Privacy Policy
Your privacy is important to us. Learn how we collect, use, and protect your data.
1. Overview
This Privacy Policy describes how Gambolthemes ("we", "us", or "our") collects, uses, stores, and shares information about you when you use our website, products, and services (collectively, the "Service").
By using our Service, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy, maintaining transparency about our data practices, and complying with applicable data protection laws including GDPR and CCPA.
This policy applies to all users of our Platform, including buyers, sellers, affiliates, and visitors.
2. Information We Collect
We collect different types of information to provide and improve our Service:
| Data Type | Examples | Purpose |
|---|---|---|
| Account Data | Name, email address, password (hashed) | Account creation & management |
| Profile Data | Bio, avatar, social links, location | Public profile display |
| Payment Data | Billing address, payment method (processed by PayPal/Razorpay) | Transaction processing |
| Purchase Data | Order history, downloads, license keys | Order fulfillment & support |
| Usage Data | Pages visited, search queries, time on site | Service improvement & analytics |
| Device Data | IP address, browser type, OS, screen resolution | Security, analytics & compatibility |
| Communication Data | Support tickets, contact form messages, reviews | Customer support & community |
| OAuth Data | Google/GitHub profile info (name, email, avatar) | Social login authentication |
Information You Provide Directly
- Account registration details (name, email, password)
- Profile information you choose to add (bio, avatar, social links)
- Purchase and transaction details
- Seller application and payout information
- Support tickets, messages, and contact form submissions
- Product reviews, ratings, and Q&A contributions
- Newsletter subscription preferences
- Affiliate program enrollment information
- Academy course progress and quiz responses
Information Collected Automatically
- Log data (IP address, browser type, referring URL, pages visited, timestamps)
- Device information (device type, operating system, screen resolution)
- Approximate location data (country, region, city — derived from IP address)
- Session information (session duration, pages per session, bounce rate)
- Security-related data (login attempts, 2FA status, session devices)
Information from Third Parties
- Google OAuth: Name, email address, profile picture (when you sign in with Google)
- GitHub OAuth: Username, email address, avatar URL (when you sign in with GitHub)
- Payment Processors: Transaction status, payment confirmations (from PayPal and Razorpay)
3. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery
- Process purchases, issue licenses, and deliver digital product downloads
- Manage your user account, seller account, or affiliate account
- Process seller payouts (via PayPal, bank transfer, or Payoneer)
- Track Academy course progress, quiz attempts, and issue certificates
- Provide customer support and resolve disputes
Communication
- Send order confirmations, download links, and purchase receipts
- Notify you of account changes, security alerts, and policy updates
- Respond to support tickets and contact form inquiries
- Send wishlist price-drop alerts (if enabled)
Improvement & Analytics
- Analyze usage patterns to improve our products, features, and user experience
- Identify and fix technical issues, bugs, and performance bottlenecks
- Monitor query performance and optimize database operations
- Conduct A/B testing and feature experiments
Security & Fraud Prevention
- Detect and prevent fraud, unauthorized access, and abuse
- Monitor for suspicious login activity and enforce two-factor authentication
- Track active sessions and allow device management
- Enforce rate limiting and bot protection
Marketing Communications: We may send promotional emails about new products, sales, and offers. You can opt out at any time by clicking the unsubscribe link in any email or managing your preferences in your dashboard settings.
4. Information Sharing
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:
With Sellers
- When you purchase a product, the seller may receive your name and email address for support purposes.
- Sellers do not receive your payment details, billing address, or other sensitive information.
With Service Providers
We work with trusted third-party companies that help us operate our business. These providers only access information necessary to perform their services and are contractually bound to protect your data:
- Payment processors (PayPal, Razorpay) — to process transactions
- Email service providers — to send transactional and marketing emails
- Cloud hosting and CDN providers — to host and deliver our Platform
- Analytics services — to understand usage patterns
Legal Requirements
We may disclose information if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Gambolthemes, our users, or the public.
Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
With Your Consent
We may share your information in other ways if you provide explicit consent.
