Privacy Policy

Effective Date: 19 March 2026 (19/03/2026)
Last Updated: 19 March 2026 (19/03/2026)

At ProRedLine, we value your privacy. This policy explains how we collect, use, and protect your personal information.

1. Data We Collect

  • Account Information: Name, address, email, phone number (optional), IP address, and (for Business Customers) company details and VAT number.
  • Order Information: Payment details and order history (processed via WooPayments/Stripe and Klarna; ProRedLine does not store full card details).
  • Usage Data: Information on server usage, interactions with our Control Panel (Pterodactyl), and the Billing Portal (my.proredline.com).
  • Cookies: We use cookies to improve your experience and collect data on website usage for analytics and security purposes. See our Cookie Policy for full details.
  • Support-related Data:
    • Encrypted login data submitted voluntarily for troubleshooting.
    • Ticket metadata (timestamps, status changes, PDF downloads).
    • Satisfaction survey responses, linked to the customer’s name and support ticket for internal service quality evaluation.
  • Profile Images: You may optionally upload a profile image associated with your account.
  • Account & Login: Creating and accessing an account is only possible via my.proredline.com.
  • Marketing and Communications Data: If you subscribe to our newsletter, marketing emails, browser push notifications (where enabled), or other communications managed through Brevo, we may process the following categories of data:
    • email address;
    • first name;
    • last name;
    • phone number (if provided or synced);
    • subscription and consent status, including opt-in, double opt-in confirmation status, unsubscribe status, and communication preferences;
    • website signup source, such as newsletter forms, footer forms, article forms, registration-related opt-in fields, account-related opt-in fields, and checkout-related opt-in fields;
    • ecommerce data synced from WooCommerce, such as customer status, order data, purchased products, product names, product categories, abandoned cart data, and order values;
    • campaign engagement data, such as whether an email was delivered, opened, clicked, or unsubscribed from;
    • website interaction and analytics data, such as page visits and related event/activity data where enabled;
    • push notification identifiers and push subscription status;
    • anonymous push/contact identifiers where a push subscriber is not yet identified;
    • once a user logs in and identification becomes available, push-related data may be linked to that user’s account details, such as name and email address.

We provide our services only to customers within the European Union. Personal data may also be collected from prospective customers or subscribers who interact with our websites, forms, or communications.

2. How We Use Your Data

We use collected data for the following purposes:

  • To process and fulfill orders and payments.
  • To provide customer support via our ticket system and integrated channels (including email piping and WhatsApp support).
  • To maintain and improve our services, infrastructure, and security.
  • To comply with legal obligations (e.g., tax retention requirements).
  • To generate downloadable PDF reports of tickets (on request).
  • To store encrypted credentials for technical support and delete them after closure.
  • To assess and improve support quality via linked feedback and surveys.
  • To send opt-in newsletter emails, product updates, service news, and other marketing communications through Brevo.
  • To operate a double opt-in process for newsletter and marketing subscriptions.
  • To manage subscription preferences, profile updates, unsubscribes, and consent records.
  • To send browser push notifications where enabled and where the user has granted permission.
  • To analyze and improve our email campaigns, push campaigns, website communications, and related engagement metrics.
  • To segment audiences and personalize marketing communications based on signup source, account status, purchase history, product interest, abandoned carts, website behavior, and campaign engagement.
  • To send important manually prepared service or account-related communications through Brevo where such messages are not marketing in nature, such as important policy changes, privacy-related notices, security notices, service-impacting changes, or other essential account/service updates.

Important distinction
Automatic website, account, and order-related emails, such as password reset emails, order confirmation emails, and similar system-generated messages, are generally sent through ProRedLine’s own infrastructure and not through Brevo. Brevo is used for newsletter/marketing communications, browser push notifications, and certain manually prepared important service communications.

