Privacy Policy — Avakode — The AI-Powered WordPress Ecosystem

1. Who we are

This website (avakode.com) and the Forge Suite plugins (Lang Forge, SEO Forge, Form Forge, Field Forge) are operated by:

Individual Entrepreneur Darya Avakova

Tax ID (ИНН): 534556558

Registered address: Parkent street 9, apt. 78, Mirzo Ulugbek district, Tashkent, Republic of Uzbekistan

Contact: support@avakode.com

Throughout this document, «Avakode», «we», «us», and «our» refer to the above entity.

2. Scope of this policy

This policy describes how we collect, use, store, and share personal data when you:

Visit avakode.com or any plugin-specific website we operate
Create an Avakode account
Purchase a Forge Suite license
Use any Forge Suite plugin on your WordPress site
Contact us for support or any other reason

It does not cover the data your own WordPress site collects from its visitors — that’s governed by your own privacy policy, since the plugins store that data in your own database, not ours.

3. What data we collect

3.1 Account data

When you create an account, we collect: your name, email address, hashed password, and (optionally) your company name and billing country.

3.2 Payment data

Payments are processed by our payment partner, Freemius Inc. We do not store your full card number, CVV, or bank account details on our servers. Freemius sends us a transaction ID, the amount, the billing country, and the license purchased.

3.3 License and site data

When you activate a Forge Suite plugin on a WordPress site, we record: the site’s domain, the plugin version, the WordPress version, and the license key used. This is a standard license-verification handshake and runs once per day per site.

3.4 AI request data

When you use an AI feature in any Forge Suite plugin, the request is sent to our backend (api.avakode.com) which then forwards it to the underlying AI provider. We log: the type of AI operation (e.g., «translate post», «generate meta»), the number of credits consumed, and a timestamp. We do not log the content of your prompts or the AI’s responses.

3.5 Integration tokens

When you connect a third-party service (Mailchimp, Google Sheets, Google Calendar, HubSpot), the OAuth tokens or API keys are stored in our backend (Cloudflare D1 database) rather than in your WordPress installation. This keeps sensitive credentials off your server. Tokens are stored encrypted at rest.

3.6 Support and communication data

When you write to support@avakode.com or submit a contact form, we store the full content of your message, your email address, and any attachments — so we can respond, resolve the issue, and reference the history on follow-ups.

3.7 Technical data

Standard web-server logs: IP address, browser user-agent, pages visited, timestamps. Used for security, debugging, and abuse detection.

3.8 Cookies

We use strictly-necessary cookies for authentication and a small set of first-party cookies for remembering your preferences. We do not use advertising cookies or third-party trackers.

3.9 Google API Services

Avakode Forge requests access to your Google Search Console and Google Analytics data solely to display SEO performance metrics and analytical reports within your user dashboard. We do not share, sell, or provide this data to any third-party services or individuals. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Why we collect it (legal basis)

Depending on your jurisdiction, we rely on the following legal bases:

Performance of a contract — to deliver the plugins, process payments, provide support, verify licenses.
Legitimate interest — to secure our infrastructure, detect abuse, improve the product.
Consent — for optional communications (product announcements, newsletters). You can withdraw consent at any time.
Legal obligation — tax records, accounting, fraud prevention.

5. Who we share data with

We share personal data only with the following categories of recipients, strictly to deliver the service:

Sub-processor	Purpose	Location
Freemius Inc.	Payment processing, license management, tax invoicing	United States / EU
Cloudflare, Inc.	API hosting (Workers, D1, KV, CDN)	Global edge network
Hostinger International Ltd.	Marketing-site hosting	EU
OpenAI, L.L.C.	AI text generation (translations, form generation)	United States
Anthropic, PBC	AI text generation (SEO analysis, content optimization)	United States
Google LLC	OAuth for Google Sheets / Google Calendar integrations	United States / EU

All sub-processors are bound by data processing agreements. We do not sell or rent personal data to anyone, ever.

6. International data transfers

Because our sub-processors operate globally, your data may be transferred to and processed in countries outside your own, including the United States and the European Union. When we transfer personal data from the EU/UK, we rely on Standard Contractual Clauses or an equivalent lawful transfer mechanism.

7. How long we keep data

Account data — for as long as your account is active, plus 3 years after closure (for tax and dispute-resolution purposes)
Payment records — 7 years (tax and accounting obligations)
License and site verification logs — up to 2 years after the license expires
AI request metadata (credit usage) — 2 years
Support tickets — 3 years after the ticket is closed
Technical logs — up to 90 days
Integration tokens — until you disconnect the integration or close your account

You can request earlier deletion at any time (see Section 9).

8. How we protect your data

All traffic to avakode.com and api.avakode.com is encrypted with TLS 1.3
Passwords are hashed with bcrypt
Integration tokens and API keys are encrypted at rest (AES-256)
Access to production systems is limited to authorized team members
We run automated security scans and dependency updates on a regular basis

No system is 100% secure, but we take reasonable technical and organizational measures aligned with industry best practice.

9. Your rights

Regardless of where you live, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete data
Delete your data (subject to legal retention requirements — see Section 7)
Port your data in a machine-readable format
Object to processing based on legitimate interest
Withdraw consent for optional communications
Lodge a complaint with your local data protection authority

To exercise any of these rights, email support@avakode.com. We respond within 30 days.

10. Children

Forge Suite is a professional tool for building and managing websites. It is not intended for users under the age of 16. We do not knowingly collect data from anyone under 16. If you believe a minor has created an account, contact us and we will delete it.

11. Changes to this policy

We may update this policy occasionally. When we make material changes, we will notify active customers by email and post a notice on avakode.com at least 30 days before the changes take effect. The «Last updated» date at the top always reflects the most recent revision.

12. Contact

Questions about this policy, your data, or anything privacy-related:

Email: support@avakode.com
Postal: Individual Entrepreneur Darya Avakova, Parkent street 9, apt. 78, Mirzo Ulugbek district, Tashkent, Republic of Uzbekistan