Privacy Policy

1. Data Controller

The data controller responsible for the processing of your personal data under this Policy is:

Adminbolt, Inc.
1111B S. Governors Ave., STE 25364
Dover, DE 19904
United States of America
Email: contact@adminbolt.com

Adminbolt acts strictly as a Data Controller for account, billing, licensing, and service-related data of its direct customers. Adminbolt does not act as a Data Processor for the data stored on customer-managed servers or infrastructure. See Section 10 (Customer-Hosted Data) for details.

2. Categories of Personal Data Collected

Adminbolt collects only the personal data reasonably necessary to operate the Service, process transactions, and comply with legal obligations. The categories of personal data we collect include the following:

2.1 Account and Business Information

When you create an Account or purchase the Service, we collect:

• Full name and business contact details
• Company or organization name
• Email address
• Account credentials (hashed password)
• Billing address
• Payment and transaction information (processed through third-party payment processors; Adminbolt does not store complete credit card numbers)
• Tax identification information, where required for invoicing

2.2 Technical and Usage Data

When you access the Adminbolt website or use the Service, we automatically collect:

• Internet Protocol (IP) addresses
• Device type, operating system, and browser type and version
• Pages visited, referring URLs, and navigation patterns on our website
• Date, time, and duration of access
• License verification data, including server IP addresses and license keys transmitted to Adminbolt licensing servers
• System performance and error logs related to the Software

2.3 Support and Communication Data

When you contact us for support or communicate with us, we collect:

• Messages submitted through support channels, including the Adminbolt community forum, Discord server, and email
• Email correspondence and attachments
• Feedback, feature requests, and issue reports
• Records of support interactions, including timestamps and resolution details

2.4 Marketing and Newsletter Data

If you subscribe to our newsletter or marketing communications, we collect:

• Email address
• Communication preferences and opt-in/opt-out status

2.5 Cookie and Tracking Data

When you visit our website, we collect data through cookies and similar technologies, as described in Section 11. This includes:

• Website usage data such as page views, click patterns, and session duration
• Google Analytics identifiers and aggregated usage metrics
• Google reCAPTCHA interaction data for spam and abuse prevention
• Session cookies necessary for the operation of the customer portal and billing system

2.6 Data We Do Not Collect

Adminbolt does not intentionally collect:

• Sensitive personal data, including data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation
• Social Security numbers, national identification numbers, or government-issued identification (except tax IDs where required for invoicing)
• Personal data from children under the age of eighteen (18)
• Any data stored on customer-managed servers or infrastructure (see Section 10)

3. Purposes of Processing

Adminbolt processes personal data for the following purposes:

3.1 Service Delivery and Account Management

To provide, maintain, and improve the Service; to create and manage your Account; to process software licenses and verify license compliance; and to deliver software updates and patches.

3.2 Payment Processing and Billing

To process payments, issue invoices, manage subscriptions and renewals, and handle refund requests, in coordination with our third-party payment processors.

3.3 Security and Fraud Prevention

To protect the integrity and security of the Service and our infrastructure; to detect, prevent, and investigate fraud, unauthorized access, and abuse; to verify license authenticity; and to enforce our Terms of Service.

3.4 Customer Support

To respond to inquiries, troubleshoot issues, provide technical assistance, and maintain a record of support interactions for quality assurance and continuity.

3.5 Communications

To send transactional notifications (e.g., purchase confirmations, license renewal reminders, service updates, security alerts); and, with your consent or where permitted by law, to send marketing communications about new features, products, or promotions.

3.6 Analytics and Improvement

To analyze usage patterns on our website and Service; to measure the effectiveness of our marketing efforts; and to identify trends and areas for improvement in the Service.

3.7 Legal Compliance

To comply with applicable legal and regulatory obligations, including tax reporting, accounting requirements, and responding to lawful government requests.

4. Legal Bases for Processing (GDPR)

Where the General Data Protection Regulation (“GDPR”) or the United Kingdom General Data Protection Regulation (“UK GDPR”) applies, Adminbolt processes personal data on one or more of the following legal bases:

4.1 Performance of a Contract (Article 6(1)(b) GDPR)

Processing is necessary for the performance of the agreement between you and Adminbolt, including providing the Service, managing your Account, processing payments, and delivering software licenses.