3. Legal Basis for Processing

We process data under the following GDPR bases:

  • Performance of a contract (Article 6(1)(b)) – providing ordered services, including important service or account-related communications necessary for the performance, management, or continuity of the service.
  • Compliance with legal obligations (Article 6(1)(c)) – e.g., bookkeeping, tax obligations, and legally required record-keeping.
  • Legitimate interests (Article 6(1)(f)) – improving services, preventing abuse, maintaining security, analyzing communications performance, and managing essential non-marketing service communications.
  • Consent (Article 6(1)(a)) – for newsletter marketing, browser push notifications where enabled, optional analytics/tracking where applicable, cookies, and related marketing preferences.

4. Data Protection

We implement firewalls, antivirus software, and secure storage to protect your data.

  • Data is retained only as long as necessary for legal and operational purposes.
  • In the event of a personal data breach, ProRedLine will assess the risk and comply with GDPR notification obligations. Where required, the competent supervisory authority will be notified without undue delay and, where feasible, within 72 hours of becoming aware. Where the breach is likely to result in a high risk to individuals, affected individuals will be informed without undue delay.
  • Separation of duties: only authorized staff access customer data.
  • Encrypted Credentials Storage:
    • Credentials shared through the ticket system are encrypted before storage and can only be accessed by authorized personnel. They are used exclusively for resolving the related ticket and are purged after resolution or cancellation of said ticket.

5. Data Retention Periods

We retain your data for the following periods:

  • Inactive accounts: Retained for 12 months.
  • Pending orders: Retained for 7 days.
  • Failed orders: Retained for 7 days.
  • Cancelled orders: Retained for 60 days.
  • Completed orders: Retained for 7 years (legal obligation).
  • Stripe data: Retained for 7 years (legal obligation).
  • Personal support ticket details: Retained for 12 months.
  • Deleted support tickets: Retained for 30 days.
  • Encrypted credentials: Retained until the ticket is marked as ‘closed’ or ‘cancelled’.
  • Satisfaction survey responses: Satisfaction survey responses are stored in connection with your name and ticket ID for a period of 12 months. After 12 months, all personal identifiers (such as name, email, and IP addresses) are removed, and the feedback is anonymized for statistical purposes.
  • Ticket PDFs (user/agent-generated): Not stored by ProRedLine. These documents are generated only upon the user’s request. If the user is unable to download the ticket summary, support agents may generate and send the PDF via email upon request. The PDF will not be stored by ProRedLine or its staff after it has been sent, unless explicit consent is provided by the customer for temporary retention (e.g., for follow-up purposes).
  • Newsletter / marketing subscribers: Retained as long as the user remains subscribed.
  • Unsubscribed email contacts: Retained as long as necessary to respect unsubscribe/suppression status and to prevent unwanted resubscription, and may also be retained where the email address remains necessary for non-marketing service communications.
  • Push subscribers linked to an account: Retained as long as the relevant account exists or until push notifications are disabled/unsubscribed.
  • Anonymous push subscribers: Retained as long as the browser/device subscription remains active or until it becomes inactive, expires, or is unsubscribed.
  • Abandoned cart and related marketing automation data: Retained for up to 12 months since the last relevant activity.
  • Campaign engagement, website visit, and related Brevo analytics/event data: Retained for up to 24 months since the last relevant interaction, unless a shorter technical retention period applies.
  • Brevo contact data used for manually prepared important service communications: Retained as long as necessary for the relevant customer relationship, support, compliance, and service communication purposes.

All data will be either deleted or anonymized once the retention period has expired.

6. Your Rights

  • Access, correct, or delete your personal data.
  • Withdraw consent for data processing at any time.
  • File a complaint with a data protection authority.

7. Sharing Data

We do not sell your data. We only share with essential processors:

  • Contabo GmbH (Germany, EU) – servers & object storage.
  • WooPayments / Stripe / Klarna – payment processors.
  • cPanel/WHM (self-hosted) – for web hosting.
  • Pterodactyl (self-hosted) – for app/game servers.
  • Wordfence Security / Really Simple Security – security and logging.
  • Google Analytics (via Site Kit), Jetpack, Google for WooCommerce – analytics.
  • WP Mail SMTP – email delivery.
  • SupportCandy – ticketing system.
  • OpenProvider – Explained in article 9 of this Privacy Policy.
  • Brevo – newsletter delivery, browser push notifications (where enabled), contact management, segmentation, automations, analytics, and certain manually prepared important service communications.

