Privacy Policy

Effective Date: 10 September 2025
Last Updated: 11 September 2025

SOFTPIQ Limited (“SOFTPIQ”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data in a transparent and lawful manner. This Privacy Policy explains what information we collect, how we use it, with whom we share it, how we protect it, and the rights you have. It applies to visitors and customers of our websites, accounts, digital products, software licenses, and services (collectively, the “Services”).

SOFTPIQ Limited is a company registered in England and Wales (Company No. 15100237).
Registered office: 128 City Road, London, EC1V 2NX, United Kingdom.
Contact (privacy): privacy@softpiq.com (preferred) | +44 7577 679561.
For general support: support@softpiq.com.

1) Who We Are & Roles

Data Controller. For most processing described here, SOFTPIQ acts as the data controller (decides why/how your personal data is processed).
Processors/Service Providers. We engage vetted third parties (e.g., payment gateways, hosting, analytics, advertising platforms) that process data under our instructions and contracts.

We comply with the UK Data Protection Act 2018, UK GDPR, the EU GDPR (where applicable), and other relevant privacy regulations (e.g., CCPA/CPRA for California residents).

2) What We Collect

2.1 Information You Provide

Account & Profile. Name, email, password (hashed), billing address, optional phone.
Orders & Support. Order details, product selections, license activation info, support messages/attachments, feedback.
Payment Details. Payments are processed by PCI-DSS compliant providers (e.g., Stripe/PayPal/Mollie). We never collect or store CVV/CVC and do not store full PAN. We may receive/store limited card metadata from the processor (e.g., last 4 digits, brand, expiry month/year) for receipts, fraud prevention, and dispute handling.

2.2 Information Collected Automatically

Technical & Usage Data. IP address, device identifiers, browser type/version, operating system, pages viewed, referring/exit URLs, timestamps, and general interactions with the site.
Cookies & Similar Technologies.
- Strictly necessary (session, security, checkout).
- Functional (preferences, live chat).
- Analytics (e.g., Google Analytics—only after consent where required; IP anonymization configured when applicable).
- Advertising/Retargeting (e.g., Meta Pixel, TikTok Pixel, Google Ads tags—only after consent where required).
  See our Cookie Policy for details, retention, and how to change choices at any time via our consent banner (we honor Do Not Track/Global Privacy Control to the extent required).

2.3 Information from Third Parties

Payment Processors. Transaction confirmations, risk signals, limited card metadata.
Authorization/Partners. Where a third-party product is fulfilled (e.g., software license registration), we may receive/confirm activation data from the rights holder.
Fraud Screening & Verification. Risk-scoring signals, geolocation at coarse level, device fingerprint signals (for anti-abuse).
Social/Single Sign-On (if enabled). Limited profile info (e.g., name/email) to create/authenticate your account—subject to your SSO platform settings.

3) Why We Use Your Information (Purposes & Legal Bases)

Contract Necessity

Process orders, deliver digital downloads/license keys, provide professional services and support, manage subscriptions, issue invoices/receipts.

Legitimate Interests

Security & Fraud Prevention. We use automated fraud-screening and device/transaction risk-scoring tools (often via our payment processors) to detect abuse and protect customers. Where elevated risk is detected, fulfilment may be paused pending a brief manual review or KYC check.
Improve Services, troubleshoot, analytics (in aggregated/de-identified form where possible), service communications (e.g., delivery notices, critical updates).
Defend legal claims (evidence preservation, chargeback response).

Consent

Marketing communications (email/SMS where applicable).
Non-essential cookies/advertising tags (Meta/TikTok/Google Ads) and analytics in consent jurisdictions.
You may withdraw consent at any time (e.g., unsubscribe link, cookie banner “Cookie Settings”).

Legal Obligations

Tax and accounting record-keeping, responding to lawful requests, sanctions/export/AML compliance, consumer protection rules.

4) How We Share Information

We do not sell personal information. We share only as necessary:

Payment Gateways (PCI-DSS). To process transactions, detect fraud, and manage disputes/chargebacks.
Hosting/Cloud & Security. Website/app hosting, backups, DDoS protection, content delivery networks, logging/monitoring.
Email & Communications Tools. Order confirmations, support replies, operational notices.
Analytics & Advertising (with consent). Google Analytics; Meta, TikTok, Google Ads tags to measure performance and, if consented, deliver/optimize ads. We receive aggregated reports; partners process data under their policies.
Escrow Providers (high-value orders). Where an order is processed via a third-party escrow service, we share only what is necessary to set up, verify, and complete the transaction (e.g., your name, contact details, item/amount, and milestone/transfer status). The escrow provider processes such data under its own privacy policy and applicable financial regulations.
Authorized Rights Holders/Partners. For fulfillment/activation of authorized third-party software or digital goods (limited to the minimum required).
Professional Advisors & Compliance. Auditors, accountants, legal counsel.
Law Enforcement/Regulators. Where required by law or to protect rights, safety, and the integrity of our Services.
Corporate Transactions. In a merger, acquisition, or asset transfer, data may transfer to a successor subject to this Policy or a policy affording substantially similar protections.

