Last Updated: February 14, 2026

1. General Information

Sofily Software (“we”, “us”), operated by Varga Martin Zsolt, is committed to protecting your personal data. This policy explains how we collect, use, and safeguard information in accordance with the GDPR (DSGVO).

Data Controller: Varga Martin Zsolt, Hermann-Köhl-Str. 4, 89340 Leipheim, Germany

Contact: contact@sofilysoftware.com

2. Desktop Tools: Sofily Software Tools

All Sofily Software desktop tools (including, but not limited to, Sofily Content Engine, WP Image Optimizer, Pinterest Automation Tool, and any future tools released under the Sofily Software brand) share the same “Local-First” architecture and data handling principles described below.

2.1 Local Storage

All sensitive data — including API keys (e.g., for OpenAI, Replicate, BytePlus, Pinterest, or any other third-party service), WordPress credentials, and site configurations — are stored exclusively on your local machine with industry-standard encryption. They never leave your device.

2.2 Zero-Access Policy

Sofily Software has no access to your API keys, website credentials, or any locally stored configuration data. We do not store them on any server.

2.3 License Validation

Our tools connect to Lemon Squeezy solely to verify your subscription status (Art. 6(1)(b) GDPR). Only your license key is transmitted during this process.

2.4 Automatic Updates

Our tools check GitHub Releases for available updates. No personal data is transmitted during this process.

2.5 Third-Party API Usage

Depending on the tool, your content may be sent to third-party AI and cloud services (such as OpenAI, Replicate, BytePlus, Pinterest API, Google APIs, or similar providers) to perform the tool’s core functions (e.g., content generation, image processing, social media automation). These API calls are initiated directly from your device using your own API keys. Sofily Software does not act as an intermediary and has no access to the data transmitted. Please refer to each respective provider’s privacy policy for information on how they handle data.

3. Website Data Collection (sofilysoftware.com)

Our website runs on WordPress, hosted by Hostinger, and is routed through Cloudflare for performance and security.

3.1 Hosting (Hostinger)

Hostinger collects standard server logs (IP address, browser type, access time) for security and operational purposes (Art. 6(1)(f) GDPR). Logs are deleted after 30 days. More information: Hostinger Privacy Policy

3.2 CDN & Security (Cloudflare)

Our website uses Cloudflare, Inc. as a Content Delivery Network (CDN) and security provider. Cloudflare routes traffic through its global network to improve page load times and protect against DDoS attacks, bots, and other threats.

When you visit our website, your connection passes through Cloudflare’s servers. In this process, Cloudflare may collect and temporarily process your IP address, HTTP request headers (browser type, referring page), request timestamps, and page URLs visited.

Cloudflare may set the following cookies on your device: __cf_bm (bot management cookie, expires after 30 minutes) and cf_clearance (set after completing a security challenge). These are strictly necessary cookies (Art. 6(1)(f) GDPR).

Cloudflare is certified under the EU-U.S. Data Privacy Framework. More information: Cloudflare Privacy Policy

3.3 Analytics (Google Analytics 4)

We use Google Tag Manager and Google Analytics 4 (GA4) with IP anonymization. Analytics tracking is only activated after you grant consent via our cookie banner (Art. 6(1)(a) GDPR). Cookie consent is managed by the Complianz plugin — see our Cookie Policy for details. More information: Google Privacy Policy

3.4 Newsletter (MailerLite)

We use MailerLite with a double opt-in process. Your subscription is only activated after you click the confirmation link. You can unsubscribe at any time via the link in every email. Legal basis: Art. 6(1)(a) GDPR. More information: MailerLite Privacy Policy

3.5 Fonts

All fonts are self-hosted. No data is transmitted to external font providers (e.g., Google Fonts).

3.6 Cookies

Our cookie usage, categories, and consent management are handled by the Complianz plugin. For detailed information about all cookies used on our website, please refer to our Cookie Policy page (automatically generated and maintained by Complianz).

3.7 Contact Forms (Fluent Forms)

We use Fluent Forms to provide contact forms on our website. When you submit a form, the data you provide (such as your name, email address, and message) is stored in our WordPress database on our Hostinger server. This data is used solely to process and respond to your inquiry (Art. 6(1)(b) GDPR). Form submissions are retained until the inquiry is resolved, after which they are deleted unless longer retention is required for legal purposes.

3.8 Spam Protection (Google reCAPTCHA)

Our website uses Google reCAPTCHA v3 to protect forms and login pages from spam and automated abuse. When you interact with a form or page protected by reCAPTCHA, Google may collect and process your IP address, browser and device information, and duration spent on the page.

