Privacy Policy

Effective date: March 1, 2026 — Last updated: March 1, 2026

At Divi Packager, we take your privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it. It applies to all visitors and customers of divipackager.com.

Article 1 — Data Controller

Divi Packager is the data controller for all personal data collected through this website and in connection with the purchase and use of our products.

Article 2 — Data We Collect

We collect only the data that is strictly necessary for the purposes described in this policy.

2.1 Data you provide directly

• Account and purchase data: first name, last name, email address, billing address, and the plan purchased.
• Payment data: payment is processed entirely by our payment provider (Stripe or equivalent). We do not receive or store your full card number — only a transaction reference and payment status.
• Support communications: any information you share when contacting us by email.

2.2 Data collected automatically

• Usage data: pages visited, time spent on the site, referring URL, browser type, operating system, and approximate location (country/region) derived from your IP address.
• Cookies and similar technologies: see Article 7 for full details.
• License validation data: when the Divi Packager plugin checks its license, it sends your WordPress site URL and license key to our servers. No other data from your WordPress installation is transmitted.

Article 3 — Why We Process Your Data

The table below summarises the purpose of each processing activity and its legal basis under the GDPR.

Purpose	Data used	Legal basis
Processing and fulfilling orders	Name, email, billing address, payment reference	Contract performance (Art. 6.1.b)
Delivering the license key and plugin access	Email, site URL, license key	Contract performance (Art. 6.1.b)
Validating and managing active licenses	License key, site URL	Contract performance (Art. 6.1.b)
Sending subscription and renewal notifications	Email, subscription expiry date	Legitimate interest (Art. 6.1.f)
Customer support	Email, support message content	Contract performance (Art. 6.1.b)
Invoicing and accounting obligations	Name, billing address, transaction data	Legal obligation (Art. 6.1.c)
Preventing fraud and unauthorized use	IP address, license key, site URL	Legitimate interest (Art. 6.1.f)
Website analytics (aggregate, anonymized)	Usage data, cookies	Consent (Art. 6.1.a)

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

Article 4 — How Long We Keep Your Data

Data	Retention period
Account and purchase data	Duration of the customer relationship + 3 years after last activity
Billing and invoicing records	10 years (French accounting law)
License validation logs	12 months rolling
Support communications	3 years from the date of the last exchange
Analytics data	13 months maximum (CNIL recommendation)
Cookie consent records	6 months

After these periods, data is either deleted or anonymized so that it can no longer be linked to you.

Article 5 — Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share data only with the following categories of trusted third-party service providers, strictly for the purposes described above:

• Payment processing: Stripe (or equivalent) — to securely process transactions. Stripe is PCI-DSS certified. Their privacy policy is available at stripe.com/privacy.
• Email delivery: a transactional email provider (e.g. Postmark, SendGrid) — to send order confirmations, license keys, and support replies.
• Hosting and infrastructure: our web hosting provider — servers on which the website and license validation system run.
• Analytics: if enabled and consented to, an analytics platform (e.g. Plausible, Fathom, or Google Analytics) to understand aggregate site usage.

All third-party processors are bound by data processing agreements and may only use your data on our documented instructions.

We may also disclose data when required by law (e.g. court order, regulatory request) or to protect the rights and safety of Divi Packager and its users.

Article 6 — International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission, or
• Processing in a country recognized by the EU as providing an adequate level of protection.

You may request information about the safeguards applicable to a specific transfer by contacting us at contact@divipackager.com.

Article 7 — Cookies

7.1 What are cookies?

Cookies are small text files stored on your device when you visit a website. They are used to make the site work correctly and to gather information about how it is used.

7.2 Cookies we use

Category	Purpose	Consent required?
Strictly necessary	Session management, shopping cart, authentication, security (CSRF tokens)	No — essential to site operation
Functional	Remembering language or currency preferences	No — directly requested by user
Analytics	Understanding aggregate site traffic and usage patterns	Yes
Marketing	Measuring ad campaign effectiveness (if applicable)	Yes

7.3 Managing your preferences

You can manage or withdraw your cookie consent at any time via the cookie banner on our site, or by adjusting your browser settings. Note that disabling strictly necessary cookies may affect site functionality.

Article 8 — Your Rights

Under the GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, please email us at contact@divipackager.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

Article 9 — Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• HTTPS/TLS encryption for all data in transit.
• Restricted access to personal data on a need-to-know basis.
• Use of PCI-DSS certified payment processors — we never handle raw card data.
• Regular security reviews of our systems and infrastructure.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.

Article 10 — Children’s Privacy

Divi Packager is a professional tool intended for web designers, developers, and businesses. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has provided us with personal data, please contact us at contact@divipackager.com and we will delete it promptly.

Article 11 — Links to Third-Party Websites

Our website may contain links to third-party websites (e.g. the Divi theme website, WordPress.org). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

Article 12 — Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The “Last updated” date at the top of this page will always reflect the most recent version. For significant changes, we will notify customers by email or via a notice on the Site.

Continued use of the Site after changes are posted constitutes acceptance of the updated policy.