aaThemes
Legal

Privacy Policy

Effective date: May 1, 2026. This is the plain-language version of how aThemes collects, uses, and protects your personal information.

Scope. This Privacy Policy explains how aThemes ("we," "us," "our") collects, uses, shares, and protects personal information when you visit athemes.com, create an aThemes account, purchase a product, or otherwise interact with our services. It also describes your privacy rights under California's CCPA/CPRA, the EU/UK GDPR, and other applicable privacy laws.

1. Information we collect

We collect personal information you provide directly to us (account name, email address, billing information, support ticket contents, newsletter subscriptions), information collected automatically when you use our site (IP address, browser and device info, cookies, page-view data), and information from third-party services we integrate with (payment processors, analytics providers, anti-fraud providers).

2. How we use information

We use personal information to: (a) deliver and support our products; (b) process payments and renewals; (c) communicate about your account, support tickets, and product updates; (d) operate, secure, and improve our website; (e) send marketing communications where you've opted in or where permitted by law; and (f) comply with legal obligations.

3. Cookies and tracking

We use first-party cookies for essential site functions (login, cart) and analytics cookies to measure aggregate usage. Where required by law, we present a cookie consent banner and honor your choices, including recognized opt-out preference signals (Global Privacy Control / Universal Opt-Out Mechanism) where applicable.

4. Sharing of information

We do not sell personal information for monetary consideration. We share personal information with service providers acting on our behalf (payment processors, hosting providers, email delivery, analytics, customer support tools), with affiliates and partners where you've engaged them through our services, and as required by law or to protect rights and safety. All service providers are contractually limited to using personal information only for the services they provide to us.

5. International transfers

aThemes operates internationally. Personal information may be transferred to and processed in countries other than the country in which it was originally collected, including the United States and the European Economic Area. Where we transfer personal data of EEA, UK, or Swiss residents internationally, we rely on appropriate safeguards including the Standard Contractual Clauses.

6. Data retention

We retain personal information for as long as needed to provide our services, comply with legal obligations, resolve disputes, and enforce agreements. We delete or anonymize personal information when it's no longer needed.

7. Security

We use reasonable administrative, technical, and physical safeguards to protect personal information. No system is 100% secure, but we work continuously to maintain industry-standard practices including encryption in transit, access controls, and regular security review.

8. Your rights

Depending on where you live, you may have rights including the right to access, correct, delete, and obtain a portable copy of your personal information; the right to opt out of certain processing such as targeted advertising; and the right to lodge a complaint with a supervisory authority.

  • California residents (CCPA/CPRA): You have the right to know, delete, correct, limit use of sensitive information, and opt out of "sale" or "sharing" of personal information. We do not sell personal information for monetary consideration. To exercise your rights, email privacy@athemes.com.
  • EU/UK/EEA residents (GDPR/UK GDPR): You have rights of access, rectification, erasure, restriction, portability, objection, and not to be subject to solely automated decisions. To exercise your rights, email privacy@athemes.com.
  • Other US state residents (Colorado, Virginia, Connecticut, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, New Jersey, Delaware, Minnesota, Maryland, Kentucky, Nebraska, New Hampshire, Rhode Island, and others as comprehensive privacy laws come into effect): You have rights including access, correction, deletion, portability, and opt-out of targeted advertising and certain profiling. To exercise your rights, email privacy@athemes.com.

9. Children's privacy

Our services are not directed to children under 13 (or 16 in the EU/UK), and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We'll post the updated version here with a new effective date and, for material changes, will provide a more prominent notice (such as email to registered users).

11. Contact us

For privacy questions or to exercise your rights, contact privacy@athemes.com. For general support, use the support page.

Note. This page describes the general framework. Specific implementation details, retention periods, and the list of third-party processors are maintained in our internal privacy documentation and available on request via privacy@athemes.com. For state-specific rights and how to invoke them, see Section 8.