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

Processing is necessary for the purposes of the legitimate interests pursued by Adminbolt, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include: (a) operating, securing, and improving the Service; (b) preventing fraud and unauthorized use; (c) conducting analytics to improve our website and products; and (d) direct marketing to existing customers regarding similar products and services (subject to applicable opt-out rights).

4.3 Legal Obligation (Article 6(1)(c) GDPR)

Processing is necessary to comply with legal obligations to which Adminbolt is subject, including tax and accounting laws, anti-money laundering regulations, and lawful government requests.

4.4 Consent (Article 6(1)(a) GDPR)

Where required by applicable law, we rely on your consent for specific processing activities, such as sending marketing communications to prospective customers or placing non-essential cookies. Where consent is the legal basis, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Data Subject Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

5.1 GDPR and UK GDPR Rights

If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, you have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: request correction of inaccurate or incomplete personal data
• Erasure: request deletion of your personal data where there is no compelling reason for continued processing
• Restriction of Processing: request that we restrict processing of your personal data in certain circumstances
• Data Portability: receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller
• Objection: object to processing based on legitimate interests or for direct marketing purposes
• Automated Decision-Making: not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you

5.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know: request that we disclose the categories and specific pieces of personal information we have collected, the sources of collection, the business or commercial purposes for collection, and the categories of third parties with whom we share personal information
• Delete: request deletion of personal information we have collected from you, subject to certain exceptions
• Correct: request correction of inaccurate personal information
• Opt-Out of Sale or Sharing: Adminbolt does not sell personal information and does not share personal information for cross-context behavioral advertising within the meaning of the CCPA/CPRA
• Non-Discrimination: not receive discriminatory treatment for exercising your CCPA/CPRA rights
• Limit Use of Sensitive Personal Information: Adminbolt does not use or disclose sensitive personal information for purposes beyond those permitted under the CCPA/CPRA

5.3 Other US State Privacy Rights

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights to access, delete, correct, and opt out of certain processing. We will honor such requests in accordance with applicable state law.

5.4 Exercising Your Rights

To exercise any of the rights described above, please submit a request to contact@adminbolt.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law (generally thirty (30) days for GDPR requests and forty-five (45) days for CCPA/CPRA requests, subject to extensions where permitted). We will not charge a fee for processing your request, unless the request is manifestly unfounded or excessive.

5.5 Right to Lodge a Complaint

If you believe that our processing of your personal data violates applicable law, you have the right to lodge a complaint with the relevant supervisory authority. For individuals in the EEA, a list of supervisory authorities is available at https://edpb.europa.eu. For individuals in the UK, the relevant authority is the Information Commissioner's Office (ICO).

6. Data Sharing and Disclosure

Adminbolt does not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share personal data only in the following circumstances:

6.1 Service Providers (Sub-Processors)

We engage trusted third-party service providers to assist in operating the Service, including:

• Payment Processors: to process subscription payments and billing transactions. These processors handle payment card data directly and are PCI-DSS compliant. Adminbolt does not store complete credit card numbers on its systems
• Cloud Infrastructure Providers: to host the Adminbolt website, billing portal, and licensing servers
• Analytics Providers: to collect and analyze aggregated website usage data. Google Analytics data is anonymized through IP anonymization features enabled by default
• Security Providers: to protect forms and interactions from automated abuse and spam
• Email and Communication Providers: to deliver transactional emails, support communications, and marketing messages
• Support and Community Platforms: to facilitate customer support and community engagement through forums and messaging platforms

All service providers are contractually bound to process personal data only on our behalf, for the purposes specified by Adminbolt, and in accordance with applicable data protection laws. We require all service providers to implement appropriate technical and organizational security measures.

6.2 Legal Requirements

We may disclose personal data where we reasonably believe disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request
• Enforce our Terms of Service, including investigation of potential violations
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of Adminbolt, our customers, or the public, as required or permitted by law
• Respond to a lawful request by law enforcement or other government authorities

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, bankruptcy, or similar corporate transaction, your personal data may be transferred to the successor entity. We will provide notice of such transfer and any changes to this Policy.

6.4 With Your Consent

We may share your personal data with third parties where you have provided explicit consent for such sharing.

