1. Who we are
Controller: Elena Sheremetyeva, sole trader trading as Writage. Business address: 86–90 Paul Street, London EC2A 4NE, United Kingdom. Email: privacy@writage.com
We sell desktop software under the "Writage" brand. Payments are processed by authorised resellers Paddle.com Market Ltd (UK) or Bright Market LLC d/b/a FastSpring (USA) acting as Merchants of Record.
2. What data we receive & why
| Purpose | Data | Source | Legal basis |
|---|---|---|---|
| Deliver licence, issue invoices | Name, email, billing address, IP, last 4 digits of card | Paddle / FastSpring checkout | Contract (perform our agreement) |
| Optional update‑check | Licence‑key hash, Writage & OS version, IP (stored ≤30 days) | Your device | Legitimate interest (maintain & secure software) |
| Site analytics | Page URL, referrer, browser/OS, approx. country (no cookies, no IPs stored) | Plausible Analytics | Legitimate interest (understand traffic) |
| Support | Emails you send us | Direct | Legitimate interest (respond to enquiries) |
| Compliance & tax records | Order data, invoices | Internal | Legal obligation (HMRC 7‑year rule) |
We do not use your data for advertising and we do not sell or rent it to anyone.
3. Who we share data with
| Processor | Role | Location / safeguard |
|---|---|---|
| Paddle.com Market Ltd | Merchant of Record & payment processing | UK/EU/US – SCCs / DPF |
| Bright Market LLC (FastSpring) | Alternative Merchant of Record | US – SCCs / DPF |
| Amazon Web Services, Inc. (S3 & CloudFront) | Hosting for writage.com & update endpoint | EU/US – SCCs / DPF |
| Plausible Analytics OÜ | Cookie‑less site analytics | EU (EEA) |
All suppliers are bound by written contracts and may only process data on our instructions.
4. International transfers
Where data is transferred outside the UK/EEA we rely on the EU Standard Contractual Clauses (SCCs) or the EU–US Data Privacy Framework as appropriate.
5. Retention
- Purchase & invoicing data: 7 years (UK tax law).
- Update‑check logs: deleted or anonymised after 30 days.
- Support emails: 2 years after ticket closure.
6. Security
All traffic is encrypted in transit (TLS 1.3). Servers are encrypted at rest and protected by firewalls; administrator access requires MFA and is limited to the owner.
7. Your rights
Under UK GDPR you may request: access, rectification, erasure, restriction, data portability, objection to processing, and to lodge a complaint with the UK Information Commissioner's Office. To exercise any right, email privacy@writage.com.
8. Cookies
We do not set cookies or similar tracking technologies. Plausible Analytics operates entirely without cookies.
9. Children
Writage is not directed at children under 16. We do not knowingly collect personal data from anyone under 16.
10. Changes to this policy
We may update this notice from time to time. The current version is always available at https://www.writage.com/privacy-policy/. Material changes take effect 14 days after posting.
11. Contact
If you have questions about this Policy or your personal data, write to privacy@writage.com or to the postal address above.