Privacy Policy
Last updated: 2026-04-15
Plain-English summary: I collect your email when you buy something, so I can deliver the product and email you when there's an update to the Tool you bought. I don't run trackers. I don't sell or rent your data. I don't use marketing automation. If you want me to delete your data, email me and I'll do it within 48 hours.
This is a full GDPR-compliant version of that same statement.
1. Data controller
- Controller: Nikos, operating as Plumbnote
- Address: Bratislava, Slovakia, 811 01 Bratislava, Slovakia
- Email: nikos@plumbnote.com
Plumbnote is operated by a private individual in Slovakia. There is no parent company, no investors, no third-party data processors beyond the specific list in section 5.
2. What data I collect
| Data | When | Why | Legal basis |
|---|---|---|---|
| Email address | When you buy a product | To deliver the product, send update notices | Contract (GDPR Art. 6(1)(b)) |
| First name (if provided) | When you buy a product | To personalize the delivery email | Contract |
| Country of residence | When you buy via Gumroad | Required for EU VAT handling | Legal obligation (GDPR Art. 6(1)(c)) |
| IP address (at checkout) | During payment | Fraud prevention by the payment processor | Legitimate interest (GDPR Art. 6(1)(f)) |
| Email address (if you subscribe to the newsletter separately) | When you sign up on the website | To send product launch notices | Consent (GDPR Art. 6(1)(a)) |
| Support emails you send me | When you email me | To respond to your question | Contract |
I do NOT collect:
- Your full address (Gumroad collects it for tax purposes; I never see it)
- Payment details (your card info goes directly to Gumroad/Stripe; I never see it)
- Your IP address outside the payment flow
- Analytics data from your browser (no Google Analytics, no Facebook Pixel, no retargeting, no heatmaps)
- Cookies beyond strictly-necessary session cookies on the website (and there are currently none)
3. What I do with your data
- Delivery: your email gets the download link and any future updates to the Tool you bought
- Support: I use your email to reply to your questions
- Product update notices: if you bought a Tool and I release an updated version, I send one email
- Newsletter (only if you signed up): when I launch a new product, I send one email
I do NOT:
- Send marketing emails outside the explicit "I bought → you get updates" relationship
- Sell, rent, trade, or share your email with any third party
- Use your data to train AI models
- Profile you or use automated decision-making
- Run retargeting ads based on your data
4. How long I keep your data
| Data | Retention |
|---|---|
| Purchase records | Kept for 10 years for Slovak tax/accounting purposes (required by law) |
| Email address (for product updates) | Kept until you unsubscribe or request deletion |
| Newsletter subscriber list | Kept until you unsubscribe or request deletion |
| Support email threads | Kept for 3 years, then deleted |
5. Who I share your data with (third-party processors)
I use the following third parties to run the business. They each have their own privacy policies:
| Processor | What they process | Location | Privacy policy |
|---|---|---|---|
| Gumroad, Inc. | Your email, name, billing country, payment info | USA (with EU representatives) | gumroad.com/privacy |
| Kit (ConvertKit) LLC | Your email (if you signed up for newsletter) | USA | kit.com/privacy |
| Zoho Corporation | My outbound emails (including any to you) routed via Zoho Mail | India / EU (zoho.eu) | zoho.com/privacy.html |
| Cloudflare, Inc. | Website hosting and DNS | Global CDN, EU nodes | cloudflare.com/privacypolicy |
| Anthropic PBC | Any data I explicitly include in a Claude API call for support response drafting | USA | anthropic.com/legal/privacy |
I do NOT use:
- Google Analytics or any Google tracking
- Meta / Facebook Pixel
- Hotjar, Microsoft Clarity, FullStory, or any session recording
- Any CDP or data warehouse
- Any advertising platform
6. International data transfers
Some of the processors listed in section 5 are based in the USA (Gumroad, Kit, Anthropic). These transfers are covered by:
- Standard Contractual Clauses (where the processor offers them)
- The EU-US Data Privacy Framework (where the processor is certified)
- Your consent (where you explicitly signed up for the service)
I do NOT transfer your data to any country outside the EU/USA.
7. Your rights under GDPR
You have the right to:
- Access — request a copy of all data I hold about you
- Rectification — correct any inaccurate data
- Erasure("right to be forgotten") — ask me to delete your data (I'll do this within 48 hours for email data; purchase records must be kept for 10 years per Slovak tax law)
- Restriction — ask me to pause processing your data
- Portability — get your data in a machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — unsubscribe from any email, at any time
To exercise any of these rights, email nikos@plumbnote.com. I'll respond within 48 hours and act within the 30-day GDPR deadline.
You also have the right to lodge a complaint with the Slovak Data Protection Authority (Urad na ochranu osobnych udajov Slovenskej republiky) at dataprotection.gov.sk.
8. Cookies
The Plumbnote website currently uses no cookies— not even functional ones. If this changes (e.g. if I add Gumroad's embedded checkout, which uses a session cookie), I'll update this policy and add a cookie notice on the site.
9. Children's privacy
Plumbnote products are business tools for adults. I do NOT knowingly collect data from anyone under 16. If you're under 16 and you've somehow bought a product, email me and I'll refund and delete.
10. Security
Your email and purchase data are stored on the platforms listed in section 5 (Gumroad, Kit, Zoho). I rely on their security infrastructure. I do not maintain my own customer database. Support emails sit in my inbox like any other email.
If I ever discover a data breach affecting your data, I will notify you by email within 72 hours per GDPR Article 34.
11. Changes to this policy
If I update this policy materially, I'll:
- Update the "Last updated" date at the top
- Email all existing customers with a summary of the changes
- Post a note on the website
12. Contact
For any privacy question:
nikos@plumbnote.com— I'm a private individual, I read every email, I'll respond in plain English.
This Privacy Policy is written in plain English to be understood without a lawyer. It is based on the GDPR (Regulation (EU) 2016/679) and Slovak Act No. 18/2018 on Personal Data Protection. If you need a more formal or jurisdiction-specific statement, email me.