Privacy Policy

1. Data Controller

The data controller of the personal data processed through IC pluginswp (the "Service") is:

• Company name: INTERCO SOFTWARE DEVELOPMENT, S.L.
• Tax ID (CIF/NIF): B24973133
• Registered office: Plaza de la Glorieta 9, entresuelo A, 30520 Jumilla, Murcia, Spain
• Contact email: hello@icpluginswp.com

2. Data we collect

We collect only what we need to operate the Service:

• Account data: email address, name (optional), hashed password.
• Usage data: plugins you generate, their descriptions, credit transactions, API token counts.
• Technical data: IP address at signup (fraud prevention), browser fingerprint hash (anti-abuse), timestamps.
• Payment data: payments are processed by Stripe. We never see your full card number. We store only Stripe session IDs and payment status.
• Communications: emails we send you (account verification, receipts, transactional notifications).

3. Legal basis for processing

Under Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018, we process data under:

• Contract performance (Art. 6.1.b): to provide the Service you requested.
• Legal obligation (Art. 6.1.c): invoicing, accounting, tax records.
• Legitimate interest (Art. 6.1.f): fraud prevention, security, service improvement.
• Consent (Art. 6.1.a): for optional analytics and marketing communications, where applicable.

4. Third-party processors

We share strictly necessary data with:

• Stripe (payments) — stripe.com/privacy
• Anthropic (Claude AI for plugin generation) — anthropic.com/privacy
• Resend (transactional email) — resend.com/legal/privacy-policy
• DigitalOcean (server and object storage in Frankfurt, EU) — digitalocean.com/legal/privacy-policy
• Google reCAPTCHA (bot detection) — policies.google.com/privacy

Where providers are outside the EEA, transfers rely on EU Standard Contractual Clauses and additional safeguards where required.

5. Retention

Account data is kept for as long as your account is active. Billing records are kept for six years under Spanish tax law. Generated plugins and their ZIPs are kept for 30 days after generation unless you download them or the account remains active. Logs are rotated after 90 days.

6. Your rights

You have the right to access, rectify, erase, restrict or object to processing of your personal data, and to data portability. To exercise these rights, email hello@icpluginswp.com with a copy of your ID for verification. You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, aepd.es).

7. Cookies

We use strictly necessary cookies for authentication and language preferences. No cookies are used for advertising. If you use Google reCAPTCHA on our signup, Google may set its own cookies under their policy.

8. Security

All traffic is encrypted in transit (TLS 1.3). Passwords are hashed with bcrypt. Secrets are stored with restricted file permissions. The service runs behind a firewall (UFW) with brute-force protection (fail2ban). Backups of the database are taken daily and retained for 30 days.

9. Children

The Service is not directed to persons under 16. We do not knowingly collect data from minors.

10. Changes to this policy

We may update this policy. When we do, we will change the "Last updated" date at the top. Material changes will be notified by email to registered users.