Privacy Policy

Last updated: 15 March 2026

DPOKit (“we”, “our”, or “us”) is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we use it when you visit dpokit.com or use our services.

This policy covers the DPOKit marketing website, documentation site, customer dashboard, and licence API. It does not cover data processed by the DPOKit WordPress plugin on your own site — that data is processed by you as the data controller; please refer to the Data Processing Agreement for details.

1. Data controller

The data controller for this website is DPOKit Ltd. Contact us at privacy@dpokit.com with any privacy enquiries.

2. What data we collect

2.1 Account and purchase data

When you purchase a licence or create an account we collect your email address and the details of your purchase (plan, invoice amounts, payment status). We do not store your payment card details — these are handled directly by Stripe (see §5 below).

2.2 Licence activation data

When you activate your licence via the WordPress plugin, we record the site URL and activation timestamp so we can enforce the site-limit on your licence tier. This data is stored in our database and is never sold or shared with third parties.

2.3 Support and correspondence

If you contact us by email, we retain the content of that correspondence to resolve your enquiry and improve our support.

3. Website analytics — Plausible

We use Plausible Analytics to understand how visitors interact with our website.

3.1 Privacy-safe by design

Plausible is specifically designed to be privacy-preserving and GDPR compliant out of the box:

  • No cookies are set. Plausible does not use cookies or any other form of persistent client-side storage.
  • No personal data is collected. Plausible does not collect IP addresses, device fingerprints, or any other personal identifier. All data is aggregated and anonymous.
  • GDPR, UK GDPR, and ePrivacy exempt. Because Plausible collects no personal data and sets no cookies, it falls outside the scope of GDPR Article 4(1) and the ePrivacy Directive. No consent banner or opt-out mechanism is required.
  • No cross-site tracking. Analytics data is isolated to dpokit.com and is never shared across websites or sold to advertisers.

3.2 What Plausible records

Each page view generates an aggregate count associated with the page URL, referrer (domain only), browser family, OS family, country (country-level only, derived from a salted IP hash that is discarded immediately), and device type. No granular location data and no individual user journey is stored.

3.3 Custom events

We track the following custom conversion events to understand product usage:

  • pricing_view — when the /pricing page is viewed
  • checkout_start — when the checkout form is submitted (includes plan name and billing interval as properties — no personal data)
  • checkout_complete — when a purchase is completed (includes licence tier as a property — no personal data)
  • docs_search — when a search query is entered in the documentation search (the search term is recorded as a property to help us improve docs content — no personal data)

All event properties are non-personal and are used solely for product improvement. You can review Plausible’s own privacy policy at plausible.io/privacy.

4. Transactional email

We use Resend to deliver transactional emails (licence delivery, payment receipts, renewal reminders). Resend processes your email address as a data processor acting on our behalf under a Data Processing Agreement.

5. Payments — Stripe

Payment processing is handled by Stripe. When you purchase a licence, you are redirected to a Stripe-hosted checkout page. We never see or store your full card number, CVC, or other sensitive payment credentials. Stripe is certified to PCI DSS Level 1. See Stripe’s Privacy Policy for more detail.

6. Data retention

We retain customer account and purchase data for as long as your account is active and for seven years thereafter to comply with financial and tax record-keeping obligations. You may request deletion of your account at any time (see §8 below); records subject to a legal retention obligation will be anonymised rather than deleted.

7. Legal basis (GDPR / UK GDPR)

  • Contract (Art. 6(1)(b)): processing your email and licence data to deliver the services you purchased.
  • Legal obligation (Art. 6(1)(c)): retaining financial records for tax compliance.
  • Legitimate interests (Art. 6(1)(f)): sending renewal reminders and service announcements; improving product quality using anonymised analytics data.

8. Your rights

Under GDPR and UK GDPR you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing. To exercise any of these rights, email privacy@dpokit.com. We will respond within 30 days. You also have the right to lodge a complaint with your supervisory authority (ICO for UK residents; your national DPA for EU residents).

9. Cookies

This website uses only functional cookies strictly necessary to operate the service (e.g. authentication session cookies when you are logged in to the customer dashboard). No advertising, tracking, or third-party cookies are set. See our Cookie Policy for the full list.

10. Changes to this policy

We may update this policy periodically. Material changes will be communicated by updating the “Last updated” date at the top of this page and, where appropriate, by email. Your continued use of the site after a change constitutes acceptance of the revised policy.