Log in Purchase

Privacy Policy

How we collect, use, and protect your personal data.

1. Data controller #

Your personal data is collected and processed by Themeone (see our Legal Notice for company details). For any questions regarding this policy, please contact us through our contact form.

2. Data we collect #

We collect the following personal data depending on your use of the Service:

  • Account: email address and name.
  • Activations: URLs of the sites where you activate your license.
  • Payment: processed entirely by Stripe. We do not store credit card numbers or billing addresses on our servers.
  • Support: any information you provide when submitting a ticket.

We process your personal data based on the following legal grounds under the GDPR:

  • Contract performance (Article 6(1)(b)): to deliver the Plugin, manage your license, process payments, and provide support.
  • Legitimate interest (Article 6(1)(f)): to improve the Service, prevent fraud, and ensure security.
  • Legal obligation (Article 6(1)(c)): to comply with applicable tax and accounting regulations.
  • Explicit consent (Article 6(1)(a)): for affiliate tracking cookies, given via the consent banner..

4. How we use your data #

We use the data we collect to:

  • Authenticate you via one-time password (OTP) sent to your email.
  • Process purchases through Stripe Checkout and issue invoices.
  • Generate and deliver license keys.
  • Track site activations against your license limits.
  • Send transactional emails (welcome email, OTP codes, license transfer notifications).
  • Provide product support.
  • Enforce rate limits and prevent abuse.
  • Affiliate attribution: if you accept the affiliate tracking banner, the referral identifier is used to credit the referring partner for your purchase.

We do not sell your personal data. We do not send marketing emails unless you explicitly opt in.

5. Third-party processors #

We share your data with the following third-party services, strictly for the purposes described above:

  • Stripe (payment processing) — stripe.com/privacy
  • Google (optional sign-in authentication) — policies.google.com/privacy
  • Scaleway (hosting) — scaleway.com/en/privacy-policy
  • Tolt, Inc. (affiliate marketing platform) — processes referral identifiers, click data, and conversion attribution to calculate commissions owed to our affiliates. Data shared: referral parameter from URL, page URL, referrer, customer email at checkout tolt.com/privacy
  • AI providers (content generation) — the AI assistant connects to third-party AI services through your WordPress configuration. Providers may include OpenAI, Anthropic, Google, or others depending on your setup.

All processors are bound by data processing agreements. We do not share your data with any other third parties.

6. AI-powered features #

Unblock includes an optional AI assistant that helps you build pages, generate content, and write code. When you use it, the following data may be sent to a third-party AI provider for processing:

  • The content of your prompt.
  • Relevant page context (block structure, text content) needed to generate a response.

Unblock relies on the WordPress AI API and does not choose or impose a specific provider. The AI service used depends on the provider configured in your WordPress installation (e.g. OpenAI, Anthropic, Google). This data is sent directly to the provider’s API and is not stored on our servers. We do not use your prompts or AI responses to train models. Please refer to the privacy policy of your configured provider for details on how they process your data.

The legal basis for this processing is contract performance (Article 6(1)(b) GDPR). The AI assistant is a feature of the product you purchased, and data processing is necessary to deliver the functionality you request. Unblock connects to the AI provider you have configured in your WordPress settings using your own API keys.

7. Cookies #

We only use essential cookies strictly necessary for the website to function and to ensure secure transactions. We do not use analytics or advertising cookies.

Authentication and session cookies (set by Unblock):

  • suspended_session (30 days): authenticates you after login.
  • suspended_otp_pending (temporary): tracks a pending login verification.

Payment security cookies (set by Stripe):

  • __stripe_mid (1 year): used by Stripe for fraud prevention and payment security.
  • __stripe_sid (30 minutes): used by Stripe to maintain the payment session during checkout.

Security and bot protection cookies (set by Cloudflare):

  • cf_clearance (1 year): used by Cloudflare to verify visitors have passed security challenges.
  • __cf_bm (30 minutes): used by Cloudflare to distinguish between humans and bots.

Strictly necessary for the site to function and to remember your privacy choices:

  • unbk_consent (6 months) — stores your consent decision for the affiliate tracking banner

Affiliate tracking (consent required), set only if you arrive via an affiliate referral link:

  • tolt_referral (30 days) — affiliate referral identifier
  • tolt_data (30 days) — affiliate session context (partner ID, click ID, duration)

All these cookies are strictly necessary under Article 82 of the French Data Protection Act and the ePrivacy Directive, and do not require prior consent. Disabling them may prevent you from accessing your account, completing purchases, or using the site.

Manage your consent: if you previously accepted or refused the affiliate tracking banner, you can change your decision here: Open the consent banner

8. Data retention #

We retain your personal data for the following periods:

  • License and activation data: for the duration of your license, plus 3 years after expiration or account deletion.
  • Billing records: 10 years, as required by French accounting regulations. Payment details remain in Stripe.
  • Technical data: authentication tokens and logs are automatically purged after 30 days.
  • Support tickets: 3 years after the last exchange.
  • Affiliate referral data: 24 months after the associated transaction, then deleted from our systems. Tolt’s own retention policy applies separately to data processed on their side.

9. International data transfers #

Stripe and your configured AI provider may transfer data outside the European Economic Area. These transfers are covered by Standard Contractual Clauses or equivalent safeguards approved by the European Commission. Your data is hosted within the EU by Scaleway.

10. Your rights #

Under the GDPR and French data protection law, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Delete your data (“right to be forgotten”). Upon deletion, your email is anonymized and your activations are removed.
  • Restrict processing in certain circumstances.
  • Port your data to another service. You can export your license and activation data.
  • Object to processing based on legitimate interest.

To exercise any of these rights, please contact us through our contact form. We will respond within 30 days.

11. Data security #

We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (HTTPS), secure server infrastructure, and restricted access to personal data. However, no method of transmission over the Internet is 100% secure.

12. Children’s privacy #

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to this policy #

We may update this policy from time to time. Changes will be posted on this page. We encourage you to review this page periodically.

14. Complaints #

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the French data protection authority (CNIL) at cnil.fr.

15. Contact #

For any questions about this privacy policy or your personal data, please contact us through our contact form.