Effective date: April 20, 2026. Last updated: April 20, 2026.
DigitalMakers™ (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what personal data we collect when you visit digitalmakers.com.ua (the “Site”), purchase our WordPress plugins, or contact us, and how we use that data.
This policy is written to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA) where applicable, and the Ukrainian Law “On the Protection of Personal Data”.
1. Data Controller
The data controller responsible for your personal data is:
FOP Bakhnovskiy Maksym Valerijovych
Sole Proprietor (FOP) registered in Ukraine
Registration address: Ukraine, Vinnytsia, D. Nechaya St. 108
RNOKPP (tax ID): 3139806110
Email: [email protected]
Phone: +38 (095) 184 13 12
Website: https://digitalmakers.com.ua/
For all privacy-related inquiries, including exercising your rights under the GDPR, please contact us at [email protected] with the subject line “Privacy Request”.
We have not appointed a Data Protection Officer (DPO) because we are not legally required to do so under Article 37 GDPR. The contact above handles all data protection matters.
2. What personal data we collect and why
2.1 When you create an account (magic-link login)
We use a passwordless, email-only authentication system. When you register or log in:
| Data | Source | Purpose | Legal basis |
|---|---|---|---|
| Email address | You provide it | Send you a one-time login link; identify your account | Contract (Art. 6(1)(b) GDPR) |
| Registration timestamp, last login | Automatic | Security and account management | Legitimate interest (Art. 6(1)(f)) |
| IP address and browser user agent at login | Automatic | Security, fraud prevention, audit trail | Legitimate interest (Art. 6(1)(f)) |
2.2 When you place an order for a plugin
Our checkout collects:
| Data | Required | Purpose | Legal basis |
|---|---|---|---|
| First name | Yes | Generate invoice; personalize delivery email | Contract (Art. 6(1)(b)) |
| Last name | Yes | Generate invoice | Contract (Art. 6(1)(b)) |
| Email address | Yes | Deliver license key and plugin download link; order communication | Contract (Art. 6(1)(b)) |
| Order details (product, price, date, subscription status) | Yes | Fulfill the order; manage license; renewals | Contract (Art. 6(1)(b)) |
| Country (inferred from IP / billing) | Yes | Tax calculation; currency display | Legal obligation (Art. 6(1)(c)) |
| Payment transaction ID | Yes | Reconcile payments; refund handling | Contract + Legal obligation |
| Invoice / accounting records | Yes | Tax and accounting compliance | Legal obligation (Art. 6(1)(c)) |
We do not store or see your card number, CVV, or banking credentials. Payments are processed entirely by WayForPay (see §4).
2.3 When you contact us (contact form, email, phone)
| Data | Source | Purpose |
|---|---|---|
| Name, email, phone number (optional) | You provide it | Respond to your inquiry |
| Message content | You provide it | Provide support / answer questions |
| Metadata (submission time, IP) | Automatic | Spam prevention, abuse detection |
Legal basis: Legitimate interest (responding to your request) or pre-contractual steps at your request (Art. 6(1)(b)).
We use Google reCAPTCHA v3 on our forms to prevent spam. reCAPTCHA collects hardware and software information (device and application data) and sends it to Google for analysis. Use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service. Legal basis: legitimate interest (security).
2.4 When you browse the Site (cookies, analytics, CDN)
| Data | Purpose | Legal basis |
|---|---|---|
| IP address, approximate location, browser, OS, device type | Site delivery, security, aggregated analytics | Legitimate interest + Consent (for analytics cookies) |
| Pages visited, time on page, referrer | Traffic analysis, product improvement | Consent (Art. 6(1)(a)) — via our cookie banner |
Details of cookies set are in our Cookie Policy.
2.5 What we do NOT collect
- We do not store passwords — we use magic-link authentication.
- We do not collect or store payment card numbers — these are handled by WayForPay.
- We do not send marketing emails. We only send transactional emails related to your account and orders.
