FREE & OPEN SOURCE Million Dollar Script is a free WordPress plugin for creating pixel grid advertising sites. Download now and extend with free or premium extensions.
Open Client Portal

Privacy Policy

This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with the Million Dollar Script extension server and related services (the "Service"). It applies to citizens and legal permanent residents of Canada and individuals in the European Union.

Controller & Privacy Contact

Company: Ryan Rhode
Doing Business As: Ryan Rhode
Address: Ontario, Canada
Email: c3VwcG9ydEBtaWxsaW9uZG9sbGFyc2NyaXB0LmNvbQ==
Website: https://milliondollarscript.com

Privacy Officer (PIPEDA Compliance):
Ryan Rhode
Email: cnlhbkBtaWxsaW9uZG9sbGFyc2NyaXB0LmNvbQ==

The Privacy Officer is accountable for our organization's compliance with privacy legislation and is available to answer questions about our privacy practices and handle privacy complaints.

What We Collect

  • Account & Portal: Email address and name (if provided) to authenticate you via magic-link; audit logs of login events (IP address and user-agent) for security.
  • Licensing: License identifiers, product/plan information, activation/revocation events, and usage events where applicable.
  • Purchases/Billing: Via Stripe (customer, payment method, and transaction metadata) processed by Stripe. We do not store full card details.
  • Communications: Messages you send us and our replies; delivery metadata for transactional emails.
  • Website: Server logs (IP address, user-agent, request details) for security and reliability. We may derive approximate geographic location (country/region) from IP addresses for licensing validation, tax compliance, and fraud prevention. We do not collect precise GPS or device location data.

How We Use Information

  • Provide and operate the Service, including licensing, downloads, and customer portal access.
  • Process payments and manage subscriptions via Stripe.
  • Communicate with you (e.g., magic-link emails, purchase receipts, support).
  • Maintain security and prevent abuse (e.g., rate limiting, audit logs).
  • Meet legal obligations and enforce terms.

Legal Bases (GDPR)

  • Art. 6(1)(b) performance of a contract (providing the Service, account/portal, licensing, payments).
  • Art. 6(1)(f) legitimate interests (security, fraud prevention, service reliability, customer support).
  • Art. 6(1)(c) compliance with legal obligations (tax/accounting, regulatory requirements).
  • Art. 6(1)(a) consent (if we introduce optional analytics or marketing).

Sharing & Third-Party Processors

We share personal data with the following third parties for the purposes indicated:

Payment Processing

Stripe, Inc.
Purpose: Payment processing, billing portal, subscription management
Location: United States (South San Francisco, CA) and Ireland (Dublin)
Data Shared: Email, name, payment information, transaction details
Privacy Policy: https://stripe.com/privacy
Safeguards: Standard Contractual Clauses for EU-US transfers, Stripe's Data Processing Agreement

Email Services

Fastmail Pty Ltd (Incoming Email)
Purpose: Receiving and processing support/contact emails
Location: Australia (Melbourne)
Data Shared: Name, email address, email content
Privacy Policy: https://www.fastmail.com/about/privacy/

Zoho Corporation (ZeptoMail) (Transactional Email)
Purpose: Sending transactional emails (magic links, receipts, notifications)
Location: United States (Carson City, NV)
Data Shared: Name, email address, transactional message content
Privacy Policy: https://www.zoho.com/privacy.html

Hosting & Infrastructure

Hosting Provider
Purpose: Website and application hosting, database storage
Data Shared: All data stored in our systems
Safeguards: Standard data protection measures and contractual commitments

Legal Disclosures

We may disclose personal information:

  • When required by law or court order
  • To law enforcement agencies as permitted by law
  • To protect our rights, property, or safety, or that of others
  • In connection with a merger, acquisition, or sale of assets (with notice to affected individuals)

International Transfers

Your personal data may be transferred to and processed in countries outside your jurisdiction, including:

Transfers from EU/EEA

If you are located in the European Economic Area (EEA), your data may be transferred to:

  • United States: For payment processing (Stripe), email services (ZeptoMail), and hosting. We rely on:
    • Standard Contractual Clauses (SCCs) approved by the European Commission
    • Service providers' Data Processing Agreements incorporating SCCs
    • Adequacy decisions where available
  • Canada: For data processing and storage. Canada has received an adequacy decision from the European Commission for commercial organizations subject to PIPEDA.

Transfers from Canada

If you are located in Canada, your data may be transferred to the United States and other jurisdictions for processing by our service providers. We ensure these transfers comply with PIPEDA through contractual commitments requiring comparable levels of protection.

You may request a copy of the safeguards we have in place for international transfers by contacting c3VwcG9ydEBtaWxsaW9uZG9sbGFyc2NyaXB0LmNvbQ==.

Retention

We retain personal information for the following periods:

  • Account data: Retained for the duration of your account plus 3 months after account closure, unless longer retention is required for legal/tax obligations.
  • License data: Retained for the license lifetime plus 3 months after license expiration or revocation, unless longer retention is required for accounting/tax compliance.
  • Payment/billing data: Retained for 7 years after the transaction to comply with tax and accounting obligations.
  • Audit/security logs: IP addresses, login events, and security logs are retained for 90 days for security and fraud prevention purposes.
  • Customer support communications: Retained for 2 years after the last interaction to provide continuity of support.
  • Marketing consent records: Retained for as long as you maintain consent, plus 3 years after consent withdrawal to prove compliance.

