Privacy Policy

Effective date: June 16, 2026

This Privacy Policy explains how VelvetPress, operated by Zackry Langford d/b/a CloudZack ("VelvetPress", "we", "us"), collects, uses, and shares information when you use our update-distribution platform for WordPress plugins and themes (the "Service"). It applies to developers who hold a VelvetPress account and to the WordPress sites they connect to the Service.

This is a baseline policy pending final legal review. Bracketed, highlighted items are placeholders to be completed before launch.

Information we collect

We collect the following categories of information:

  • Account information. Authentication is handled by Clerk. When you sign up we receive your name, email address, and the authentication identifiers (and, where you choose social sign-in, basic profile data) needed to create and secure your account.
  • GitHub integration data. When you connect GitHub, we store the installation identifiers and repository metadata (repository names, branches, and release tags) required to package updates. We use short-lived GitHub App tokens and do not request access to repositories you have not selected.
  • Product and site data. The plugins and themes you register, their version metadata and release artifacts, the WordPress site URLs you connect, and the per-site API keys that authorize update checks.
  • Billing information. Paid plans are processed by Stripe. Stripe collects and stores your payment details; we receive only your subscription status and limited transaction metadata. We do not store full card numbers.
  • Usage and technical data. Logs, IP addresses, request metadata, and update-check activity from connected sites, which we use to operate, secure, and debug the Service.

How we use your information

  • To provide, maintain, and improve the Service, including packaging and distributing your releases.
  • To authenticate developers and authorize update checks from connected WordPress sites.
  • To process payments, manage subscriptions, and enforce plan limits.
  • To monitor, secure, and troubleshoot the Service and prevent abuse.
  • To communicate with you about your account, security, and material changes to the Service.

Cookies and authentication

We use cookies and similar technologies that are necessary to sign you in and keep your session secure. Authentication cookies are set by Clerk on our behalf. Connected WordPress sites authenticate to the Service with an API key rather than a cookie.

Third-party services

We rely on the following subprocessors to operate the Service. Each processes data only as needed to provide its function:

  • Clerk — authentication and account management.
  • GitHub — source repositories and release packaging.
  • Stripe — payment processing and subscription billing.
  • Amazon Web Services — backend hosting and storage of release artifacts.
  • Vercel — hosting for the developer dashboard.

How we share information

We do not sell your personal information. We share information only with the subprocessors listed above, when required by law or to respond to lawful requests, to protect the rights and safety of VelvetPress and its users, or in connection with a merger, acquisition, or sale of assets (subject to this Policy).

Data retention

We retain account, product, and site data for as long as your account is active and as needed to provide the Service. When you delete a product, site, or account, we delete or anonymize the associated data within a commercially reasonable period, except where we are required to retain it for legal, tax, or security purposes.

Security

We use industry-standard measures to protect your information, including encryption in transit, scoped access tokens, and per-site API keys. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your rights and choices

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, or to object to or restrict certain processing. You can manage much of your data directly in the dashboard, or contact us using the details below to exercise these rights.

International data transfers

We and our subprocessors may process your information in countries other than your own, including the United States. Where required, we rely on appropriate safeguards for such transfers. The Service is governed by the laws of the State of Michigan, United States.

Children's privacy

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from them.

Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you through the Service.

Contact us

If you have questions about this Policy or your data, contact us at support@velvetpress.co.