- We do not knowingly collect data from children under 16. If you believe a child has submitted data to us, please contact us and we will delete it.
- We do not sell your personal data to third parties. Ever.
3. How we use your data (purposes)
We process your personal data only for the following purposes:
- Providing our services: account creation, order fulfillment, license delivery, plugin updates, customer support.
- Payments and invoicing: processing transactions and issuing invoices.
- Security and fraud prevention: detecting suspicious login attempts, abuse of our license system, bot activity.
- Legal compliance: tax records, accounting, responding to lawful requests from authorities.
- Analytics (with your consent): understanding how the Site is used to improve it.
- Transactional communications: magic-link logins, order receipts, license keys, renewal reminders, security notifications. We do not send marketing emails.
4. Who we share your data with (recipients)
We share your data only with service providers (“data processors”) that help us operate the Site. All of them process data under strict agreements (Data Processing Agreements or equivalent) and are listed below.
4.1 Hosting
Domen-Hosting
Location: Germany (European Union) — data is stored on EU-based servers.
Provider website: https://domen-hosting.net/
Purpose: Website hosting. Stores all Site data including accounts, orders, and license records on EU-based servers (Germany).
4.2 CDN and DDoS protection
Cloudflare, Inc. (USA)
Purpose: Content delivery network, caching, DDoS protection, bot mitigation. Cloudflare processes your IP address and request metadata to route traffic and block malicious requests. We also use Cloudflare Web Analytics (“Cloudflare Insights”), which collects aggregated and anonymized traffic statistics without cookies.
Privacy policy: https://www.cloudflare.com/privacypolicy/
Transfers: USA (Cloudflare participates in the EU–U.S. Data Privacy Framework and uses Standard Contractual Clauses).
4.3 Payment processing — WayForPay
WayForPay LLC (Ukraine), EDRPOU 36123470
Address: 8a Yevhena Sverstiuka St., Kyiv, Ukraine
Privacy policy: https://wayforpay.com/en/privacy-policy
Public offer: https://wayforpay.com/uk/agreement-public
Purpose: Process your payment for our plugins. We pass your name, email, order amount, and order ID to WayForPay. Your card data goes directly to WayForPay (PCI DSS certified) and is never stored on our servers or seen by us.
WayForPay is registered in Ukraine. Ukraine is not an EU adequacy-decision country, however WayForPay acts as an independent controller for payment processing and complies with Ukrainian data protection law and PCI DSS. Your transmission to WayForPay is covered by your acceptance of the checkout terms and is strictly necessary for the performance of our contract with you (Art. 49(1)(b) GDPR).
4.4 Anti-spam and form security
Google Ireland Limited (Ireland) — Google reCAPTCHA
Privacy policy: https://policies.google.com/privacy
Purpose: Prevent automated form submissions. Data is transmitted to Google for analysis.
Transfers: USA under the EU–U.S. Data Privacy Framework.
4.5 Web analytics (only with your consent)
Google Ireland Limited (Ireland) — Google Analytics 4
Privacy policy: https://policies.google.com/privacy
Purpose: Aggregate analysis of how visitors use our Site.
Settings: We have enabled IP anonymization and disabled data sharing with other Google products. Data retention is set to 14 months.
Transfers: USA under the EU–U.S. Data Privacy Framework.
Consent: Loaded only after you accept “Analytics” cookies in our banner.
Google LLC — Google Search Console
Purpose: Aggregated search-traffic reporting. Does not involve personally identifiable website-visitor data from our side.
4.6 Consent management
CookieYes Limited (UK) — CookieYes
Privacy policy: https://www.cookieyes.com/privacy-policy/
Purpose: Manage and record your cookie consent choices.
4.7 Email delivery
Transactional emails (magic-link logins, order confirmations, license keys, renewal reminders) are sent via the local SMTP server of our hosting provider Domen-Hosting (servers located in Germany, EU). No separate third-party email-delivery service is used.
