Datenschutzerklärung

Wootools.io Privacy Policy

1. Introduction

Welcome to Wootools.io, operated by Konstantin Botschmanowski (Operator of Wootools.io) (“we”, “our”, “us”). We are committed to protecting your privacy and ensuring that your personal information is handled securely and in compliance with applicable law. This Privacy Policy explains how we collect, use, store and protect your personal information when you visit our website or purchase our plugins or related products.

Our services are primarily intended for customers in the United States, but individuals from the European Union (EU), the European Economic Area (EEA) and other jurisdictions may also access our website and purchase our products. Therefore, this Privacy Policy is designed to comply with both U.S. privacy laws and the EU General Data Protection Regulation (GDPR). We are committed to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation and integrity and confidentiality as set out in the GDPR.

By using our services, you agree to this Privacy Policy. If you do not agree, please do not use our website or products.

2. Data Controller

Controller: Konstantin Botschmanowski (Operator of Wootools.io)
Email: hello@wootools.io
Business address: available upon request

We do not currently appoint a data protection officer, as we are not legally required to do so. If you have questions about this Privacy Policy or your personal data, you may contact us using the email address above.

3. Data We Collect

We collect and process personal data only where we have a lawful basis to do so and where the data is relevant to the purposes described in this Privacy Policy. The categories of personal data we may collect and process include:

• Contact Information – such as your name, email address and other details you provide when you purchase a product, create an account or communicate with us.
• Account and Purchase Data – including product licences, purchase history and subscription details.
• Payment Data – payment information is processed securely by our payment provider. We do not store full card details ourselves; we only receive limited payment metadata (transaction ID, amount and payment status) necessary for licensing and support.
• Technical and Usage Data – such as IP address, browser type and version, operating system, device information, pages visited, referring URLs, the date and time of your visits, error reports and other diagnostic data collected automatically when you use our website and services. We may also record certain usage metrics (for example, plugin activation, feature usage and error logs) to ensure the proper functioning of our products and to improve performance. These data are pseudonymised where possible and are not used to build individual profiles. We also collect email addresses from individuals who sign up for a trial version so that we can provide access and communicate about the trial.
• Communication Data – messages, support requests and feedback you send to us (e.g., via email or contact forms).
• Email Preferences – your opt‑in/opt‑out choices for marketing or product updates.

We do not intentionally collect data from individuals under the age of 16.

4. How We Use Your Data

We process your personal data for the following purposes:

1. To fulfil contracts. We process data to process your order, deliver the purchased product, manage your account and provide customer support.
2. To communicate with you. We send important information about our services (e.g., order confirmations, security alerts, updates or changes to our terms). With your consent, we may send marketing or promotional emails related to our tools and plugins; you can opt out at any time.
3. To comply with legal obligations. We process data to meet accounting, taxation and other legal requirements.
4. To protect our legitimate interests. We use data to operate, maintain and improve our services, prevent fraud, and ensure security and stability of our website and systems.
5. For trials and marketing. If you sign up for a trial, we use your email address to send information about the trial and related marketing. You can unsubscribe at any time.

We do not engage in automated decision‑making or profiling that produces legal or similarly significant effects on you. All decisions relating to your account and orders are made by human staff.

5. Legal Bases for Processing (EU/EEA Users)

If you are located in the EU or EEA, we rely on the following legal bases under the GDPR:

• Contractual necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract (e.g., fulfil an order, provide customer support).
• Legal obligation: Processing is necessary to comply with applicable laws (e.g., tax and accounting requirements).
• Legitimate interests: Processing is necessary for our legitimate interests in operating and improving our services and preventing fraud, provided these interests are not overridden by your rights and freedoms. We carefully balance our interests against any potential impact on you.
• Consent: We seek your consent for optional communications such as marketing emails. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

6. Payment Processing

We use Paddle.com Market Ltd as our Merchant of Record to handle all payments. When you make a purchase, Paddle collects and processes your payment information (such as billing details and card data) in accordance with its own privacy policy and compliance measures. We only receive limited payment data (transaction ID, amount and status) sufficient for licensing, support and record‑keeping. Paddle may process your data outside the EU (e.g., in the USA); in such cases, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) to protect your personal data.

7. Email and Communication Services

We use SendGrid, a service operated by Twilio Inc. (USA), to send transactional and marketing emails (such as order confirmations and newsletters). Your email address and basic communication data may be stored on SendGrid servers located in the United States. Twilio participates in the EU–U.S. Data Privacy Framework and uses SCCs to ensure lawful international data transfers.