If we cannot specify an exact period, we determine retention based on: legal obligations, contract requirements, legitimate business needs, and the nature/sensitivity of the data.

Your Rights

You have the following rights with respect to your personal information:

Right to Access (GDPR Art. 15, PIPEDA Principle 4.9)

You may request confirmation of whether we process your personal data and obtain a copy of that data. We will provide the information in a commonly used electronic format (JSON or CSV).

Right to Rectification (GDPR Art. 16)

You may request correction of inaccurate or incomplete personal data. Where appropriate, corrected information will be transmitted to third parties who have accessed the information.

Right to Erasure / Deletion (GDPR Art. 17, PIPEDA)

You may request deletion of your personal data where:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with legal obligations

We may retain certain data where required by law (e.g., tax/accounting records for 7 years).

Right to Data Portability (GDPR Art. 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON) and to transmit that data to another controller. This applies to data you provided based on consent or contract.

Right to Restriction of Processing (GDPR Art. 18)

You may request that we restrict processing of your personal data in certain circumstances (e.g., while we verify accuracy or assess legitimate grounds for processing).

Right to Object (GDPR Art. 21)

You may object to processing based on legitimate interests (GDPR Art. 6(1)(f)). We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Withdraw Consent (GDPR Art. 7, PIPEDA)

Where processing is based on consent, you have the right to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. We will inform you of any implications of withdrawal.

Accessibility (PIPEDA)

We will provide personal information in an alternative format to individuals with sensory disabilities upon request, where a version already exists in that format or conversion is reasonable and necessary.

How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer at cnlhbkBtaWxsaW9uZG9sbGFyc2NyaXB0LmNvbQ==. Please clearly state:

  • Your name and email address associated with your account
  • Which right(s) you wish to exercise
  • Specific details of your request

We will verify your identity before processing requests to protect your personal information. We will respond within 1 month of receiving your request. For complex requests, we may extend this period by up to 2 additional months (total 3 months) and will notify you of any extension within the first month.

There is no fee for exercising these rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. License validation and fraud detection use automated systems, but any adverse decisions (e.g., license revocation) involve human review before action is taken.

Security

We implement technical and organizational measures to protect personal information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Access controls limiting data access to authorized personnel only
  • Regular security audits and vulnerability assessments
  • Secure authentication mechanisms (passwordless magic links)
  • Audit logging of security-sensitive operations

No method of transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that poses a real risk of significant harm to you (PIPEDA) or a risk to your rights and freedoms (GDPR), we will notify you without undue delay. Notification will include:

  • Description of the breach and types of data affected
  • Likely consequences of the breach
  • Measures we have taken or will take to address the breach
  • Steps you can take to protect yourself
  • Contact information for further inquiries

We will also notify relevant regulatory authorities as required by law (Privacy Commissioner of Canada, EU supervisory authorities).

Children

The Service is not directed to children and we do not knowingly collect personal information from individuals under the age required for consent in their jurisdiction:

  • Under 16 years old in the European Union (or lower age if set by Member State, minimum 13)
  • Under 13 years old in Canada and the United States

If we become aware that we have collected personal information from a child without proper parental consent, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child, please contact us immediately at cnlhbkBtaWxsaW9uZG9sbGFyc2NyaXB0LmNvbQ==.

Complaints & Dispute Resolution

Internal Complaints (PIPEDA Principle 4.13)

If you have concerns about how we handle your personal information or believe we are not complying with privacy legislation, please contact our Privacy Officer at cnlhbkBtaWxsaW9uZG9sbGFyc2NyaXB0LmNvbQ==.

We will:

  • Acknowledge your complaint within 5 business days
  • Investigate your complaint thoroughly
  • Provide a substantive response within 30 days (or notify you if more time is needed)
  • Take corrective action if we find our practices were non-compliant

Escalation to Privacy Commissioner of Canada (PIPEDA)

If you are not satisfied with our response or resolution of your complaint, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Canada
Toll-free: 1-800-282-1376
Phone: (819) 994-5444
TTY: (819) 994-6591
Website: www.priv.gc.ca
Online complaint form: File a formal privacy complaint

EU Supervisory Authorities (GDPR Art. 77)

If you are located in the European Union, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

A list of EU supervisory authorities is available at: European Data Protection Board - Members

You may also lodge a complaint with the supervisory authority in our jurisdiction if different from your own.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

Material changes will be communicated to you via:

  • Email notification to your registered email address
  • Prominent notice in the customer portal
  • Banner notification on our website

Non-material changes (e.g., clarifications, formatting, contact updates) will be posted with an updated "Last modified" date.

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

Contact

For privacy-related questions, requests, or complaints, contact our Privacy Officer:

Privacy Officer: Ryan Rhode
Email: cnlhbkBtaWxsaW9uZG9sbGFyc2NyaXB0LmNvbQ==

We will acknowledge your inquiry within 5 business days and provide a substantive response within 30 days. For complex requests, we may require up to 3 months and will notify you of any extension.

Last updated: 2025-11-07