1. Introduction

This Privacy Policy explains how David O'Sullivan ("I", "me", or "my") collects, uses, and protects your personal information when you use the ACF Open Icons WordPress plugin and visit acfopenicons.com (the "Service").

I am committed to protecting your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information I Collect

2.1 Information You Provide

• Purchase Information: When you purchase a license through Lemon Squeezy, I receive your name, email address, billing address, and payment information (processed securely by Lemon Squeezy).
• Contact Form: When you use the contact form on this website, I collect your name, email address, and any message you send.
• License Activation: When you activate your license, I collect your site URL, IP address, and user agent information for license validation and abuse prevention.

2.2 Automatically Collected Information

• Website Analytics: I use Google Analytics and Google Tag Manager to collect information about how you use this website, including pages visited, time spent, and device information.
• Session Recording: I use Microsoft Clarity to record user sessions (with personal data redacted) to improve the website experience.
• Technical Data: I automatically collect IP addresses, browser type, operating system, and referring URLs.

3. How I Use Your Information

I use your personal information for the following purposes:

• To process and manage your license purchase
• To provide customer support and respond to inquiries
• To validate and activate your license
• To monitor for license abuse and enforce fair use policies
• To improve the website and user experience
• To send important updates about the plugin (if you opt in)
• To comply with legal obligations

4. Legal Basis for Processing

Under UK GDPR, I process your personal data based on the following legal bases:

• Contract: To fulfil the license agreement and provide the service you purchased
• Legitimate Interest: To prevent fraud, ensure license compliance, and improve the service
• Consent: For analytics and marketing communications (where applicable)
• Legal Obligation: To comply with applicable laws and regulations

5. Data Storage and Security

Your personal data is stored securely using the following services:

• Supabase: License and activation data is stored in Supabase databases, which are hosted in secure data centres with encryption at rest and in transit.
• Lemon Squeezy: Payment and purchase information is processed and stored by Lemon Squeezy, a PCI-DSS compliant payment processor.
• Email Services: Contact form submissions may be processed through email services with appropriate security measures.

I implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. However, no method of transmission over the internet is 100% secure.

6. Data Retention

I retain your personal data for the following periods:

• License Data: Retained for the duration of your license and for up to 7 years after cancellation for accounting and legal compliance purposes
• Contact Form Data: Retained for up to 2 years or until you request deletion
• Analytics Data: Retained according to Google Analytics retention settings (typically 26 months)

7. Third-Party Services

I use the following third-party services that may process your data:

• Lemon Squeezy: Payment processing and license management. See their privacy policy: https://www.lemonsqueezy.com/privacy
• Google Analytics & Tag Manager: Website analytics. See their privacy policy: https://policies.google.com/privacy
• Microsoft Clarity: Session recording and analytics. See their privacy policy: https://clarity.microsoft.com/privacy
• Supabase: Database hosting. See their privacy policy: https://supabase.com/privacy

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data I hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Request limitation of how I process your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact me at support@acfopenicons.com. I will respond within 30 days.

9. International Data Transfers

Some of the third-party services I use may transfer your data outside the UK and European Economic Area (EEA). Where this occurs, I ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK
• Adequacy decisions by the UK government
• Other legally recognised transfer mechanisms

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. I do not knowingly collect personal information from children. If you believe I have collected information from a child, please contact me immediately.

11. Changes to This Privacy Policy

I may update this Privacy Policy from time to time. I will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Visit ico.org.uk for more information.