Legal
Privacy Policy
Last updated 2026-05-14
This Privacy Policy explains what personal information Olune Studio ("we", "us", "our") collects, how we use it, and the choices you have. It applies to olunestudio.com, our checkout flow, our transactional emails, and the Olune plugins ("Software") you install on your computer.
This document is provided in good faith. It is not legal advice. Customers in regulated jurisdictions (EU, Brazil, California) should review the rights afforded by GDPR, LGPD, and CCPA respectively.
1. Information We Collect
We collect the minimum information needed to deliver a working product. (a) When you purchase: your email address, full name, billing address, and payment-card information — payment data is handled exclusively by our PCI-DSS Level 1 certified payment processor and never touches our servers; we only see the last four digits and card brand. (b) When the Software activates: your License Key, a one-way SHA-256 device fingerprint derived from your computer's hostname, operating-system user, and platform identifier, your operating system label (mac/win), your IP address at the moment of validation, and a human-readable device name. (c) When you contact support: the content of your message and any attachments. (d) When you subscribe to product updates: your email address and your locale. (e) When you visit the website: standard server logs (IP, user agent, referrer, requested URL, timestamp), preserved for security and analytics.
2. How We Use Your Information
We use the information collected to: (a) deliver your License Key and the Software download link by email; (b) validate your license at the 24-hour cadence described in the Terms; (c) provide customer support; (d) process refunds; (e) send transactional emails (purchase receipts, refund notices, license re-deliveries); (f) send occasional product-update or launch announcements, only if you have opted in; (g) detect and prevent fraud, abuse, and unauthorized use; (h) comply with legal obligations.
3. Service Providers (Third Parties)
We rely on a small number of carefully chosen service providers, each used only for the specific function listed and each bound by a contractual data-processing agreement that requires confidentiality and prohibits the use of your data for purposes other than serving you. The categories are: (a) a PCI-DSS Level 1 certified payment processor that handles all card transactions; payment data is held by that provider under its own privacy policy and never touches our servers. (b) A GDPR-compliant transactional and marketing email delivery provider. (c) A managed database provider for orders, license keys, and email-delivery audit logs, with row-level security applied per customer. (d) A managed web-hosting and content-delivery provider for olunestudio.com. (e) A domain registrar and DNS provider. We do not sell, rent, or trade your personal information to anyone. The list of current providers is available on written request to support@olunestudio.com for legitimate-interest purposes.
4. Cookies and Local Storage
We use a minimal set of essential storage mechanisms. (a) Locale cookie (NEXT_LOCALE) — remembers whether you selected English or Portuguese. (b) Admin session cookie (olune_admin_session) — only set when an authorized administrator signs in to the internal dashboard; not used for customers. (c) Theme preference (browser localStorage key olune-theme) — remembers your light or dark theme choice. We do not use third-party advertising cookies. We do not embed advertising tracking pixels. We do not share device fingerprints across sites.
5. Data Retention
License keys, orders, and email-delivery logs are retained indefinitely so we can resolve future support requests, honor lifetime updates, and provide an audit trail for fraud investigation. If you request deletion of your account under Section 7, your personal identifiers (email, name, billing address) will be removed within thirty (30) days, while anonymized records (order id, license key, refund status) may be retained for accounting and tax compliance. Webhook and email audit logs are retained for a minimum of seven (7) years to satisfy financial-record obligations.
6. International Transfers
Some of our service providers may operate in jurisdictions different from your own. If you are located in the European Union, the United Kingdom, Brazil, or another jurisdiction with cross-border data-protection rules, you should be aware that your data may be transferred to and processed in another country. Where required by law, we rely on Standard Contractual Clauses or equivalent legal mechanisms to provide appropriate safeguards.
7. Your Rights
Depending on where you live, you have one or more of the following rights with respect to your personal data: (a) the right to access — request a copy of the personal data we hold about you; (b) the right to rectification — correct inaccurate or incomplete data; (c) the right to erasure ("right to be forgotten") — request deletion of your data; (d) the right to restrict processing — temporarily halt our use of your data; (e) the right to data portability — receive a machine-readable export; (f) the right to object — to direct marketing at any time; (g) the right to withdraw consent at any time without affecting prior lawful processing; (h) the right to lodge a complaint with your local data-protection authority. Residents of the European Union exercise these rights under the General Data Protection Regulation (GDPR). Brazilian residents exercise these rights under the Lei Geral de Proteção de Dados (LGPD). California residents have substantially similar rights under the California Consumer Privacy Act (CCPA / CPRA). To exercise any right, email support@olunestudio.com from the address on file. We respond within thirty (30) days.
8. Children's Privacy
The Software and the website are intended for users aged 16 and older. We do not knowingly collect personal information from anyone under 16. If you believe we have collected information from a minor, contact us at support@olunestudio.com and we will delete it promptly.
9. Security
We apply industry-standard safeguards. Customer data is protected by row-level security policies that prevent cross-account reads. Download links are time-limited and signed with HMAC-SHA256. Admin sessions are signed cookies that expire after seven days. All web traffic uses HTTPS with HSTS. Payment information is never persisted on our servers — only tokenized references issued by our payment processor. No system is perfectly secure: if we suffer a data incident affecting personal data, we will notify affected users without undue delay, as required by applicable law.
10. Updates to This Policy
We may revise this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date and, where appropriate, by email notice. The current version is always available at this URL.
11. Contact and Data-Protection Officer
For any privacy-related question or request: support@olunestudio.com. For EU/EEA residents seeking to exercise GDPR rights, mark your message "GDPR Request". For Brazilian residents under LGPD, mark your message "LGPD". We aim to respond within five business days and resolve all requests within thirty days.