All processors are selected with appropriate data protection safeguards and, where applicable, GDPR-compliant contractual arrangements.

Where Brevo is used, ProRedLine may share contact data, consent status, communication preferences, ecommerce-related customer data, campaign engagement data, website/event analytics data, and push subscription data as necessary for newsletter delivery, push notifications, communication management, segmentation, personalization, automation, analytics, and important manually prepared service communications.

Data Processing Agreement (DPA):
If you use ProRedLine services to process personal data as a Controller (for example, by running a website with visitor data or using our email hosting), our DPA automatically applies. The current version is always available here: https://proredline.com/information/data-processing-agreement/.

We will update the list of subprocessors in this Privacy Policy; material changes will be communicated via our website or email.

Controller vs Processor

  • For ProRedLine’s webshop, billing, account administration, fraud prevention, and support operations, ProRedLine acts as Data Controller.
  • For Customer content and personal data processed through hosting/email/DNS services (e.g., website visitors, mailbox content, Customer databases, and Customer end-user data), the Customer typically acts as Data Controller and ProRedLine acts as Data Processor. In those cases, our Data Processing Agreement (DPA) applies.

8. Brevo Communications

ProRedLine uses Brevo for newsletter delivery, browser push notifications (where enabled), contact list management, segmentation, automations, analytics, and certain manually prepared important service communications.

Newsletter and marketing emails are sent only on the basis of opt-in and, where used, double opt-in confirmation. Users can unsubscribe or update their details through the relevant links in those emails or via ProRedLine Support.

Where enabled, browser push notifications are separate from email subscriptions. Push permissions are managed through the user’s browser/device settings. Push subscriptions may initially be anonymous and may later be linked to a known ProRedLine account when the user logs in.

Brevo is not generally used for automatic website/account/order emails such as password reset emails or automatic order confirmations, which are normally sent through ProRedLine’s own infrastructure.

9. Domain Registration

If you register or transfer a domain through ProRedLine, we share the necessary registration data with our domain provider(s) and, where required, the relevant registry/registrar for the purpose of fulfilling the domain registration or transfer.

The categories of data shared typically include (where applicable): full name, company name, address, email address, phone number, and Chamber of Commerce (KVK) details (for business customers).

WHOIS / Registration Data

  • Domain registration data is generally based on the billing details used during purchase (or the details required for the domain registration).
  • Where WHOIS privacy is supported, ProRedLine will generally apply privacy features for private individuals by default where feasible. Some registries/registrars may publish certain information depending on their rules and the domain extension.
  • Changes to domain registration/WHOIS details can be requested via our ticket system and may require verification.

Verification Emails
Some domain extensions and registries/registrars may require registrant email verification. It is the Customer’s responsibility to complete verification within the timeframe stated in the verification request. Failure may result in restrictions or suspension at registry/registrar level.

10. Internal ProRedLine Plugins

We use internally developed plugins within our WordPress multisite for automation and service management. These include:

  • PRL Delete Unverified Accounts: automatically deletes unverified accounts after 7 days.
  • PRL Incident/Maintenance System: manages incidents and maintenance.
  • PRL Product Configurator WooCommerce: displays product options and configurations.
  • PRL Renewal Auto-Completed: processes renewal order statuses.
  • PRL Renewal Scheduler: schedules renewal orders for subscriptions.

These plugins operate solely within ProRedLine’s systems, do not transfer data to external parties, and process only customer data already provided.

11. Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect data from children.

12. Data Access and Deletion Requests

You can request access to or deletion of your personal data at any time by opening a ticket at support.proredline.com.
Use the appropriate category:

  • Export Personal Data Request — for an overview of stored data.
  • Erase Personal Data Request — to delete your data across all ProRedLine systems (except data we are legally required to retain).

