and processed in the United States where our service providers are located. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your data when transferred internationally.
6. Data Retention
We retain your data for the following periods:
- Account data: Until you request deletion or 3 years of inactivity
- Purchase records: 7 years (for legal/tax compliance)
- License data: Duration of license validity
- Support tickets: 2 years after resolution
- Security logs: 90 days
7. Cookies and Tracking
We use only essential cookies required for the website to function:
| Cookie | Purpose | Duration |
|---|---|---|
| admin_session | Admin authentication | 24 hours |
| customer_session | Customer authentication | 7 days |
| csrf_token | Security protection | 1 hour |
We do NOT use tracking cookies, analytics cookies, or advertising cookies.
8. Your Rights
Depending on your location, you have the following rights:
GDPR Rights (EU/EEA residents):
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Withdraw consent at any time for consent-based processing
CCPA Rights (California residents):
- Know: What personal information we collect and how it's used
- Delete: Request deletion of your personal information
- Opt-out: Opt out of the sale of personal information (we do not sell data)
- Non-discrimination: Not be discriminated against for exercising your rights
To exercise these rights, contact us at privacy@ayelom.com or use the data management tools in your account settings. We will respond within 30 days (or 45 days for CCPA requests).
9. Data Security
We implement appropriate security measures including:
- Encryption in transit (TLS/HTTPS) and at rest
- Password hashing with bcrypt (cost factor 12)
- JWT-based authentication with secure, httpOnly cookies
- Rate limiting to prevent brute force attacks
- Regular security audits and updates
- Access controls and audit logging
10. Children's Privacy
Our services are not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email (if you have an account) and by posting a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related inquiries:
- Email: privacy@ayelom.com
- Support: support@ayelom.com
EU residents may also lodge a complaint with your local data protection authority.