7. International Data Transfers

Adminbolt is based in the United States. Personal data collected from individuals in the EEA, UK, or Switzerland may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

Where personal data is transferred from the EEA, UK, or Switzerland to the United States or other countries that have not received an adequacy decision from the European Commission, Adminbolt ensures that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Commission Implementing Decision (EU) 2021/914
• UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, as applicable under UK GDPR
• EU-U.S. Data Privacy Framework, to the extent Adminbolt has self-certified under the framework
• Other lawful transfer mechanisms recognized under applicable law

You may request a copy of the applicable transfer safeguards by contacting us at contact@adminbolt.com.

8. Data Retention

Adminbolt retains personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, as outlined in this Policy, or as required by applicable law. Our general retention periods are as follows:

8.1 Account and Billing Data

Retained for the duration of the active customer relationship and for a period of seven (7) years following the termination or expiration of the Account, in order to comply with tax, accounting, and financial reporting obligations under applicable law.

8.2 Technical and Usage Logs

Retained for a period of thirty (30) to ninety (90) days for security monitoring, performance analysis, and troubleshooting purposes, after which such data is deleted or anonymized.

8.3 License Verification Data

License verification records (server IP addresses, license keys, verification timestamps) are retained for the duration of the active subscription and for a reasonable period thereafter to enforce license compliance.

8.4 Support and Communication Data

Retained for as long as necessary to resolve your inquiries and maintain a record of technical assistance, and for up to two (2) years following the last interaction for quality assurance and continuity purposes.

8.5 Marketing Data

Retained until you unsubscribe from marketing communications or request deletion, whichever occurs first.

8.6 Cookie Data

Retention periods for cookies are described in Section 11.

Upon expiration of the applicable retention period, personal data is securely deleted or irreversibly anonymized.

9. Data Security

Adminbolt implements appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest, where technically appropriate
• Access controls limiting access to personal data to authorized personnel on a need-to-know basis
• Secure infrastructure practices for our hosting, billing, and licensing systems
• Regular security assessments and vulnerability monitoring
• Employee and contractor confidentiality obligations
• Incident response procedures for the prompt detection, investigation, and notification of data breaches

Notwithstanding these measures, no method of transmission over the Internet or method of electronic storage is one hundred percent (100%) secure. Adminbolt cannot guarantee absolute security and shall not be held liable for breaches resulting from circumstances beyond its reasonable control.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, Adminbolt will notify the relevant supervisory authority and affected data subjects in accordance with the timeframes and requirements of applicable law, including Article 33 and Article 34 of the GDPR where applicable.

10. Customer-Hosted Data (Zero-Access Policy)

10.1 Self-Hosted Software Model

Adminbolt provides self-hosted control panel software that is downloaded and installed by the Customer on the Customer's own servers or infrastructure. Once installed:

• Zero Access: Adminbolt does not have access to, does not host, does not monitor, and does not process the files, databases, emails, website content, or network traffic stored on or transmitted through Customer's servers or infrastructure
• No Processor Role: Because Adminbolt has no access to or control over data stored on Customer-managed environments, Adminbolt does not act as a "Data Processor" under the GDPR, a "Service Provider" under the CCPA, or an equivalent role under any other data protection framework with respect to data stored on Customer's infrastructure
• Customer Responsibility: Customers are solely responsible for: (i) the security of their own server infrastructure; (ii) compliance with all applicable privacy and data protection laws in connection with their operations and the data of their end users; and (iii) the lawful collection, processing, storage, and deletion of personal data within their hosting environments

10.2 Limited System Communication

The only data exchanged between the installed Software and Adminbolt's systems consists of automated license verification communications, which transmit the server IP address, license key, and verification timestamp to Adminbolt's licensing servers for the sole purpose of validating license compliance.

11. Cookies and Tracking Technologies

11.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function properly, enhance user experience, and provide information to website operators.

11.2 Categories of Cookies We Use

Adminbolt uses the following categories of cookies on https://adminbolt.com:

(a) Strictly Necessary Cookies. These cookies are essential for the operation of our website and cannot be disabled. They include session cookies for the customer portal and billing system, and security cookies for form protection. Retention: Session duration or up to twenty-four (24) hours.

