Welcome to the new GPLDL Site - all systems operational!

GPLDL
Search
Open menu

Privacy Policy

This Privacy Policy explains what personal data GPLDL uses, why it is used, how it is shared, how long it is kept and what choices or rights users have.

Last updated

June 14, 2026. This policy is written for the current GPLDL Astro service, member system, PayPal checkout, protected download delivery and email operations.

1. Controller and Contact

GPLDL is responsible for the personal data it processes to operate the GPLDL website and member service, unless a separate legal notice identifies a different controller for a specific part of the service.

Use theGPLDL contact formfor privacy requests, account requests, deletion requests, correction requests, export requests, payment privacy questions and security concerns. Do not include passwords, full payment card data, reset links, verification links, license keys or other secrets in messages.

GPLDL publishes required operator, representative or data protection officer details in the relevant legal notice where those requirements apply.

2. Scope

This policy applies to GPLDL website visits, account registration, login, email verification, password reset, email changes, member pages, checkout, payment reconciliation, protected downloads, contact requests, transactional email, admin support, security controls and operational logs.

This policy does not control privacy practices of PayPal, original WordPress product developers, hosting providers outside GPLDL's control, third-party websites linked from GPLDL, or services you choose to use with downloaded software.

3. Personal Data GPLDL Processes

  • Account data: name, username, display username, email address, canonical email address, email-verification status, account role, account status, timestamps and optional profile fields such as display name, locale, timezone or marketing preference.
  • Authentication data: password hashes, account-provider records, sessions, verification records, password-reset records, email-change records, rate-limit records, session cookies, IP address and User-Agent metadata where needed by the authentication system for security and abuse prevention.
  • Policy-consent data: acceptance of Terms of Service and Privacy Policy versions, source of acceptance, timestamps, import attestations for legacy accounts and related evidence notes.
  • Membership data: plan, entitlement, source, status, validity window, quota totals, quota counters, quota adjustments, active or historical restrictions, admin notes and account-support context.
  • Payment data: PayPal order IDs, capture IDs, dispute IDs, amounts, currency, status, checkout evidence, raw PayPal create/capture/webhook/dispute payloads and reconciliation metadata. GPLDL does not intentionally store full payment card numbers.
  • Download data: requested file, file version, plan snapshot, quota scope, grant status, event status, timestamps, signed-URL expiry, file snapshots and HMAC hashes of IP address and User-Agent for app-owned download records. GPLDL does not store full signed download URLs.
  • Contact data: contact category, first name, last name, email address, username, message text, form metadata and delivery/error metadata needed to process or diagnose the request.
  • Email data: transactional email outbox records, recipient, subject, template, message status, provider message ID, delivery status, bounce, complaint, rejection or delay signals, suppression records and provider event payloads.
  • Security and operations data: admin audit logs, support notes, restrictions, system settings, maintenance telemetry, operational JSON logs, request metadata, rate-limit fingerprints, webhook verification records and error records.
  • Analytics data: privacy-focused aggregate website analytics may be used if enabled, without advertising profiles or cross-site behavioral advertising.

4. Why GPLDL Uses Personal Data

  • To create, verify, authenticate and secure member accounts.
  • To provide free and paid membership access, enforce quotas, issue protected downloads and maintain account history.
  • To create PayPal orders, capture payments, reconcile completed payments, process refunds, disputes and chargebacks, and keep paid access aligned with verified payment state.
  • To send transactional account emails, verification links, password-reset links, email-change links, membership confirmations and service notices.
  • To respond to contact requests, privacy requests, copyright notices, repository concerns, support questions and account issues.
  • To detect, prevent and investigate abuse, account compromise, scraping, payment fraud, quota circumvention, suspicious traffic, security incidents and Terms violations.
  • To operate, test, debug, monitor and improve the GPLDL service, including admin dashboards, operational status, audit trails, backups and maintenance jobs.
  • To comply with legal, tax, accounting, payment, audit, dispute, consumer-protection, copyright, privacy and security obligations.
  • To send optional update or marketing communications only where GPLDL has an appropriate legal basis, such as consent or another lawful basis allowed by applicable law.

5. Legal Bases Where GDPR-Style Law Applies

  • Contract: account creation, login, membership access, checkout, downloads, account pages, support needed to provide the service, and transactional service messages.
  • Consent: optional marketing preferences, any optional analytics or cookies where consent is required, and any specific consent collected for immediate digital delivery where applicable.
  • Legitimate interests: security, abuse prevention, fraud prevention, service integrity, operational logging, rate limiting, dispute defense, quality control, repository governance and privacy-preserving analytics, balanced against user rights.
  • Legal obligation: tax, accounting, consumer law, payment records, sanctions or fraud controls, lawful requests, recordkeeping, dispute handling and compliance obligations.
  • Legal claims: preserving and using records where needed to establish, exercise or defend legal claims.

6. Cookies and Similar Technologies

GPLDL uses essential cookies and similar browser storage for authentication, sessions, CSRF protection, security, account workflows and service preferences. These are needed for the member service to work.

GPLDL does not use third-party advertising cookies, does not sell personal data and does not share personal data for cross-context behavioral advertising.

If privacy-focused analytics such as Umami are enabled, GPLDL uses them to understand aggregate website usage, not to build advertising profiles. Where law requires opt-in consent for analytics, GPLDL collects that consent before enabling non-essential analytics for the user.

