Privacy Policy | Digital Villains – APAW Holdings Limited

1. Introduction

Digital Villains ("we," "our," or "us"), a trading name of APAW Holdings Limited, is a UK-based digital agency and software company. We build custom web applications, HTML banner campaigns, email template solutions, and digital marketing assets for brands worldwide. We also develop and distribute software products, including the Email Template Customizer WordPress plugin.

This Privacy Policy explains how we collect, use, disclose, and protect personal data across our website, agency services, and software products. It applies to all visitors, clients, and end-users of our software.

Questions? Contact us at enquires@digitalvillains.co.uk before using our services if you do not agree with this policy.

2. Data We Collect

Information You Provide

Contact form submissions — name, email address, phone number, project brief
Service enquiries and quote requests
Client onboarding details (business name, billing address, VAT number)
Communications via email, phone, or video call
Software purchase details processed by our payment partner (Lemon Squeezy)
Support tickets and bug reports submitted for our software products

Information Collected Automatically

Browser type, version, and device type
Operating system
Referring URLs and navigation paths
Pages viewed, clicks, and time on site
IP address (anonymised where possible)
Crash and performance data submitted by our WordPress plugin (optional, opt-in only)

What We Do Not Collect

We do not collect payment card details — all transactions are handled securely by Lemon Squeezy (our authorised payment processor). We never receive or store raw card numbers or bank account information.

3. Software & Plugin Data

Our Email Template Customizer WordPress plugin is installed on WooCommerce stores. When you use this plugin:

Plugin settings (template configurations, colour choices, font preferences) are stored locally in your WordPress database. We do not have access to your site's database or its contents.
Licence verification — your licence key and domain URL are transmitted to our licence server to validate your subscription. No customer order data from your WooCommerce store is sent to us.
Anonymous usage statistics (feature usage frequency, plugin version) may be collected to improve the product. This is opt-in and can be disabled in the plugin settings.
Update checks are made to our update server periodically to notify you of new versions. Only the plugin version and your WordPress version are transmitted.

The plugin does not transmit your customers' personal data, order data, or payment information to Digital Villains at any time.

4. How We Use Your Data

Respond to service enquiries and onboard new clients
Deliver and manage agency projects (web development, email campaigns, HTML banners, digital marketing)
Process software purchases and manage licence keys
Provide customer support for our software products and agency work
Send product updates, security patches, and release notes for software you have purchased
Issue invoices and maintain financial records as required by UK law
Improve our website, software features, and service offerings
Detect, prevent, and respond to fraud or security incidents
Send marketing communications only where you have explicitly consented

5. Legal Basis for Processing (UK GDPR)

Contract — processing necessary to deliver services or software you have purchased
Legitimate Interests — fraud prevention, security monitoring, and improving our products
Legal Obligation — retaining financial records under UK tax law (HMRC requirements)
Consent — sending marketing emails and optional usage analytics; you may withdraw consent at any time

6. Sharing Your Data

We never sell or rent your personal data. We share data only with the following trusted third parties, each bound by appropriate data protection agreements:

Lemon Squeezy — payment processing and licence management for software sales
EmailJS / Formspree — routing contact form submissions to our inbox
Vercel — web hosting and CDN for our public-facing website
Google Analytics / Plausible — anonymised website traffic analysis
Accounting software — invoice and billing data shared with our bookkeeping provider

We may disclose your data to law enforcement or regulatory bodies where required by applicable law or to defend legal claims.

7. Cookies

We use cookies and similar technologies to operate our website, measure performance, and (where consented) serve relevant marketing. For full details of every cookie we set, how to accept or refuse them, and your opt-out rights, see our Cookie Policy.

8. Data Retention

Contact form submissions — 24 months from last interaction
Client project data — 5 years from project completion (UK contractual limitation period)
Financial & invoicing records — 7 years (HMRC legal requirement)
Software licence records — for the duration of your active licence plus 2 years
Marketing opt-ins — until you withdraw consent

Data outside these periods is securely deleted or anonymised. You may request early deletion subject to our legal obligations above.

9. Your Rights

Under UK GDPR and the Data Protection Act 2018 you have the right to:

Access — obtain a copy of the personal data we hold about you
Rectification — correct inaccurate or incomplete data
Erasure — request deletion of your data where we have no overriding legal basis
Restriction — ask us to pause processing in certain circumstances
Portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interests or for direct marketing
Withdraw consent — opt out of marketing or analytics at any time without affecting prior processing

Submit requests to enquires@digitalvillains.co.uk. We will respond within 30 days. If unsatisfied, you may complain to the Information Commissioner's Office (ICO).

10. Security

We apply industry-standard technical and organisational security measures including TLS encryption in transit, access controls, and regular security reviews. Our software products are developed following secure coding practices aligned with OWASP guidelines. Despite these measures, no internet-based system is unconditionally secure — we cannot guarantee absolute protection against all threats.

If you believe your data has been compromised, notify us immediately at enquires@digitalvillains.co.uk.

11. Third-Party Links & Integrations

Our website and software may link to or integrate with third-party services (e.g. WordPress.org, WooCommerce, Lemon Squeezy). We are not responsible for the data practices of those platforms and encourage you to review their privacy policies independently before use.

12. Changes to This Policy

We may revise this Privacy Policy as our services evolve or legal requirements change. Material updates will be communicated via a notice on our website and, where appropriate, by email to active clients and software licence holders. The "Last updated" date at the top of this page always reflects the most recent revision.

13. Contact Us

For privacy-related enquiries, data subject requests, or to report a concern:

Digital Villains — APAW Holdings Limited

63–66 Hatton Garden, Fifth Floor, Suite 23, London EC1N 8LE

Email: enquires@digitalvillains.co.uk

Phone: +44 (0207) 947 06