Privacy Policy

We respect your privacy and are committed to protecting it through our compliance with this privacy policy ("Policy"). This Policy describes the types of information we may collect from you or that you may provide ("Personal Information") on the websites operated by Rockweed Labs, including but not limited to rockweed.rocks, voidpress.space, voiddocs.space, voiddesk.space, social.rockweed.rocks, and marketplace.rockweed.rocks (collectively, "Website") and any of its related products and services (collectively, "Services"), and our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.

This Policy is a legally binding agreement between you ("User", "you" or "your") and Crater Crash Studios, LLC, doing business as Rockweed Labs ("Rockweed Labs", "we", "us" or "our"). If you are entering into this agreement on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this agreement, in which case the terms "User", "you" or "your" shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this agreement, you must not accept this agreement and may not access and use the Website and Services. By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

In this privacy policy, if a term is not defined, it should be interpreted with the same meaning as it has in the Terms and Conditions.

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services and submitting your information, you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Website and Services.

2.1. Information You Provide: We collect information that you voluntarily provide to us when you:

• Create an account or purchase products
• Subscribe to our newsletter or communications
• Contact us for support or inquiries
• Download open source products or purchase premium plugins

This information may include your name, email address, billing information (processed securely through our payment provider), and any other information you choose to provide.

2.2. Automatically Collected Information: When you visit the Website, certain information is automatically collected through Cloudflare's network and Plausible Analytics:

Technical Information (via Cloudflare): Our website is served through Cloudflare's content delivery network for performance and security. Cloudflare may automatically collect technical information such as your IP address, browser type and version, operating system, and request data for security and performance purposes. This information is used to protect against malicious activity and ensure website availability. Learn more at cloudflare.com/privacypolicy.

Usage Analytics (via Plausible): We use Plausible Analytics, a privacy-friendly analytics service that does not use cookies and does not collect personally identifiable information. Plausible collects aggregated, anonymous data about page views, referrers, and general usage patterns to help us understand how our website is used. No personal data is collected or stored. Learn more at plausible.io/privacy.

Information collected automatically is used only to identify potential cases of abuse, establish statistical information regarding website usage and traffic, improve our services, and ensure website security. This information is not aggregated in a way that would identify any particular User.

We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through the Website and Services. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through the Website and Services, please contact us to request that we delete that child's Personal Information from our Services.

We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Website and Services without their permission. We also ask that all parents and legal guardians overseeing the care of children take the necessary precautions to ensure that their children are instructed to never give out Personal Information when online without their permission.

The Website and Services may contain links to other websites, applications, or resources (such as GitHub repositories, documentation, partner sites, or third-party tools). We are not responsible for the privacy practices or content of these external resources. We do not assume any responsibility or liability for the actions, products, services, or content of any third parties.

We encourage you to review the privacy policies of any external websites or services you visit through links on our Website. These third-party sites may have different privacy practices and security measures than ours. Your use of external resources is at your own risk.

We use the information we collect for the following purposes:

5.1. Service Delivery and Operations

• Deliver products, services, and premium plugins you purchase
• Process and fulfill orders
• Manage your account and licenses
• Provide customer support and respond to inquiries
• Send transactional emails (order confirmations, license keys, password resets)

5.2. Improvement and Development

• Improve our products and services
• Understand how users interact with our Website and Services
• Develop new features and products
• Conduct research and analysis

5.3. Communication

• Send product updates and announcements (if you've opted in)
• Share newsletters and educational content (with your consent)
• Request feedback about our products
• Notify you of changes to our Terms or policies

5.4. Security and Legal Compliance

• Protect against fraud, abuse, and malicious activity
• Enforce our Terms and Conditions
• Comply with legal obligations
• Respond to legal requests and prevent harm
• Ensure website security and availability

5.5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal bases for processing your Personal Information include:

• Consent: You have given clear consent for us to process your Personal Information for a specific purpose (e.g., marketing emails)
• Contract: Processing is necessary to fulfill a contract with you (e.g., delivering purchased products)
• Legal Obligation: Processing is necessary to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our services, preventing fraud) and does not override your rights

You have the right to withdraw consent at any time where we rely on consent as the legal basis for processing. You also have the right to object to processing based on legitimate interests.