5. Third-Party Services
Our Platform integrates with the following third-party services. Each has its own privacy policy governing how your data is handled:
| Service | Purpose | Data Shared |
|---|---|---|
| PayPal | Payment processing & seller payouts | Transaction amount, email |
| Razorpay | Payment processing (cards, UPI, wallets) | Transaction amount, contact info |
| Google OAuth | Social sign-in | Name, email, profile picture |
| GitHub OAuth | Social sign-in | Username, email, avatar |
We encourage you to review the privacy policies of these services. We are not responsible for the data practices of third-party services.
6. Cookies and Tracking
We use cookies and similar tracking technologies to collect and track information about your activity on our Service.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, CSRF protection, session management | Session / 2 hours |
| Preference | Remember your settings (theme, language, currency) | 1 year |
| Analytics | Track page views, user flows, and platform usage | 30 days |
| Affiliate | Track referrals from affiliate links | 30-90 days |
Managing Cookies: You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from logging in, making purchases, or using core platform features.
7. Your Rights
Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws (including GDPR and CCPA):
Exercising Your Rights
To exercise any of these rights, please contact us at privacy@gambolthemes.net. We will respond to your request within 30 days. We may require identity verification before processing your request.
California Residents (CCPA)
- You have the right to know what personal information we collect, use, and disclose.
- You have the right to request deletion of your personal information.
- You have the right to opt out of the "sale" of personal information. Note: we do not sell personal information.
- We will not discriminate against you for exercising any of your CCPA rights.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption in Transit: All data is transmitted via TLS/SSL (HTTPS) encryption
- Password Security: Passwords are hashed using bcrypt — we never store plain-text passwords
- Two-Factor Authentication: Optional TOTP-based 2FA for enhanced account security
- CSRF Protection: All forms are protected against Cross-Site Request Forgery attacks
- Content Security Policy: CSP headers prevent cross-site scripting (XSS) attacks
- Security Headers: HSTS, X-Content-Type-Options, X-Frame-Options applied globally
- Input Validation: All user input is validated and sanitized to prevent SQL injection and other attacks
- Session Management: Active session monitoring with device-level session management
- Access Controls: Role-based access controls (buyer, seller, admin) with principle of least privilege
- Regular Updates: Dependencies and frameworks are kept updated for security patches
While we strive to protect your information using industry-standard measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.
9. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Until account deletion + 30 days | Service provision |
| Purchase Records | 7 years after purchase | Tax/legal compliance |
| Seller Payout Records | 7 years after payout | Tax/legal compliance |
| Support Tickets | 3 years after resolution | Quality assurance |
| Server Logs | 90 days | Security & debugging |
| Analytics Data | 26 months (aggregated) | Service improvement |
When you delete your account, we will delete or anonymize your personal information within 30 days, except for data that we are legally required to retain (such as purchase and financial records for tax compliance).
10. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@gambolthemes.net.
11. International Data Transfers
Our Service is operated globally, and your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.
- We ensure appropriate safeguards are in place for cross-border data transfers.
- For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) or other approved mechanisms.
- By using our Service, you consent to the transfer of your information as described in this policy.
12. Seller-Specific Data Practices
If you are a seller on our Platform, the following additional data practices apply:
Data We Collect from Sellers
- Business or individual name, email, and contact information
- Payout preferences (PayPal email, bank account details, or Payoneer account)
- Sales analytics, earnings, and commission data
- Product performance metrics (views, downloads, sales, ratings)
- Identity verification documents (if required)
How We Use Seller Data
- Process payouts and track earnings
- Provide seller dashboard analytics and performance insights
- Verify identity and prevent fraud
- Communicate about product reviews, disputes, and policy updates
Seller Data Visibility
- Your seller profile (name, avatar, bio, social links) is publicly visible.
- Product listings, ratings, and reviews are publicly visible.
- Payout details, earnings, and financial data are private and only visible to you and authorized administrators.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
- We will post the updated policy on this page with a revised "Last updated" date.
- For material changes, we will notify you via email or a prominent notice on the Platform at least 30 days before the changes take effect.
- Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
- We encourage you to review this policy periodically.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy Email: privacy@gambolthemes.net
- General Legal: legal@gambolthemes.net
- Contact Form: Contact Page
- Help Center: Help & Support
We aim to respond to all privacy-related inquiries within 30 days.
Last updated: March 11, 2026