Requests are processed manually and carefully.
Once confirmed:

  • Deletion or export will begin as soon as possible
  • Requests will be completed within 30 days, unless there is an active subscription that must be concluded first

For newsletter subscriptions, subscribed users can also unsubscribe or update their contact details via the links included in newsletter emails and related subscription emails. If this does not work, ProRedLine Support can assist manually.

Where browser push notifications are enabled, users can generally unsubscribe through their browser or device settings. If the push subscription is linked to a known ProRedLine account and the user contacts support using the same email address, ProRedLine may also assist manually where possible. Anonymous push subscriptions that are not linked to an identifiable account may not always be manually removable by ProRedLine.

Where a user requests deletion of their Brevo-related marketing or push profile, ProRedLine may remove or disable those marketing/push-related data records. However, the email address itself may still be retained where necessary for important non-marketing service communications, suppression management, compliance, or where the ProRedLine account remains active. Full removal of the email address from Brevo may only take place when the related ProRedLine account is fully deleted and where no overriding legal or operational basis requires further retention.

13. International Data Transfers

Data is primarily stored in the EU (Germany). If transfers occur outside the EEA (e.g., by sub-processors like Stripe), they are secured via Standard Contractual Clauses (SCCs) or equivalent safeguards.

14. Data Analysis and Monitoring

  • We may monitor network traffic and server activities to ensure the security and integrity of our services, as well as to comply with legal obligations.
  • We monitor network traffic and server activity for: security, compliance with AUP, incident response.
  • Any personal data obtained during monitoring will be processed in accordance with applicable privacy laws and used solely for security purposes.
  • We may access and review non-sensitive service information strictly when necessary for security, troubleshooting, abuse investigation, service integrity, and performance improvements. We do not access Customer content for marketing purposes and we do not share such information outside our listed subprocessors, unless legally required.

15. Use of Our Mobile App

Our mobile app is managed by ProRedLine and provides the following features:

  • Displaying web pages
  • Local data storage via local database storage (TinyDB)
  • Push notifications (if enabled)
15a. What Data Do We Collect?

When using our app, we may process the following data:

  • Device ID (for notifications, if enabled)
  • IP address (if a web page records it)
  • User preferences (stored in TinyDB, only locally on the device)

We do not collect any personal data, unless the user manually enters it in the app or on a web page.

15b. Why Do We Collect This Data?
  • To ensure the app functions properly
  • To send notifications (if allowed)
  • To remember user preferences (via TinyDB)
15c. Permissions & User Rights

By installing and using the app, the user grants permission for the processing of this data.
Users have the right to:

  • View, correct, or delete their data
  • Withdraw consent for notifications via the app settings
15d. Use of Third-Party Services

Our app may load web pages that use third-party services (such as cookies and tracking). We recommend reading the privacy policy of these services.

15e. Data Storage & Security

All user data stored by the app remains local on the user’s device via TinyDB. We do not store any app data on external servers.

15f. How to Delete Your App Data

Users have the ability to delete their app data at any time. This can be done in two ways:

  1. Within the App
    You can delete your data by going to the app settings. Here, you will find the option to clear app data. This will remove all locally stored information, such as preferences and settings saved in TinyDB.
  2. Via Android Settings
    You can also delete the app’s data through your Android device’s settings. To do this:
    – Go to Settings on your device
    – Tap on Apps or App Management
    – Find and select the “ProRedLine” app
    – Tap Storage
    – Choose Clear Data or Clear Storage to remove all data associated with the app

This does not affect data stored on ProRedLine systems such as account details, which can be erased through a support request as described in section 12.

16. Changes to the Privacy Policy

ProRedLine reserves the right to modify this Privacy Policy at any time. Changes will be communicated via our website and, where appropriate, via email or other service-related communication channels. Where required, we will inform users before new processing activities take effect.

For questions or concerns about this policy, contact us at info@proredline.com.