For the purposes of the GDPR, the data controller for personal data processed through avakode.com and the Forge Suite plugins is:
Individual Entrepreneur Darya Avakova
Tax ID (ИНН): 534556558
Registered address: Parkent street 9, apt. 78, Mirzo Ulugbek district, Tashkent, Republic of Uzbekistan
Contact for privacy matters: support@avakode.com
This page is aimed at:
If you operate a WordPress site that uses Forge Suite plugins and that site collects data from EU residents, you are the data controller for that visitor data — not Avakode. The plugins store that data in your own WordPress database. You are responsible for your own site’s GDPR compliance, and we act as a data processor only to the extent that specific plugin features (such as AI translations or Forge API integrations) route data through our infrastructure.
As a data subject under the GDPR, you have the following rights in relation to personal data we hold about you:
You can request a copy of the personal data we hold about you, along with information about how we process it.
If any of the data we hold about you is inaccurate or incomplete, you can ask us to correct it.
You can ask us to delete your personal data. We will comply unless we are required to retain it for a legitimate legal or contractual reason (for example, tax records).
You can ask us to limit how we use your data in certain circumstances — for example, while a dispute about accuracy is being resolved.
You can request your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV) to transfer it to another service.
You can object to processing based on legitimate interest, and to any direct marketing.
We do not make any decisions about you purely based on automated processing. Our use of AI is limited to content generation at your request — it does not produce legally significant decisions about you.
Where we rely on consent to process your data (for example, optional product announcements), you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
You have the right to lodge a complaint with a supervisory authority — typically the data protection authority in the EU/EEA country where you live or work. A list is maintained by the European Data Protection Board at edpb.europa.eu.
Email support@avakode.com with the subject line «GDPR Request» and tell us which right you’d like to exercise. To protect you, we may ask you to verify your identity before acting on the request — typically by confirming the email address registered to your account.
We respond to all requests within 30 days. If the request is unusually complex, we may extend this by a further two months and will notify you of the delay and the reason.
Exercising your rights is free of charge. We only charge a fee in the rare case of manifestly unfounded or excessive requests, and we will tell you before doing so.
We process personal data under the following legal bases:
| Activity | Legal basis | Article |
|---|---|---|
| Creating and managing your Avakode account | Performance of a contract | Art. 6(1)(b) |
| Processing payments and issuing invoices | Performance of a contract, legal obligation | Art. 6(1)(b), 6(1)(c) |
| License verification | Performance of a contract | Art. 6(1)(b) |
| Routing AI requests to providers | Performance of a contract | Art. 6(1)(b) |
| Responding to support requests | Performance of a contract | Art. 6(1)(b) |
| Security, fraud detection, abuse prevention | Legitimate interest | Art. 6(1)(f) |
| Tax records and accounting retention | Legal obligation | Art. 6(1)(c) |
| Optional product announcements, newsletters | Consent | Art. 6(1)(a) |
Because our infrastructure and sub-processors operate globally, your personal data may be transferred outside the EU/EEA — in particular, to the United States (where some of our AI providers and hosting partners operate) and to the United Kingdom.
For transfers outside the EU/EEA where no adequacy decision applies, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational measures where appropriate.
The following third parties may process personal data on our behalf:
| Sub-processor | Role | Jurisdiction |
|---|---|---|
| Freemius Inc. | Payment processing, license management | United States |
| Cloudflare, Inc. | API hosting (Workers, D1, KV, CDN) | Global |
| Hostinger International Ltd. | Marketing-site hosting | European Union |
| OpenAI, L.L.C. | AI text generation | United States |
| Anthropic, PBC | AI text generation | United States |
| Google LLC | OAuth for Sheets / Calendar integrations | United States |
All sub-processors are bound by data processing agreements that include GDPR-compliant safeguards. We maintain the right to change sub-processors and will update this list when we do. If you object to a new sub-processor, you may terminate your license and request a pro-rated refund.
We keep personal data only as long as necessary for the purposes for which it was collected. Specific retention periods are detailed in Section 7 of our Privacy Policy. Summary:
Forge Suite is a professional product intended for users aged 16 and older. We do not knowingly process personal data of children under 16. If you believe we have done so inadvertently, contact us and we will delete the data.
Avakode currently does not have an appointed EU representative under Article 27 GDPR. EU and EEA residents can reach us directly by email at support@avakode.com for any privacy-related request. We treat inquiries from EU residents with the same priority as requests from any other jurisdiction.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 GDPR, and will notify affected users without undue delay where required by Article 34.
We use only strictly-necessary first-party cookies — for authentication and essential preference storage. We do not use advertising cookies, third-party analytics cookies, or any cross-site trackers. Because we do not rely on consent-based cookies, we do not display a consent banner.
All privacy-related questions, requests, and concerns should be directed to:
Email: support@avakode.com
Postal: Individual Entrepreneur Darya Avakova, Parkent street 9, apt. 78, Mirzo Ulugbek district, Tashkent, Republic of Uzbekistan
We may update this GDPR compliance page from time to time. When we make material changes, we will notify active customers by email and post a notice on avakode.com at least 30 days in advance. The «Last updated» date at the top always reflects the most recent revision.