Privacy Policy

1. Controller Identity

For the purposes of the UK GDPR, the Data Protection Act 2018, and where applicable other privacy laws, the controller of personal data processed through GGGGoods is Moewolf Ltd.

2. Categories of Personal Data

We may process account identifiers, email addresses, role information, organisation identifiers, authentication tokens, refresh tokens, API key metadata, IP addresses, browser and device information, usage telemetry, billing references, support communications, filters, saved preferences, audit events, and security logs.

3. How We Collect Data

We collect data directly from you when you register, sign in, configure your workspace, contact support, purchase subscriptions, create API keys, or use the website and APIs. We also receive data from identity providers, payment processors, infrastructure providers, analytics providers, and anti-abuse services where needed to operate the platform.

4. Purposes of Processing

We process personal data to authenticate users, provide access to the service, issue and secure API credentials, manage subscriptions and billing, respond to support requests, prevent abuse, comply with legal duties, maintain audit trails, improve product performance, and understand aggregate product usage.

5. Legal Bases

Our processing is generally based on contract performance, legitimate interests in operating and securing a software platform, compliance with legal obligations, and where applicable your consent for optional analytics or marketing-related tracking. Where consent is required, you may withdraw it at any time, but this does not affect prior lawful processing.

6. Authentication and Session Data

When you authenticate, we may store access tokens, refresh tokens, expiry metadata, session snapshots, and associated user profile data in browser storage, cookies, server logs, and backend systems as reasonably necessary to maintain secure sessions and refresh flows. These tokens are security-sensitive and should not be shared.

7. API Usage and Audit Data

We log request metadata, counters, key identifiers, plan identifiers, and selected operational events to monitor quotas, detect abuse, investigate incidents, and maintain platform integrity. We do not intentionally expose your private authentication credentials in logs, but operational metadata may be retained for security and compliance.

8. Payment and Subscription Data

Subscription payments are processed by third-party payment providers such as Stripe. We receive limited billing and subscription metadata, including customer IDs, subscription IDs, statuses, plan tiers, and billing period dates. We do not store full payment card numbers on GGGGoods systems.

9. Cookies and Similar Technologies

We use cookies and local storage for authentication continuity, session state, UI preferences, workspace persistence, and security. We may also use analytics identifiers, subject to applicable legal requirements. Disabling certain cookies may limit core product functionality such as sign-in persistence.

10. Google Analytics

The website may use Google Analytics to understand traffic sources, visitor behaviour, navigation performance, and page engagement. Analytics data may include IP-derived location estimates, device attributes, browser details, and usage events. You should ensure your own cookie and consent implementation aligns with the jurisdictions in which you operate.

11. International Transfers

Your data may be processed in the United Kingdom, European Economic Area, United States, or other jurisdictions where our infrastructure and service providers operate. Where required, we rely on recognised transfer safeguards such as adequacy mechanisms, contractual protections, or equivalent lawful bases.

12. Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this policy, including product operation, dispute resolution, security investigations, quota enforcement, financial reporting, and legal compliance. Retention periods may vary by data category.

13. Security Measures

We use access controls, encrypted transport, role restrictions, audit logging, infrastructure security controls, and credential rotation practices appropriate to a hosted SaaS platform. No method of transmission or storage is completely secure, and you remain responsible for your local account security and endpoint protection.

14. Sharing of Personal Data

We may share data with hosting providers, identity providers, payment processors, analytics providers, professional advisers, law enforcement, regulators, and group companies where necessary to deliver the service, enforce rights, prevent fraud, or comply with legal obligations. We do not sell personal data as a standalone commercial asset.

15. Your Rights

Subject to applicable law, you may have rights to access, correct, erase, restrict, object to processing, portability, and complain to a supervisory authority. Where processing depends on consent, you may withdraw consent. Requests may require identity verification and may be limited by legal or security obligations.

16. Children

The service is intended for business and professional use and is not directed to children. We do not knowingly collect personal data from children in connection with the service.

17. Third-Party Links and Sources

The platform may reference third-party websites, merchant pages, feeds, and documents. We are not responsible for the privacy practices of those third parties, and you should review their policies separately.

18. Changes to This Policy

We may revise this Privacy Policy from time to time to reflect legal, operational, or product changes. Updated versions will be posted on this page with a refreshed effective date.

19. Contact and Complaints

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact Moewolf Ltd through the official website contact channels. If you believe your data has been handled unlawfully, you may also complain to the Information Commissioner's Office or another competent authority.

Effective date: 2026-03-30