Provider website: https://domen-hosting.net/
We do not send marketing emails.
4.8 Legal and compliance
We may disclose your data when required by law, court order, or a valid request by public authorities (e.g., tax authorities, law enforcement).
4.9 Business transfers
If we merge, restructure, or are acquired, your data may be transferred to the acquiring entity — subject to the same protections set out here.
5. International data transfers
Your primary data (accounts, orders, license records) is hosted in Germany (EU). Some of our processors are located outside the European Economic Area (EEA), primarily in the United States (Google, Cloudflare) and Ukraine (WayForPay). When we transfer your data outside the EEA, we rely on one of the following safeguards:
- The EU–U.S. Data Privacy Framework (for certified recipients such as Google and Cloudflare);
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Performance of a contract with you (Art. 49(1)(b) GDPR) — for payment processing through WayForPay, which is strictly necessary to complete your purchase.
6. How long we keep your data
| Data category | Retention period |
|---|---|
| Account data (email, login history) | Until you request deletion + 30 days (for backups) |
| Order records, invoices, accounting data | Up to 7 years (required by Ukrainian tax law and EU VAT rules) |
| License data (key, associated domains) | Duration of the active subscription + 2 years after expiry |
| Contact form submissions | 12 months, then deleted |
| Analytics data (Google Analytics) | 14 months |
| Cookie consent record (CookieYes) | 12 months |
| Server logs (hosting, Cloudflare) | Up to 30 days |
| Backups | Up to 90 days rolling |
After the retention period ends, we either delete the data or anonymize it so it can no longer be associated with you.
7. Your rights under the GDPR
If you are located in the EEA, UK, or Ukraine, you have the following rights regarding your personal data:
- Right of access (Art. 15) — obtain a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — have inaccurate data corrected.
- Right to erasure / “right to be forgotten” (Art. 17) — request deletion of your data, subject to legal retention obligations.
- Right to restriction of processing (Art. 18) — temporarily limit how we process your data.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format (JSON / CSV).
- Right to object (Art. 21) — object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7) — withdraw any consent at any time, without affecting lawfulness of prior processing.
- Right not to be subject to automated decision-making (Art. 22) — we do not make solely automated decisions with legal effects on you.
- Right to lodge a complaint with your supervisory authority. For Ukraine: Ukrainian Parliament Commissioner for Human Rights. For the EU, see the list of national DPAs.
How to exercise your rights: email us at [email protected] with the subject “GDPR Request”. We will respond within 30 days (extendable by 60 days for complex requests, with notice).
To prevent unauthorized access, we may ask you to verify your identity — for example, by confirming you can receive a magic link at the email on file.
8. For California residents (CCPA / CPRA)
If you are a California resident, you have additional rights, including the right to know what personal information we collect and disclose, the right to delete personal information, the right to correct inaccurate personal information, and the right to opt-out of the “sale” or “sharing” of personal information.
We do not sell your personal information and we do not share it for cross-context behavioral advertising. To exercise CCPA rights, email us at [email protected].
9. Security
We implement appropriate technical and organizational measures to protect your data, including:
- TLS/HTTPS encryption for all Site traffic;
- Cloudflare DDoS protection and Web Application Firewall;
- Passwordless authentication (magic links) — no passwords to steal;
- Hosting within the European Union (Germany) with encrypted storage;
- Access to admin functions restricted to authorized personnel only;
- Regular software updates for WordPress core, WooCommerce, and plugins;
- PCI DSS-certified payment processing via WayForPay;
- Encrypted backups.
No system is 100% secure. If we become aware of a personal data breach likely to result in a risk to your rights, we will notify you and the supervisory authority as required by Article 33 GDPR.
10. Children’s privacy
Our Site and products are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you by email or via a banner on the Site.
12. Contact
For any questions about this Privacy Policy or your personal data:
Email: [email protected]
Phone: +38 (095) 184 13 12
Postal address: Ukraine, Vinnytsia, D. Nechaya St. 108