8. Hosting and Infrastructure

Our website and related services are hosted by Spaceship Ltd. on servers located in the European Union. Spaceship processes basic technical and usage data (such as IP addresses and browser types) to maintain site stability and performance. Data is stored within the EU under GDPR‑compliant conditions.

9. Cookies and Tracking Technologies

We use only essential cookies required for the website to function properly (for example, to maintain login sessions and shopping cart functionality). We do not use third‑party analytics or advertising cookies. Cookies set by Paddle or our e‑commerce tools (Bricks Builder and WooCommerce) may also be necessary to process payments or maintain your shopping session. You may disable cookies through your browser settings, but certain parts of the site may not work correctly if you do.

10. Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected, to satisfy legal, accounting or reporting requirements and to establish or defend legal claims. Specific retention periods include:

• Invoice and transaction data – retained for 10 years to comply with tax and accounting obligations.
• Support enquiries – retained for 2 years to handle repeat issues and maintain service quality.
• Account data (including licence keys and purchase history) – retained for the duration of your relationship with us and deleted when no longer necessary, unless retention is required by law.
• Marketing preferences and trial sign‑ups – retained until you unsubscribe or request deletion.

When data is no longer needed, we securely delete or anonymise it. If we are required to keep data longer (for example, to comply with statutory retention periods or to resolve disputes), we will ensure the data is archived and access is restricted until it can be safely erased.

11. Data Sharing and International Transfers

We do not sell or rent personal data. We share limited data only with trusted service providers and business partners who help us operate our services, fulfil our contractual obligations or comply with legal requirements. These providers act as processors on our behalf and are bound by confidentiality and data‑protection obligations. We may also disclose personal data if required by law, to protect the rights, property or safety of us or others, or in connection with a business transfer (e.g., merger, acquisition or sale of assets). The main categories of recipients are:

• Paddle.com (USA) – payment processing and Merchant of Record services.
• SendGrid / Twilio Inc. (USA) – email delivery and communications.
• Spaceship Ltd. (EU) – hosting and infrastructure.
• Kie.ai API – where the Plugin invokes the API to generate AI mockups; this may require transmitting anonymised usage data for image generation. Kie.ai’s servers may be located outside the EU.

Some data may be transferred outside the EU/EEA to the United States. In such cases, we rely on SCCs, the EU–U.S. Data Privacy Framework, and similar safeguards to ensure an adequate level of protection for your personal data.

12. Your Rights (EU/EEA Users)

If you are located in the EU or EEA, you have the following rights under the GDPR:

1. Right of access – to obtain confirmation of whether we process your personal data and to receive a copy of it.
2. Right to rectification – to request correction of inaccurate or incomplete personal data.
3. Right to erasure (“right to be forgotten”) – to request deletion of your personal data when it is no longer needed or if processing is unlawful.
4. Right to restrict processing – to request that we limit the processing of your personal data under certain circumstances.
5. Right to object – to object to processing based on our legitimate interests or for direct marketing purposes.
6. Right to data portability – to receive your personal data in a structured, commonly used and machine‑readable format and to transmit it to another controller.
7. Right to withdraw consent – to withdraw your consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at hello@wootools.io. We may require verification of your identity before responding. We will handle requests within the timelines required by applicable law and may refuse or limit a request if it is manifestly unfounded or excessive.

13. Data Security

We implement appropriate technical and organisational measures to safeguard your personal information against loss, misuse, unauthorised access, disclosure or destruction. These measures include:

• Use of SSL/TLS encryption to protect data in transit.
• Access restrictions and authentication controls for our systems; repeated failed login attempts trigger an IP lockout for 24 hours.
• Regular security reviews and updates to address emerging threats.
• Employee awareness and confidentiality obligations.

Although we strive to protect your data, no system or transmission over the Internet is completely secure. You are responsible for keeping your account credentials confidential.

14. California Consumer Privacy Act (CCPA) Notice

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to request information about the personal data we collect, use and disclose.
• The right to request deletion of your personal data.
• The right to opt out of the “sale” of personal data (we do not sell any personal data).

Requests may be submitted to hello@wootools.io. We will verify your identity before responding and will not discriminate against you for exercising your rights.

15. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Konstantin Botschmanowski (Operator of Wootools.io)
Email: hello@wootools.io
Business address: available upon request

16. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The most recent version will always be available on this page with the updated effective date. If changes are material, we will provide notice via email or on our website before the changes take effect. Continued use of our services after the effective date constitutes acceptance of the revised policy.

Effective date: 28 October 2025