This data is transmitted to Google servers in the United States for analysis. Legal basis: Art. 6(1)(f) GDPR. Google is certified under the EU-U.S. Data Privacy Framework. More information: Google Privacy Policy

3.9 Website Security (Solid Security)

We use Solid Security (formerly iThemes Security) to protect our website from cyberattacks and unauthorized access. This plugin may log IP addresses of visitors (particularly during login attempts), failed login attempts and lockout events, and file change detection logs. This data is processed based on our legitimate interest in maintaining website security (Art. 6(1)(f) GDPR). Security logs are retained for up to 60 days and then automatically deleted.

3.10 Caching & Performance (LiteSpeed Cache)

We use the LiteSpeed Cache plugin to improve website performance and page load times. When QUIC.cloud CDN services are used, your IP address and request data may be processed by QUIC.cloud servers. Legal basis: Art. 6(1)(f) GDPR. More information: QUIC.cloud Privacy Policy

3.11 Email Delivery (WP Mail SMTP)

We use WP Mail SMTP to ensure reliable delivery of transactional emails (such as contact form confirmations, password resets, and order notifications). Emails are sent through Hostinger’s SMTP servers. Only the email recipient’s address and email content are transmitted. No additional personal data is shared with third parties through this service. Legal basis: Art. 6(1)(f) GDPR.

3.12 Backups (UpdraftPlus)

We use UpdraftPlus to create regular backups of our website, including its database. Backups are stored on Google Drive. Since the WordPress database may contain personal data, this data is included in backups. Backups are retained for a maximum of 90 days and then automatically deleted. Legal basis: Art. 6(1)(f) GDPR. More information: Google Privacy Policy

3.13 SEO (Yoast SEO)

We use Yoast SEO to optimize our website content for search engines. Yoast SEO operates locally on our WordPress installation and does not transmit visitor data to external servers. No personal data is collected or shared through this plugin.

3.14 Code Snippets (WPCode Lite)

We use WPCode Lite to manage custom code snippets on our website. This plugin operates locally within our WordPress installation. It does not collect, transmit, or process any personal visitor data.

4. Community & Support (Discord)

We operate a Discord server for community engagement, product announcements, and customer support (including priority support for subscribers). Participation in our Discord server is voluntary.

When you join our Discord server, your interactions are governed by Discord’s Privacy Policy. We do not collect or store any additional personal data beyond what Discord provides as part of its platform (e.g., your Discord username and user ID).

If you link your Discord account to your Sofily Software subscription (e.g., for priority support access), we may store the association between your Discord user ID and your license key. This processing is based on Art. 6(1)(b) GDPR (contract performance). You may request removal of this association at any time by contacting us.

5. Payment Processing

Payments are handled by Lemon Squeezy, LLC (Merchant of Record). They process billing, handle tax compliance (incl. EU VAT), and manage subscriptions. We do not store credit card details. More information: Lemon Squeezy Privacy Policy

6. Data Retention

License/subscription data: Duration of subscription + 12 months (legal/accounting obligations).

Server logs (Hostinger): Automatically deleted after 30 days.

Cloudflare logs: Retained for up to 72 hours by Cloudflare.

Newsletter data: Retained until you unsubscribe.

Analytics data: Anonymized; retained per Google Analytics defaults (14 months).

Contact form submissions: Retained until inquiry is resolved, then deleted.

Security logs (Solid Security): Retained for up to 60 days.

Website backups (UpdraftPlus): Retained for a maximum of 90 days on Google Drive.

Discord data: Discord user ID/license key associations are retained for the duration of your subscription and deleted upon request or account termination.

7. Data Transfers

Some services process data outside the EEA:

Cloudflare, Inc.: United States (CDN & security) — EU-U.S. Data Privacy Framework certified

Lemon Squeezy, LLC: United States (payment processing) — Standard Contractual Clauses

Google LLC: United States (analytics, reCAPTCHA, backup storage) — EU-U.S. Data Privacy Framework certified

Discord, Inc.: United States (community platform) — Standard Contractual Clauses

MailerLite: European Union (newsletter) — data stays within the EEA

Where data is transferred outside the EEA, appropriate safeguards are in place (Standard Contractual Clauses and/or EU-U.S. Data Privacy Framework certification).

8. Your Rights (GDPR)

Access (Art. 15): Request a copy of your personal data.

Rectification (Art. 16): Correct inaccurate data.

Erasure (Art. 17): Request deletion of your data.

Restrict Processing (Art. 18): Limit how we process your data.

Data Portability (Art. 20): Receive your data in a machine-readable format.

Object (Art. 21): Object to processing based on legitimate interest.

Withdraw Consent (Art. 7(3)): Withdraw consent for analytics or newsletter at any time.

To exercise these rights: contact@sofilysoftware.com

You also have the right to lodge a complaint with a supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18, 91522 Ansbach, Germany