7. Service Providers and Recipients

  • PayPal processes checkout, capture, refund, dispute, chargeback and webhook data for paid memberships.
  • Amazon SES or another configured SMTP/email provider sends transactional account and service emails and may process delivery, bounce, complaint, rejection and delay events.
  • DigitalOcean Spaces or another S3-compatible private object store stores protected ZIP files and issues short-lived signed URLs after server-side authorization.
  • Hosting, CDN, DNS, deployment, logging, database, backup, monitoring and security providers process data needed to run, protect and troubleshoot GPLDL.
  • A contact-form delivery endpoint or support workflow receives contact submissions so GPLDL can respond.
  • Professional advisers, payment providers, dispute processors, law enforcement, courts, regulators or rights holders may receive data when necessary for legal compliance, claims, abuse prevention, payment disputes or rights review.
  • Admins and authorized operators may access personal data only as needed for support, security, payment, download, privacy, maintenance, audit or legal workflows.

8. Third-Party Provider Policies

PayPal handles payment information under its own privacy terms. Review PayPal's privacy information before paying through PayPal.

Amazon Web Services or another email/storage provider may process infrastructure and email data under its own service terms and privacy commitments when GPLDL uses that provider.

Third-party WordPress product developers, SaaS providers, license-key systems, hosted APIs and websites linked from GPLDL are independent from GPLDL. Their own privacy terms apply when you interact with them directly.

9. International Transfers

GPLDL users, providers, infrastructure and support workflows may be located in different countries. Personal data may therefore be processed outside your country or region.

Where GDPR-style transfer rules apply, GPLDL relies on appropriate safeguards such as provider data-processing terms, adequacy decisions, standard contractual clauses or other lawful transfer mechanisms as applicable.

10. Retention

  • Account records are generally kept while the account exists and for a reasonable period afterward if needed for security, dispute, legal, accounting or operational reasons.
  • Session, verification, reset and email-change tokens expire according to their security purpose, though related audit or delivery metadata may be retained longer.
  • Membership, quota, download, PayPal, refund, dispute, chargeback, policy-consent and audit records may be retained for as long as needed for payment reconciliation, tax/accounting records, abuse prevention, dispute defense, legal obligations and service integrity.
  • Contact requests are kept as long as needed to answer the request, preserve support history, investigate abuse or maintain legal evidence.
  • Transactional email records and delivery events are kept as needed for account evidence, deliverability, suppression, abuse prevention and operational diagnosis.
  • Security logs, rate-limit records, webhook records, maintenance telemetry and backups are kept for limited operational periods unless a longer period is needed for investigation, legal obligations, incident response or dispute defense.
  • When GPLDL no longer needs identifiable data, it may delete, anonymize, aggregate or restrict the data, unless retention is required by law or legitimate operational needs.

11. Security

GPLDL uses server-side entitlement checks, email verification, password hashing, session controls, rate limiting, CSRF protections, signed download URLs, webhook verification, audit logs, restricted admin pages and operational redaction controls to protect the service.

App-owned download and rate-limit metadata uses HMAC hashing for IP/User-Agent-style request metadata where possible. Normal admin lists avoid rendering raw message bodies, raw rate-limit keys, raw webhook payloads, secrets, reset links, verification links and signed URLs.

No website or storage system can be guaranteed perfectly secure. Users should keep passwords secret, use unique credentials, protect their email account and contact GPLDL promptly if they suspect unauthorized access.

12. Automated Decisions and Access Rules

GPLDL uses automated server-side rules to decide whether an account can sign in, start checkout, receive paid access, use free quota, receive a download grant, resend verification email or access admin-only pages.

These decisions are based on account state, email verification, role, active restrictions, plan, payment state, quota, file availability, membership entitlement, security rules and rate limits.

If you believe an account, payment or download decision is wrong, contact GPLDL for review. PayPal may make separate payment-risk or checkout decisions under PayPal's own rules.

13. Your Choices and Rights

  • You can review account email, membership status, quota and billing history in the member area where available.
  • You can request correction of inaccurate account data.
  • You can request access to personal data GPLDL holds about you.
  • You can request deletion of your account, subject to identity verification and retention required for payment, tax, security, audit, dispute, abuse-prevention or legal reasons.
  • You can object to or request restriction of certain processing where applicable law gives you that right.
  • You can request data portability where applicable law gives you that right.
  • You can withdraw consent for consent-based processing, such as optional marketing, without affecting processing that happened before withdrawal.
  • You can complain to a data protection authority or regulator where applicable law gives you that right.

14. Requests and Verification

Send privacy requests through the contact form and identify the GPLDL account email or username involved. GPLDL may require reasonable verification before acting on a request, especially for deletion, export, email change, payment history or account-security requests.

GPLDL may refuse, limit or delay a request where permitted by law, including when a request cannot be verified, conflicts with legal obligations, threatens another person's rights, affects security evidence, concerns privileged information, would disclose trade secrets or would interfere with active payment, abuse, security or legal investigations.

15. Children

GPLDL is not directed to children. Users should not create an account or use paid checkout if they are not old enough to enter into the required agreement under the laws that apply to them.

If you believe a child provided personal data to GPLDL, contact GPLDL so the account can be reviewed.

16. Changes to This Policy

GPLDL may update this policy when the service, data flows, providers, legal requirements or operational practices change. The published version and update date show the current policy.

Material privacy changes may be announced on the website, through account workflows or by email where appropriate.

No Data Sale

GPLDL does not sell personal data and does not share it for cross-context behavioral advertising.

Payment Separation

PayPal handles payment processing; GPLDL stores the records needed to verify captures, refunds, disputes and access state.

Download Privacy

GPLDL records download grants and events for quota, security and audit purposes, but does not store full signed download URLs.

Request Help

Use the contact form for privacy, export, correction, deletion, account and payment-data questions.

Open page