5.6. Marketing Communications

If you subscribe to our newsletter or opt in to marketing communications, we will send you updates about our products, new releases, and relevant content. You can unsubscribe at any time by clicking the unsubscribe link in any email or by contacting us.

5.7. Data Controller and Processor Roles

Crater Crash Studios, LLC d/b/a Rockweed Labs acts as the data controller for Personal Information collected through the Website and Services. When you use our open source or premium products on your own infrastructure, you are the data controller of any data processed by those products, and Rockweed Labs has no access to or control over that data.

We do not sell, trade, or rent your Personal Information to third parties. We only share your information in the following limited circumstances:

6.1. Service Providers

We share information with trusted third-party service providers who help us operate our business and deliver services to you. These providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize:

• Paddle: Payment processing for premium plugin purchases. Paddle acts as merchant of record and handles all payment data securely. See Paddle's Privacy Policy.
• MailPace: Transactional email delivery (order confirmations, password resets, support responses). MailPace only processes emails we send on your behalf.
• Cloudflare: Content delivery, security, and DDoS protection. Cloudflare processes technical data as described in Section 2. See Cloudflare's Privacy Policy.
• Plausible Analytics: Privacy-friendly website analytics. Plausible collects only aggregated, anonymous data. See Plausible's Privacy Policy.

Service Providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements.

6.2. Legal Requirements

We may disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g., a court, government agency, or law enforcement). We will disclose information when we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation (subpoena, court order, etc.)
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public
• Protect against legal liability

6.3. Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your Personal Information may be transferred to the acquiring entity. We will provide notice before your Personal Information is transferred and becomes subject to a different privacy policy.

6.4. With Your Consent

We may share your information for any other purpose with your explicit consent.

We retain your Personal Information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1. Retention Periods

• Account Information: Retained while your account is active and for a reasonable period afterward to comply with legal obligations and resolve disputes
• Purchase Records: Retained for accounting and tax purposes as required by law (typically 7 years)
• Support Communications: Retained for as long as necessary to provide ongoing support and improve our services
• Marketing Communications: Retained until you unsubscribe or request deletion
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for statistical purposes

7.2. Deletion of Data

When Personal Information is no longer needed, we will securely delete or anonymize it. You can request deletion of your account and Personal Information at any time by contacting us. Please note that we may need to retain certain information to comply with legal obligations or resolve disputes.

Once Personal Information is deleted, your rights to access, rectification, erasure, and data portability can no longer be exercised for that data.

Rockweed Labs is based in North Carolina, United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located.

8.1. For Users in the European Economic Area (EEA)

If you are located in the EEA, your Personal Information may be transferred to countries outside the EEA, including the United States, which may have different data protection laws. We take steps to ensure your information receives an adequate level of protection:

• We rely on service providers who participate in recognized data transfer frameworks (e.g., EU-U.S. Data Privacy Framework) or who have implemented appropriate safeguards
• We use standard contractual clauses approved by the European Commission where applicable
• We process data only as necessary to provide our services to you

You have the right to obtain information about the safeguards we use for international data transfers. Please contact us for more information.

8.2. Your Consent

By using our Website and Services, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

Depending on where you are located, you may have certain rights regarding your Personal Information. We are committed to respecting these rights and making it easy for you to exercise them.

9.1. Rights for All Users

Regardless of your location, you have the following rights:

• Access: Request a copy of the Personal Information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your Personal Information (subject to legal obligations)
• Opt-Out: Unsubscribe from marketing emails at any time
• Account Closure: Close your account and request deletion of associated data

To exercise any of these rights, please contact us (see Section 19 for contact information). We will respond to your request within 30 days.

9.2. Additional Rights for EEA and UK Residents (GDPR/UK DPA)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK Data Protection Act:

• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to Restriction: Request that we temporarily suspend processing of your Personal Information in certain circumstances
• Right to Data Portability: Receive your Personal Information in a structured, machine-readable format and transfer it to another service provider
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (note: this does not affect the lawfulness of processing before withdrawal)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

9.3. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. All decisions regarding your account, purchases, or use of our services involve human review.

9.4. How to Exercise Your Rights

To exercise any of these rights:

1. Contact us with your request (see Section 19 for contact information)
2. Include your name, email address, and specific right you wish to exercise
3. We may ask you to verify your identity before processing your request
4. We will respond within 30 days (or as required by applicable law)

You will not be charged a fee for exercising your rights unless your request is clearly unfounded, repetitive, or excessive. In such cases, we may charge a reasonable fee or refuse to comply with the request.

