Legal
Privacy Policy
Last updated - June 15, 2026
This page explains how PVEstrap handles information tied to purchases, support, delivery, recovery, public profile pages, and product access across the current public site.
1. What this policy covers
This policy covers pvestrap.com, PVEstrap profile pages or subdomains, PVEMM, the legacy bootstrapper, related desktop products, recovery pages, legal and support contact routes, and purchase or entitlement flows.
2. Data that may be processed
- Purchase and billing contact details such as the buyer email used at checkout.
- Gift and delivery details such as recipient email, sender name, optional gift note, and delivery-verification state.
- Recovery and support details such as support emails, verification-code requests, contact-form submissions, and order-related messages.
- Software access and entitlement records such as activation state, device-related validation data, delivery-token status, and revocation state.
- Public profile content and related identifiers where users publish profile pages.
- Basic service and security logs such as IP address, request metadata, timestamps, browser or device information, and access events needed to keep the site and products working and to prevent abuse.
3. Why the data is used
- To complete purchases and deliver, recover, or revoke products.
- To verify access to a purchase, gift, support request, or recovery flow.
- To activate, refresh, suspend, or revoke product access where entitlement checks are required.
- To answer support requests, refund questions, abuse reports, legal notices, or privacy requests.
- To publish and moderate public profiles or other user-submitted public content.
- To protect the service against fraud, misuse, or operational failure.
Depending on the flow, processing may be based on contract performance, legitimate interests in secure service operation, compliance with legal obligations, or consent where a feature specifically asks for it.
4. Legal bases
Where data-protection law applies, PVEstrap may rely on one or more legal bases depending on the flow involved: contract performance for purchases, delivery, recovery, and requested product access; legitimate interests for security, fraud prevention, moderation, and operational reliability; legal obligations where records or responses are required by law; and consent where a feature explicitly asks for it.
5. Public content and profiles
If you publish a profile or similar public content, other people and search engines may save, index, copy, or share what is visible. Do not publish information you do not want to make public.
If a profile or public page contains another person's personal data, the person publishing it is responsible for having a valid legal basis to do so.
6. Sharing and recipients
PVEstrap may use payment, hosting, storage, delivery, or communications providers where needed to run the services, process purchases, deliver email, or secure the ecosystem. Data may also be disclosed where required by law or reasonably necessary to protect rights, investigate fraud, or respond to abuse.
PVEstrap does not state that it sells personal data.
Third-party providers may act either on behalf of PVEstrap for a specific function or under their own terms for the service they operate. Their own privacy notices may also apply. This can include website-delivery infrastructure, payment processors, mailbox or SMTP providers, and community or identity platforms chosen by the user.
7. Retention
- Delivery and recovery records are kept for as long as needed to operate, audit, or secure the purchase flow.
- Support correspondence is kept for as long as needed to resolve the issue and maintain a reasonable record.
- Public profile content is kept while published and for any limited follow-up period needed for moderation, backups, or dispute handling.
- Short-lived verification codes and temporary delivery tokens are intended to expire and become unusable after their lifetime.
If data is no longer needed for the original purpose, it may be deleted, anonymized, or restricted unless continued retention is required by law or reasonably necessary for fraud prevention, abuse review, or legal claims.
8. Cookies and similar browser storage
PVEstrap web properties may use cookies, local storage, or session storage for site operation, UI continuity, purchase recovery continuity, and similar core functions. If non-essential tracking or analytics are added later, an appropriate consent mechanism should be used where required by law.
9. Security
PVEstrap applies technical and organizational measures intended to reduce the risk of unauthorized access, alteration, loss, or misuse of personal data. Depending on the service, those measures may include access controls, short-lived verification codes, signed requests, secret management, rate limits, and audit logging for abuse prevention.
Do not send raw passwords, long-lived login tokens, or similar credentials through normal support mail.
10. Your rights
Where applicable law gives rights of access, rectification, erasure, restriction, portability, objection, or consent withdrawal, you may request those rights through Contact or directly by email. PVEstrap may ask for information reasonably needed to confirm the requester is the right person.
11. International transfers
Because internet infrastructure and third-party providers may operate in more than one country, personal data may be processed outside your home jurisdiction. Where applicable law requires safeguards for those transfers, PVEstrap intends to rely on an appropriate lawful transfer mechanism.
12. Questions and complaints
Privacy questions, support questions, and data-rights requests can be sent to contact@pvestrap.com or through Contact. If you believe applicable data-protection law has been violated, you may also complain to the competent supervisory authority.
When making a request, include enough detail to identify the relevant service, product, profile page, or purchase flow so the request can be handled accurately.
PVEstrap may ask for information reasonably needed to verify that the requester is the correct person before personal data is disclosed, changed, or erased.