Privacy Policy

Welcome to gnutheme (the "Site", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit or make purchases on www.gnutheme.com and when you use our services, including WordPress products, WooCommerce, membership services, and integrations with third parties such as Facebook Pixel and Google Analytics. This policy is designed to meet international privacy requirements including the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for residents of California, USA. We are committed to being transparent about how we handle your data. Our Commitment: We never sell your personal information to third parties. By using gnutheme, you trust us with your information, and we take that responsibility seriously.

A. Information You Provide: Account information (name, email, username, encrypted password), payment information (billing address, tokens – we do not store full card numbers), communications with support.
B. Automatically Collected Data: Device info (IP, browser, OS), usage data (pages visited, downloads), location (city/country from IP), cookies & tracking.
C. Information from Third Parties: Payment processors (transaction confirmations), analytics providers, marketing partners, social login.

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data. If you provide such information inadvertently, we will delete it upon discovery. We recommend that you do not submit sensitive information through our contact forms or support channels.

We never sell your personal information to third-party marketers or advertisers.

For users in the EEA/UK, we process data based on: Contract performance, Consent, Legitimate interests, and Legal obligation. You may withdraw consent at any time.

We use cookies, pixel tags, local storage. Categories: Essential, Functional, Analytics, Marketing. Google Analytics example with anonymized IP.

<!-- Google Analytics (anonymized IP) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'GA_MEASUREMENT_ID', { 'anonymize_ip': true });
</script>

You can control cookies via browser settings.

We share data with: Service Providers (hosting, payment, email), Legal requirements, Business transfers, Fraud prevention. All under strict agreements.

We operate globally and may transfer data to countries with different laws. Safeguards: Standard Contractual Clauses, Data Processing Agreements, Privacy Shield where applicable. By using our services, you consent to such transfers.

Encryption (SSL/TLS), access controls, regular audits, PCI compliance via third parties, 24/7 monitoring. No method is 100% secure. In case of breach, we will notify affected users and authorities as required.

EEA/UK users have rights: Access, Rectification, Erasure, Restrict, Portability, Object. Contact privacy@gnutheme.com.

California residents: Right to Know, Delete, Opt-Out (we don't sell), Non-Discrimination, Correct, Limit Use of Sensitive. Email privacy@gnutheme.com with "CCPA Request".

You may request a copy of your personal data. Email privacy@gnutheme.com with "Access Request". We respond within 30 days.

Correct inaccurate data via Account Settings or email privacy@gnutheme.com with "Rectification Request".

Request deletion – subject to legal exceptions (e.g., transaction records). Email "Erasure Request".

You can ask us to limit processing in certain circumstances (accuracy disputes, unlawful processing, etc.).

Receive your data in a structured, machine‑readable format (JSON/CSV). Email "Portability Request".

Object to processing based on legitimate interests or direct marketing. Unsubscribe from emails or email privacy@gnutheme.com.

Not intended for under 16. If we become aware of data from a child without parental consent, we delete it. Contact privacy@gnutheme.com.

Our systems do not respond to DNT signals due to lack of uniform standard. You can control tracking via cookie settings.

We will notify affected users within 72 hours, inform authorities, and provide guidance.

If unsatisfied, you may lodge a complaint with your local DPA, ICO (UK), or California Attorney General. Contact disputes@gnutheme.com first.

We may update this policy; material changes will be posted with a prominent notice and emailed to registered users. Check periodically.

This policy is for informational purposes only and does not constitute legal advice. Consult with qualified counsel regarding your specific situation.

BY USING GNUTHEME, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. YOU FURTHER ACKNOWLEDGE THAT: We collect and process your personal data as described; you have certain rights under applicable laws; this policy works with our Terms of Service.

This Privacy Policy is effective as of March 11, 2025. Last Updated: March 11, 2025. Next Review: March 11, 2026.

A. Payment Handling & PCI Compliance: All payment transactions are processed by PCI-DSS compliant third-party providers. We do not store full credit card numbers, CVV codes, or magnetic stripe data on our servers. Transaction records (order ID, amount, date) are retained for accounting purposes.

B. Automated Decision Making: We do not engage in solely automated decision-making that produces legal effects concerning individuals. We may use automated analytics for product recommendations, but these do not have legal consequences.

C. Subprocessor List: We maintain a list of subprocessors. To request the current list, contact privacy@gnutheme.com.