4. How We Use Your Data

We use the data we collect for the following purposes only:

• License management: Verifying your license, enforcing machine limits, managing activations and deactivations.
• Billing: Processing payments, managing subscriptions, handling refunds through Stripe.
• Communication: Sending your license key, product updates, and support responses. We may also send marketing emails if you opted in — you can unsubscribe from marketing emails at any time.
• Product improvement: Aggregate, anonymized usage data (e.g., "how many users are on the Pro plan") to improve the product. No individual data is used for this purpose.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

• Contract performance (Article 6(1)(b)): Processing necessary to deliver the Service you purchased — license activation, billing, support.
• Legitimate interest (Article 6(1)(f)): License enforcement, fraud prevention, and aggregate analytics to improve the product.
• Consent (Article 6(1)(a)): Marketing communications. You can withdraw consent at any time by clicking "unsubscribe" in any marketing email.

6. Data Sharing

We do not sell your personal data. We share data only with the following third-party processors, solely for the purposes described:

• Stripe (stripe.com) — Payment processing. Stripe is PCI-DSS Level 1 certified.
• GoHighLevel (gohighlevel.com) — CRM for lead management and email delivery of license keys and marketing communications.
• Cloudflare (cloudflare.com) — Website hosting (Cloudflare Pages), DNS, and privacy-first analytics.
• Contabo (contabo.com) — VPS hosting for our licensing backend API.

Each of these processors has their own privacy policy. We have selected processors that maintain appropriate security measures and, where applicable, comply with GDPR.

7. Data Retention

• Active accounts: We retain your account and license data for the duration of your subscription or lifetime license.
• Cancelled accounts: We retain license data for 90 days after cancellation to handle reactivation requests and refund disputes. After 90 days, account data is deleted.
• Payment records: Retained for 7 years as required by UK tax law (HMRC requirements).
• Lead capture data: Retained until you unsubscribe or request deletion.
• Website analytics: Cloudflare Analytics data is retained for 30 days and contains no personally identifiable information.

8. Your Rights

Under GDPR, UK GDPR, and applicable data protection laws, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right of rectification: Request correction of inaccurate data.
• Right of erasure: Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a machine-readable format.
• Right to object: Object to processing based on legitimate interest, including marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at support@coldpumper.com. We will respond within 30 days.

9. Cookies

The ColdPumper website uses minimal cookies:

• Essential cookies: Session management for the lead capture form and Stripe checkout flow. These are strictly necessary and cannot be disabled.
• Cloudflare cookies: Cloudflare may set cookies for security purposes (bot detection, DDoS protection). These are functional, not tracking cookies.

We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers on coldpumper.com.

10. Security

We take reasonable measures to protect your personal data:

• All data in transit is encrypted via HTTPS/TLS.
• Our licensing database uses SQLite with WAL mode and is hosted on a secured VPS with restricted SSH access.
• Stripe handles all payment data — we never see or store your full credit card number.
• License keys and passwords are generated using cryptographically secure methods.
• Admin access to the licensing backend is protected by a unique API key.

No system is 100% secure. If we become aware of a data breach affecting your personal data, we will notify you and the relevant supervisory authority as required by law.

11. International Transfers

Our licensing server is hosted in Germany (Contabo, Nuremberg data center). Stripe processes payments globally with data centers in the US and EU. GoHighLevel is US-based. Where data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses or adequacy decisions as appropriate.

12. Children

ColdPumper is a B2B product designed for business professionals. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will notify you by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact and Complaints

For privacy-related questions, data requests, or complaints:

The Grow Revenue Company Limited
128 City Road, London, EC1V 2NX
Email: support@coldpumper.com

If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk.