Permisoft · Ceerf LLC

Data Handling Policy

How We Handle Your Data on the Permisoft Marketplace

Last updated: June 11, 2026

This Data Handling Policy explains, in practical and transparent terms, how Ceerf LLC, doing business as Permisoft ("we," "us," or "our"), collects, uses, stores, shares, and protects information when you buy software, activate licenses, or use our marketplace. It supplements our Privacy Policy and is written for customers and publishers who want operational clarity—not legalese alone. Our foundational promise: we never sell or rent your personal data, and we do not permit ad networks to monetize individual profiles derived from your activity on Permisoft.

1. Introduction and Purpose

Software marketplaces handle sensitive data: payment details, download history, license keys, and device signals used to prevent piracy. You deserve to know exactly what we do with that information and what we refuse to do.

This policy focuses on marketplace-specific handling practices—purchase records, activation telemetry, publisher visibility, fraud prevention, analytics, and deletion. For formal legal definitions and jurisdiction-specific rights, also read our Privacy Policy.

Questions about this policy may be sent to support@ceerf.com.

2. We Never Sell or Rent Personal Data

Ceerf LLC does not sell, rent, lease, or trade personal data to data brokers, advertisers, list providers, or unrelated third parties. We do not receive payment in exchange for disclosing your name, email, purchase history, or activation records.

We do not operate a "data products" business alongside the marketplace. Revenue from Permisoft comes from software sales and our 5% platform fee on publisher transactions—not from monetizing buyer identities.

If a future practice materially changed this commitment, we would provide prominent notice and lawful choices before doing so. Today, selling personal data is incompatible with our business model and values.

  • No sale of email lists derived from customer accounts.
  • No disclosure of individual purchase histories to marketing data aggregators.
  • No licensing of customer profiles to unrelated analytics vendors for their independent commercial use.

3. No Ad Network Sale of Profiles

We do not integrate advertising networks that track your individual purchases on Permisoft and sell audience segments about you to third parties.

We may use privacy-respecting, aggregated analytics to understand overall marketplace performance—such as conversion rates, error rates, and popular categories—without creating sellable individual profiles.

Publishers do not receive permission through Permisoft to harvest buyer emails from our systems for unrelated advertising merely because a purchase occurred.

  • Transactional emails about your orders are not "sales" of data—they are service communications.
  • Optional product update emails from publishers, if offered, will follow explicit consent or clear opt-in mechanics where required.
  • We do not permit third-party ad pixels on checkout pages that exfiltrate cart contents to data brokers.

4. What We Do With Purchase History

When you buy software, we record the transaction so you can access your library, redownload installers, prove entitlement, receive support, meet tax obligations, and process refunds or chargeback disputes.

Purchase history includes product identifiers, amounts paid, currency, timestamps, payment status, refund status, and associated license keys. This information is stored in secured databases hosted on enterprise cloud infrastructure with role-based access controls.

We use purchase history to detect fraud patterns—such as repeated chargebacks, stolen cards, or abnormal key resale—and to comply with financial recordkeeping laws. We do not use your purchase history to label you for unrelated third-party advertising markets.

  • You can view your order history in your account library.
  • Support staff may access purchase records when you contact us about a specific order.
  • Aggregated sales metrics may be shared with publishers without revealing individual buyer identities by default.

5. Why We Collect Activation Data

Perpetual license marketplaces must balance customer convenience with publisher protection. Activation data helps ensure that a license key issued to you is used within the seat and device limits you purchased.

Activation records may include hashed device identifiers, operating system family, application version, activation and deactivation timestamps, and non-reversible fingerprints derived from hardware or installation context. We design these signals to minimize identifiability while remaining useful for enforcement.

We do not use activation data to track your behavior across unrelated websites or to build advertising profiles. Activation processing is tied to license integrity, fraud prevention, and support diagnostics you request.

  • Seat overages may trigger warnings or blocks until you deactivate another device or upgrade your license.
  • Publishers may receive activation counts and anomaly flags without receiving raw hardware serial numbers where hashing is employed.
  • You may request information about activation events associated with your account through support@ceerf.com.

6. Fraud Prevention and Abuse Detection

Marketplaces are targets for stolen payment instruments, key laundering, and refund abuse. We analyze transactional and behavioral signals to protect buyers, publishers, and Ceerf LLC.

Signals may include IP reputation, billing and shipping consistency, velocity of purchases and refunds, mismatch between account history and payment method, and activation patterns indicative of key sharing rings.