9.5. Limitations on Your Rights

In some cases, we may not be able to fully comply with your request due to:

• Legal or regulatory obligations that require us to retain certain information
• Ongoing legal proceedings or investigations
• Legitimate business purposes (e.g., fraud prevention, security)
• Technical limitations

If we cannot fulfill your request, we will explain why, subject to legal restrictions.

9.6. Filing a Complaint

If you are not satisfied with how we handle your Personal Information or respond to your requests, you have the right to file a complaint with the appropriate data protection authority:

• EEA Residents: Contact your local supervisory authority
• UK Residents: Contact the Information Commissioner's Office (ICO)

We encourage you to contact us first so we can try to resolve your concerns directly.

If you are a California resident, you have specific rights regarding your Personal Information under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

10.1. Right to Know

You have the right to request that we disclose the following information about our collection and use of your Personal Information over the past 12 months:

• Categories of Personal Information we have collected about you
• Categories of sources from which the information was collected
• Our business or commercial purpose for collecting your information
• Categories of third parties with whom we share your information
• Specific pieces of Personal Information we have collected about you

10.2. Right to Delete

You have the right to request that we delete the Personal Information we have collected from you, subject to certain legal exceptions (such as completing transactions, security purposes, or complying with legal obligations).

10.3. Right to Correct

You have the right to request that we correct any inaccurate Personal Information we maintain about you.

10.4. Right to Opt-Out of Sale or Sharing

Important: We do not sell your Personal Information. We do not share your Personal Information with third parties for cross-context behavioral advertising or profiling purposes. Therefore, there is no need to opt-out of such activities.

10.5. Right to Limit Use of Sensitive Personal Information

We do not collect or use sensitive Personal Information beyond what is necessary to provide our services. If this changes, we will update this policy and provide appropriate opt-out mechanisms.

10.6. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will receive the same level of service whether or not you exercise your privacy rights.

10.7. Authorized Agents

You may designate an authorized agent to make requests on your behalf. To do so, you must provide written authorization or a power of attorney. We may require verification of both your identity and the agent's authority.

10.8. How to Exercise Your Rights

To exercise any of these rights:

1. Contact us (see Section 19 for contact information)
2. Include your name, email address, and California residency confirmation
3. Specify which right you wish to exercise
4. We will verify your identity before processing your request
5. We will respond within 45 days (or as required by law)

10.9. Verification Process

To protect your privacy and security, we will verify your identity before fulfilling your request. We may ask for information such as your name, email address, and previous interactions with our services. We will only use the information you provide for verification purposes.

If we cannot verify your identity, we cannot fulfill your request.

10.10. "Shine the Light" Law

California's "Shine the Light" law permits California residents to request information about our disclosure of Personal Information to third parties for direct marketing purposes. We do not share Personal Information with third parties for their direct marketing purposes.

If you are a resident of certain U.S. states, you may have additional privacy rights under state law.

11.1. Nevada Residents

We do not sell your covered information as defined under Nevada law (Chapter 603A of the Nevada Revised Statutes). If our practices change, Nevada residents will have the right to opt-out of such sales.

11.2. Virginia, Colorado, and Connecticut Residents

If you are a resident of Virginia, Colorado, or Connecticut, you have the following additional rights under your state's comprehensive privacy law:

• Right to Appeal: If we deny your privacy rights request, you have the right to appeal that decision. We will provide instructions on how to submit an appeal if your request is denied.
• Right to Opt-Out of Targeted Advertising: We do not engage in targeted advertising. If our practices change, we will provide an opt-out mechanism.
• Right to Opt-Out of Profiling: We do not use profiling to make decisions that produce legal or similarly significant effects. If our practices change, we will provide an opt-out mechanism.

11.3. Other States

As additional states enact comprehensive privacy laws, we will update this policy to reflect your rights under those laws.

11.4. How to Exercise State-Specific Rights

To exercise any state-specific privacy rights, please contact us with:

• Your name and email address
• Your state of residence
• The specific right you wish to exercise
• Any additional information needed to verify your identity

12.1. What Are Cookies?

Cookies are small text files that are placed on your device by websites you visit. They are widely used to make websites work more efficiently and provide information to website owners.