(b) Analytics Cookies. We use analytics cookies to collect aggregated, anonymized information about how visitors use our website, including pages visited, time spent on pages, and navigation patterns. Retention: Up to twenty-six (26) months. Legal Basis: Consent (where required under applicable law) or Legitimate Interest.

(c) Functional Cookies. These cookies enable enhanced functionality and personalization, such as remembering language preferences or display settings. Retention: Up to twelve (12) months.

11.3 Third-Party Cookies

Certain cookies may be set by third-party services embedded on our website, including Google Analytics (google-analytics.com, googletagmanager.com) and Payment Processors (stripe.com) for payment session management. These third parties may collect information about your online activities over time and across different websites. Adminbolt does not control the cookies set by these third parties, and their use is governed by the respective third party's privacy policy.

11.4 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to: (a) view what cookies are set; (b) delete individual or all cookies; and (c) block cookies from specific or all websites. Please note that disabling strictly necessary cookies may impair the functionality of the customer portal and billing system.

11.5 Do Not Track

Adminbolt does not currently respond to “Do Not Track” browser signals, as there is no universally accepted standard for how such signals should be interpreted. However, you may use the cookie management tools described above to limit tracking.

12. Third-Party Services and Links

The Service may integrate with or contain links to third-party websites, services, and platforms (including but not limited to LiteSpeed, CloudLinux, Imunify, WHMCS, Upmind, HostBill, Softaculous, MailChannels, Let's Encrypt, and JetBackup). Adminbolt is not responsible for the privacy practices, content, or security of any third-party service. We encourage you to review the privacy policies of any third-party services you use in connection with the Service.

13. Children's Privacy

The Service is intended exclusively for business and professional use and is not directed to individuals under the age of eighteen (18). Adminbolt does not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under the age of eighteen (18), we will take prompt steps to delete such data. If you believe that a child has provided personal data to Adminbolt, please contact us at contact@adminbolt.com.

14. Automated Decision-Making

Adminbolt does not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 of the GDPR. License verification processes are automated but do not involve decision-making that produces legal or similarly significant effects on individuals.

15. Marketing Communications

15.1 Opt-In

We may send marketing communications about Adminbolt products, features, and promotions to individuals who have opted in to receive such communications or who are existing customers (where permitted under applicable law for marketing of similar products).

15.2 Opt-Out

You may opt out of marketing communications at any time by: (a) clicking the “unsubscribe” link included in each marketing email; or (b) contacting us at contact@adminbolt.com. Opting out of marketing communications will not affect transactional communications (e.g., billing confirmations, security alerts, and service notices).

15.3 No Sale of Data

Adminbolt does not sell, share, or provide personal data to third parties for their direct marketing purposes.

16. Data Breach Notification

In the event of a personal data breach:

16.1 Regulatory Notification

Adminbolt will notify the competent supervisory authority without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 33 of the GDPR, where applicable.

16.2 Individual Notification

Where the breach is likely to result in a high risk to the rights and freedoms of affected individuals, Adminbolt will notify those individuals without undue delay in accordance with Article 34 of the GDPR, or as otherwise required by applicable state or federal law.

16.3 Content of Notification

Breach notifications will include, to the extent known: (a) the nature of the breach; (b) the categories and approximate number of data subjects and records affected; (c) the likely consequences of the breach; and (d) the measures taken or proposed to address the breach and mitigate its effects.

17. Changes to This Privacy Policy

Adminbolt reserves the right to modify this Privacy Policy at any time. When material changes are made:

• The revised version will be published at https://adminbolt.com/privacy/
• The "Last Updated" date at the top of this Policy will be revised
• Adminbolt will use commercially reasonable efforts to notify affected individuals of material changes via email or through the Service
• Where required by applicable law, Adminbolt will obtain your renewed consent before implementing changes that alter the purposes or legal bases for processing your personal data

Continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the revised Privacy Policy, you must discontinue use of the Service.

18. Contact Information

For privacy-related inquiries, data subject requests, or complaints regarding this Privacy Policy, please contact:

Adminbolt, Inc.
1111B S. Governors Ave., STE 25364
Dover, DE 19904
United States of America
Email: contact@adminbolt.com

We aim to respond to all privacy-related inquiries within thirty (30) days of receipt or within the timeframe required by applicable law, whichever is shorter.