Effective date: 30 September 2025
Website: www.licenselodge.com (“Site”)
Company: LicenseLodge (“we”, “us”, “our”)
Contact: [email protected]
This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our Site, create an account, or purchase our digital software products. It is designed to meet requirements under the UK GDPR & Data Protection Act 2018, EU GDPR, and relevant U.S. state privacy laws (including California CCPA/CPRA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Virginia VCDPA), as well as PECR (UK) and CAN-SPAM (US) for marketing emails.
You provide:
Identity & Contact: name, email, billing/shipping addresses.
Account data (optional): login credentials, order history, preferences.
Communications: support requests, emails, and any information you send us.
Collected automatically (when you use the Site):
Device/usage data: IP address, browser type, pages viewed, time zone, identifiers stored in cookies or similar tech.
Transaction metadata: order ID, totals, currency, payment status (we do not see full card numbers).
From third parties (as your processors):
Payment processors: Stripe and PayPal share limited info needed to confirm payment, prevent fraud, and handle chargebacks.
Email service & CRM tools (if used): email engagement (open/click) to manage subscriptions and deliver service updates.
We do not intentionally collect special category data or precise geolocation.
To run the Site and sell to you
Process orders, deliver digital keys, provide invoices/support, manage your account.
Legal bases (UK/EU): contract performance; legitimate interests (running our business); legal obligation (tax/records).
To communicate & market
Service messages (order confirmations, key delivery, support).
Optional marketing emails about offers and new products — you can opt out anytime via the unsubscribe link or by emailing [email protected].
Legal bases (UK/EU): consent (where required by PECR/GDPR); legitimate interests (B2C/B2B where permitted).
Security & fraud prevention
Detect, prevent, and respond to fraud, abuse, and security incidents.
Legal bases (UK/EU): legitimate interests; legal obligation.
Analytics & improvements
Understand performance, fix bugs, and improve UX.
Legal bases (UK/EU): consent for non-essential cookies; legitimate interests for basic, strictly necessary analytics.
We use essential cookies (for cart, checkout, login) and may use optional analytics/marketing cookies. Where required, we will ask for consent before setting non-essential cookies. You can:
use your browser controls to block/delete cookies; and
(where available) adjust preferences in our cookie banner/“Cookie Settings”.
Blocking some cookies may affect Site functionality.
We use Stripe and PayPal to process payments. Your payment information is handled directly by these providers under their own terms and privacy notices. We receive tokens/confirmation and limited details (not full card numbers).
Stripe: privacy & security frameworks (e.g., SCCs/DPF, PCI-DSS).
PayPal: privacy & security frameworks (e.g., SCCs/DPF, PCI-DSS).
We share personal data with:
Service providers/“processors” (hosting/ecommerce platform, payment processors, email providers, anti-fraud, error logging, basic analytics) under contracts that limit their use to our instructions.
Professional advisors (legal/accounting), law enforcement/regulators (where required), and buyers/successors in a merger or acquisition.
We do not sell personal information and we do not knowingly “share” it for cross-context behavioral advertising as defined by CPRA. If that changes, we will update this Policy and provide opt-out mechanisms.
We operate in the UK and may transfer data to service providers located outside the UK/EEA (e.g., the U.S.). When we do, we rely on adequacy decisions (where applicable), Standard Contractual Clauses, and/or providers’ Data Privacy Framework participation, plus supplementary measures as needed.
We keep personal data only as long as necessary for the purposes above, including:
Orders & tax records: typically 6 years (UK) or longer if required by law.
Marketing data: until you unsubscribe or the data becomes inactive/obsolete.
Support tickets: as long as needed to resolve and for audit/compliance.
UK/EU (GDPR) rights: access, rectification, erasure, restriction, portability, and objection (including to direct marketing). You also have the right to withdraw consent at any time where processing is based on consent.
US state privacy rights (where applicable): right to know/access, correct, delete, data portability, and to opt out of sale, sharing for targeted advertising, or profiling for significant effects. We do not sell/share as defined, but you may still contact us to exercise rights.
How to exercise: email [email protected]. We may verify your identity. You may use an authorized agent (US) subject to verification.
Complaints (UK/EU): You can complain to your local authority. In the UK, contact the ICO (www.ico.org.uk). We encourage you to contact us first so we can help.
Our Site is not intended for children under 16 (or under 13 in the U.S.). We do not knowingly collect data from children. If you believe a child has provided data, contact [email protected] and we will delete it.
We use administrative, technical, and physical safeguards appropriate to the nature of the data and our business (e.g., encryption in transit, access controls). No system is 100% secure; please keep your account credentials confidential.
We send service emails necessary to your order/account. For marketing emails, you can unsubscribe using the link in the email at any time, or email [email protected]. We comply with PECR (UK) and CAN-SPAM (US).
Your browser may send a Do Not Track (DNT) signal; there is no uniform industry standard for responding. Where required by law, we will honor Global Privacy Control (GPC) signals for opt-out preferences related to sale/sharing/targeted advertising (if applicable).
We may update this Policy from time to time. Material changes will be highlighted on this page and/or notified by email where appropriate. Please review periodically.
Questions, requests, or complaints about this Policy or our data practices:
Email: [email protected]
Postal: Please email us to obtain the appropriate contact address for data rights requests.
Controller: LicenseLodge (contact above).
Lawful bases: contract, legitimate interests (e.g., running and protecting our business, preventing fraud, direct marketing where permitted), consent (non-essential cookies/marketing where required), legal obligation.
Transfers: Adequacy/SCCs/DPF as applicable.
Right to object: You can object to processing based on legitimate interests (including profiling) and to direct marketing at any time.
Categories collected (past 12 months): Identifiers (name, email, IP), customer records (addresses), commercial information (purchases), Internet/Network activity (usage/cookies), inferences (limited, if analytics used).
Sensitive personal information: not intentionally collected.
Purposes: order processing, customer service, security/fraud prevention, marketing (with opt-out), analytics, compliance.
Sale/Share: We do not sell or share personal information as defined by CPRA.
Rights: know/access, correct, delete, portability, opt-out of sale/share/targeted advertising, non-discrimination.
How to exercise: [email protected] (and GPC signals where applicable).
Rights include access, correction (except Utah), deletion, portability, and opt-out of targeted advertising/sale/profiling for significant effects (definitions vary). Contact [email protected] to exercise.
Copyright © 2025 LicenseLodge
Longley Limited
298418401
SUITE C, LEVEL 7,
WORLD TRUST TOWER, 50
STANLEY STREET, CENTRAL
