What we collect
To deliver a product to you, we need your email address (for the download link and receipt), your billing address (for tax compliance), and a payment method (handled by Stripe, not by us). That's it — we do not collect anything else as part of a purchase.
If you email us for support, we keep the conversation for as long as it takes to resolve the issue and up to two years afterward — in case a similar thing comes up and we can reference it.
What we do not collect
We do not collect device fingerprints, browser fingerprints, or any kind of advertising identifier. No Facebook Pixel, Hotjar, Mixpanel, Segment, or any other cross-site advertising service.
We do use Google Analytics 4, but only after you opt in via the cookie banner. GA4 sets cookies and collects anonymised usage data. More on that below.
Google Analytics 4 (opt-in)
When you click Accept all on the cookie banner,
we load Google Analytics 4 via
googletagmanager.com. GA4 counts page views,
sessions, and a few custom events — add-to-cart, begin-checkout,
purchase, download-clicked, license-faq-opened.
GA3? No. GA4 sets these cookies: _ga,
_gid, and _ga_<container>.
IP addresses are anonymised — the last octet gets masked.
Google acts as a data processor under GDPR; data may be
transferred to the US under the EU-US Data Privacy Framework.
The script loads only after you give consent. It is never in the static HTML — the consent module injects it dynamically. You can opt out anytime via the "Cookie preferences" link in the footer.
Who processes our data
Stripe handles payment processing. They store your card details, billing address, and order metadata. We never see your card number. Stripe is a data controller; their own privacy policy applies to what they hold.
Brevo handles transactional email. They deliver the order confirmation, download link, and order details. Delivery metadata is retained for 30 days for spam-control purposes.
Cloudflare provides CDN, DNS, R2 (download buckets), D1 (order database), and the Worker (checkout endpoint). They see request metadata — IP, user agent, timestamps — for the duration of the request. We do not log this server-side.
Google Analytics 4 (opt-in) receives the page path, anonymised IP, user agent, and event name. Data is processed in the US under the EU-US Data Privacy Framework. See Google's privacy policy for the full list.
How long we keep it
Order data — your email, billing address, and what you bought — stays for seven years. That is a tax-law requirement, not a choice. After seven years the row is deleted.
Support emails hang around for two years from the last reply. After that, the thread gets archived and removed from active search.
Google Analytics keeps event-level data for 14 months by default. After that, it is automatically deleted from Google's servers. You can also clear your GA4 data by deleting your cookies.
Your rights under GDPR
If you are in the EU/EEA, you have the right to:
- Request a copy of all data we hold about you
- Request that we correct inaccurate data
- Request that we delete your data (subject to the retention rules above)
- Object to processing or request restriction
- Lodge a complaint with your national data protection authority
To exercise any of these, email our support team. We respond within 30 days — usually faster.
Data Protection Officer
Winsoftpedia is a one-person operation, and the data controller is Winsoftpedia. For any privacy-related question, email our support team with "Privacy" in the subject line.
Changes to this policy
If we change this policy, we will update the date at the top and email anyone who has bought a product in the last 12 months.