GDPR Compliance

LicenceBot is committed to protecting the personal data and privacy of all users in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. We respect your right to privacy and put transparent, secure practices at the core of our platform architecture. Licensing data is processed lawfully, fairly, and in a transparent manner.

LicenceBot acts as the Data Controller for personal data processed when you create an account, purchase subscriptions, or connect your stores. When you sync customer data from your own e-commerce stores (like WooCommerce or Shopify), you act as the Data Controller, and LicenceBot acts as the Data Processor. Our processing agreements strictly govern this relationship.

• Contractual Necessity: To deliver core services, manage accounts, and fulfil licence key deliveries automatically.
• Legitimate Interest: Analytics, platform security, fraud prevention, and system health checks.
• Consent: For direct marketing communications and processing non-essential cookies.

Under GDPR, you have the right to access (receive a copy of your data), rectify (correct inaccuracies), erase ("right to be forgotten"), and restrict the processing of your data. You also maintain the right to data portability (receiving CSV exports of your metrics and inventory) and the right to object to profiling or automated decision-making. We process all Data Subject Access Requests (DSARs) within 30 days.

We implement rigorous technical measures including AES-256 for data at rest and TLS 1.3 for data in transit. Should we process data outside the European Economic Area (EEA), we do so under approved Standard Contractual Clauses (SCCs). Our sub-processors are chosen carefully and legally bound to uphold equivalent data standards.