5) Advertising & Analytics Details (Meta, TikTok, Google & Others)

What runs: With consent (where required), our site may use Meta Pixel, TikTok Pixel, Google Ads/Conversion Tracking and similar tools to measure campaign performance and show more relevant ads off-site.
What is shared: These tools may record page views, product views, cart events, or purchases, and associate them with a pseudonymous ID or a login you hold with the platform. We do not receive your social media account passwords or direct profile data from these platforms.
Your controls: Manage cookie preferences in our banner; adjust ad preferences in your platform accounts (e.g., “Ad Preferences” on Meta/TikTok; “Ads Settings” on Google); use Global Privacy Control (GPC) and browser-based tracking limits.
No consent, no ads cookies: In regions requiring consent, we do not load advertising cookies/pixels until you opt in.

6) International Transfers

Your data may be processed in the UK, EEA, US, or other countries where our providers operate. Where required, we use appropriate safeguards, such as UK International Data Transfer Addendum (IDTA) and/or EU Standard Contractual Clauses (SCCs), plus supplementary measures, or rely on adequacy decisions. You may request information on the safeguards used for your data.

7) Data Retention

We retain personal data only as long as necessary for the purposes set out above or as required by law. Typical periods:

Account & Orders: For the life of your account and at least 6–7 years thereafter to meet tax/accounting requirements.
Support Tickets: Up to 3 years after resolution, unless needed longer for legal compliance.
Marketing Preferences: Until you opt out; we maintain a suppression list to respect future opt-outs.
Cookies/Analytics: As configured per tool/vendor (see Cookie Policy).
Dispute/Chargeback Evidence: Up to 24 months after resolution to comply with card-network rules and defend legitimate claims.

Data no longer required is deleted or anonymized. Where deletion is not immediately feasible (e.g., backups), data is securely stored and isolated.

8) Your Rights

Depending on your location, you may have the following rights:

Access to the personal data we hold about you.
Rectification of inaccurate or incomplete data.
Erasure (subject to lawful exceptions).
Restriction of processing in certain cases.
Objection to processing based on legitimate interests and to direct marketing at any time.
Portability for data you provided to us, where processing is based on consent or contract and technically feasible.
Withdraw Consent where processing is based on consent (e.g., marketing, non-essential cookies).

How to exercise: Email privacy@softpiq.com (or use “Privacy/Contact” on our site). We may request additional information to verify your identity. We aim to respond within one month (GDPR) or applicable legal timeframe.

Complaints: You may lodge a complaint with your local data protection authority. In the UK, this is the ICO (Information Commissioner’s Office). We encourage contacting us first so we can address your concern quickly.

9) California Privacy (CCPA/CPRA) — Summary

We do not “sell” personal information for money.
Certain advertising/analytics activities may be considered “sharing” for cross-context behavioral advertising. Where required, we obtain consent and provide a mechanism to opt out of sale/sharing (via our cookie banner or a “Your Privacy Choices/Do Not Sell or Share” link).
Rights: Right to know/access, delete, correct, opt out of sale/sharing, and non-discrimination for exercising your rights.
Sensitive Personal Information: We do not use SPI to infer characteristics; when collected (e.g., limited KYC for high-value/escrow), it is restricted to necessary purposes and protected under heightened controls.

10) Children’s Privacy

Our Services are not directed to children. We do not knowingly collect personal data from anyone under 16 (and in some jurisdictions, under 13). If you believe a child has provided data to us without proper consent, contact us and we will delete it.

11) Security

We implement appropriate technical and organizational measures to protect your data, including TLS/HTTPS encryption in transit, restricted access, least-privilege controls, monitoring, and regular security reviews. No system can be 100% secure; you are responsible for safeguarding your credentials and using up-to-date security on your devices. If we become aware of a data breach likely to result in a risk to your rights and freedoms, we will notify you and regulators as required by law.

12) Automated Decision-Making & Profiling

We do not make decisions with legal or similarly significant effects solely by automated means. We use limited profiling for:

Fraud prevention (risk-scoring to protect you and us).
Advertising segmentation (only with consent where required).
You may object to profiling for direct marketing at any time.

13) Third-Party Links

Our site may contain links to third-party sites or content. Their privacy practices are governed by their own policies; please review them. We are not responsible for third-party sites.

14) Changes to This Policy

We may update this Privacy Policy to reflect changes in laws, technologies, or our Services. We will post the updated version with a new “Last Updated” date and, for material changes, provide additional notice (e.g., banner or email). Continued use of the Services after an update signifies acceptance of the revised Policy.