Privacy Policy

Last updated: November 30, 2024

1. Introduction

MadeByNico ("we", "us", "our") operates php-next.com and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

2. What Data We Collect

2.1 Account Information

• Email address (required for account creation)
• Name (optional, for personalized communication)
• Password (hashed, never stored in plain text)
• Two-factor authentication secrets (if enabled)

2.2 License Information

• License ID and edition (PRO, ULTRA, ULTRA V1)
• Purchase date and expiry date
• Payment transaction IDs (via Stripe)
• Domain/hardware binding information (for license validation)

2.3 Usage Data

• Encode statistics (count, timestamps, blob IDs)
• API usage logs (for security and debugging)
• Incident reports (security events, tampering attempts)
• IP addresses (for security and fraud prevention)

2.4 Technical Data

• Browser type and version
• Operating system
• Device information
• Cookies and similar tracking technologies

3. Why We Collect Data

We collect and process your data for the following purposes:

• Service Provision: To provide, maintain, and improve the php-next service.
• License Management: To validate licenses, track usage, and prevent unauthorized access.
• Security: To detect and prevent fraud, abuse, and security threats.
• Communication: To send important service updates, security alerts, and support responses.
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service.
• Analytics: To understand usage patterns and improve our service (privacy-friendly analytics only).

4. How We Store Data

4.1 Data Storage

• Data is stored on secure servers located in the European Union.
• All data is encrypted at rest using industry-standard encryption.
• Passwords are hashed using bcrypt (never stored in plain text).
• Database backups are encrypted and stored securely.

4.2 Data Retention

• Account data: Retained while your account is active, plus 30 days after deletion.
• License data: Retained for 7 years for tax and legal compliance.
• Usage logs: Retained for 90 days for security and debugging purposes.
• Incident reports: Retained for 1 year for security analysis.

5. Cookie Usage

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and session management.
• Analytics Cookies: Privacy-friendly analytics (Plausible Analytics) - no personal data collected.
• Preference Cookies: To remember your language and UI preferences.

You can control cookies through your browser settings. See our Cookie Policy for more details.

6. Your GDPR Rights

Under the GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data (subject to legal obligations).
• Right to Restrict Processing: Limit how we process your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent for optional data processing.

To exercise these rights, contact us at support@niconext.com or use the data export/deletion tools in your dashboard.

7. Data Protection Officer (DPO)

For privacy-related inquiries, you can contact our Data Protection Officer:

Email: dpo@niconext.com
Subject: GDPR Request

8. Third Parties

We share data with the following third-party services:

• Stripe: Payment processing (transaction data only, no card details stored by us).
• Cloudflare: CDN and DDoS protection (IP addresses, request logs).
• MailerSend: Email delivery (email addresses, email content).
• Plausible Analytics: Privacy-friendly analytics (no personal data, aggregated statistics only).

All third parties are GDPR-compliant and bound by data processing agreements.

9. Data Security

We implement industry-standard security measures:

• HTTPS encryption for all data in transit.
• Encryption at rest for sensitive data.
• Regular security audits and penetration testing.
• Access controls and authentication (2FA available).
• Incident monitoring and response procedures.

10. International Transfers

Your data is primarily stored in the EU. If we transfer data outside the EU, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses, Privacy Shield).

11. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or website notice. Continued use of the Service after changes constitutes acceptance of the new Policy.

13. Contact

For privacy-related questions or to exercise your GDPR rights, contact us at:

Email: support@niconext.com
DPO Email: dpo@niconext.com
Website: https://php-next.com