12.2. Our Use of Cookies

We use minimal cookies for essential website functionality only. We do not use tracking cookies, advertising cookies, or third-party cookies for analytics.

Essential Cookies: We use strictly necessary cookies to:

• Remember your login session when you're signed in
• Store your preferences and settings
• Ensure website security
• Enable basic website functionality

12.3. Analytics Without Cookies

We use Plausible Analytics, which does not use cookies or collect personal data. All analytics data is aggregated and anonymous. This means we can understand how our website is used without tracking individual users.

12.4. Managing Cookies

Most web browsers allow you to control cookies through their settings. You can:

• View and delete existing cookies
• Block all cookies
• Block third-party cookies
• Clear all cookies when you close your browser

Please note that disabling essential cookies may affect your ability to use certain features of our Website, such as staying logged in to your account.

For more detailed information about cookies and how we use them, please see our Cookie Policy.

Some web browsers have a "Do Not Track" (DNT) feature that lets you tell websites you do not want to have your online activities tracked. Because we do not use tracking cookies or engage in cross-site tracking, DNT signals do not affect our practices. We respect your privacy regardless of DNT settings.

14.1. Newsletter and Updates

We offer email newsletters and product updates that you may voluntarily subscribe to. We are committed to keeping your email address confidential and will not share it with third parties except as described in this Privacy Policy or as necessary to send emails through our email service provider (MailPace).

14.2. Types of Emails We Send

• Transactional Emails: Order confirmations, license keys, password resets, account notifications (you cannot opt-out of these as they are necessary for the service)
• Marketing Emails: Product updates, new releases, newsletters, special offers (you can opt-out at any time)

14.3. Unsubscribing

You may opt-out of marketing emails at any time by:

• Clicking the "unsubscribe" link at the bottom of any marketing email
• Contacting us (see Section 19 for contact information)
• Updating your email preferences in your account settings

In compliance with the CAN-SPAM Act, all emails sent by us will clearly identify the sender and provide clear instructions on how to unsubscribe.

Our Website may include links to our social media profiles or share buttons for platforms like GitHub, Twitter/X, Mastodon, or other services. When you interact with these features:

• You may be redirected to the third-party platform
• The third-party platform may collect information about your visit
• Your interactions are governed by that platform's privacy policy, not ours

We do not control and are not responsible for the privacy practices of third-party social media platforms. Please review their privacy policies before using these features.

16.1. Our Security Measures

We take the security of your Personal Information seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption: All data transmitted to and from our Website is encrypted using HTTPS/TLS
• Secure Payment Processing: Payment information is processed securely through Paddle, our payment processor. We do not store credit card information on our servers
• Access Controls: Access to Personal Information is restricted to authorized personnel only
• Regular Security Updates: We keep our systems and software up to date with security patches
• Cloudflare Protection: Our website is protected by Cloudflare's security features, including DDoS protection

16.2. Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials. Please use a strong, unique password and do not share your login information with others.

16.3. Limitations

While we strive to protect your Personal Information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You acknowledge that:

• There are inherent security and privacy limitations of the Internet beyond our control
• The security and privacy of information transmitted over the Internet cannot be guaranteed
• Any information transmitted to us is at your own risk

In the unlikely event of a data breach that affects your Personal Information, we will:

1. Investigate the breach and assess the risk to affected users
2. Take immediate steps to contain and remediate the breach
3. Notify affected users without undue delay if there is a risk of harm
4. Notify appropriate authorities as required by law
5. Provide information about the breach and steps you can take to protect yourself

Notification will be provided via email to the address associated with your account and/or by posting a notice on our Website.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the bottom of this page
• Post the revised Privacy Policy on our Website
• Notify you via email for material changes that affect your rights

Your continued use of the Website and Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

If we make material changes to how we use Personal Information collected from you previously, we will obtain your consent before implementing such changes.

If you have any questions, concerns, or complaints regarding this Privacy Policy, please contact us:

Rockweed Labs
Email: [email protected]
Compliance: [email protected]
Website: https://rockweed.rocks

Legal Entity:
Crater Crash Studios, LLC
Doing Business As: Rockweed Labs
State: North Carolina, United States

Last Updated: January 28, 2026