Automated risk decisions may temporarily delay fulfillment, require additional verification, or decline transactions. We retain records of fraud investigations as long as needed to defend against repeat abuse and to cooperate with payment processors and law enforcement when appropriate.

  • We may share minimal necessary data with Stripe for chargeback representment.
  • Confirmed fraud may result in account closure and license revocation where permitted by law and our Terms.
  • We do not sell fraud scores to third parties.

7. Aggregated Analytics and Product Improvement

We measure how the Service performs using aggregated, de-identified metrics. Examples include page load times, error rates, checkout completion percentages, and category-level sales trends.

Aggregated analytics do not include your name or email in reports shared internally. Engineers may examine sampled, redacted logs to diagnose bugs.

We may publish high-level marketplace statistics—such as total licenses issued or popular product categories—without identifying individual buyers.

8. What Publishers Can and Cannot See

Publishers listing software on Permisoft receive information necessary to understand sales performance and protect their software. By default, publishers do not receive buyer email addresses through Permisoft solely because you purchased their product.

Publishers typically see aggregated units sold, gross and net proceeds after platform fees, refund counts, activation totals, and fraud flags at an aggregate or pseudonymous level depending on product configuration.

If you initiate a support request that requires publisher involvement, we may share your contact details and relevant order information with the publisher to resolve the issue, or we may facilitate communication through our systems without exposing your email—depending on the support path you choose.

  • Publishers may not use Permisoft data to build independent marketing lists of buyers without appropriate consent and lawful basis.
  • Publisher access is logged and limited by role.
  • Publisher mishandling of data may trigger suspension under the Publisher Agreement.

9. Data Minimization and Purpose Limitation

We collect information adequate to operate the marketplace—not everything we could theoretically gather. Forms ask for fields needed for checkout, tax, or support. Optional fields are labeled as optional.

We avoid collecting sensitive categories of personal data unless required by law or explicitly provided by you for a defined purpose, such as VAT identification for business invoicing.

Internal access follows least privilege: employees and contractors receive access only to systems required for their role, subject to confidentiality obligations and security training.

  • We do not require unnecessary government ID for ordinary consumer purchases.
  • Debug logging in production is limited and rotated.
  • Experimental features that would expand data collection undergo privacy review before launch.

10. Security Incidents and Breach Notification

We maintain administrative, technical, and organizational safeguards designed to protect data, including encryption in transit, hardened infrastructure, monitoring, and vendor assessments.

No system is perfectly secure. If we confirm a breach of personal information that triggers notification duties under applicable law, we will notify affected individuals and regulators as required, describe what occurred in clear language, and outline remedial steps we are taking.

We encourage you to use strong passwords and report suspicious account activity promptly to support@ceerf.com.

  • Incident response procedures include containment, forensic review, and legal assessment.
  • Notifications will include types of data involved and recommended user actions where appropriate.
  • We do not conceal breaches that must be reported by law.

11. Deletion, Export, and Retention Requests

You may request deletion of personal information we hold, subject to exceptions for legal retention, open disputes, chargeback windows, tax archives, and license records needed to prevent reissuance abuse.

Account deletion requests should be sent to support@ceerf.com. We verify identity before honoring deletion. Some anonymized transactional records may persist in accounting systems as required by law.

You may request an export of information associated with your account where technically feasible. Export requests are handled within timelines required by applicable privacy laws.

  • Deleting your account may remove library access to redownload installers; retain installers locally before deletion if needed.
  • License keys already activated may remain blocked from resale to protect publishers even after account deletion.
  • We will confirm when deletion is complete or explain lawful reasons for retention.

12. Subprocessors and Infrastructure Partners

We use trusted subprocessors to operate Permisoft. Each subprocessor processes data only under our instructions and contractual data protection terms.

  • Stripe, Inc.: payment processing, refunds, fraud signals, and publisher payouts via Stripe Connect.
  • Google Cloud Platform: application hosting, databases, object storage for installers, logging, and backups.
  • Email delivery provider(s): transactional email such as receipts, password resets, and security alerts.
  • Additional vendors for error monitoring, customer support tooling, or security scanning may process limited technical data under similar restrictions.

13. Retention Schedule Overview

Retention periods balance user convenience, publisher protection, fraud prevention, and legal requirements.

  • Active account profile data: retained while the account is active.
  • Purchase and invoice records: retained for statutory accounting and tax periods.
  • License and activation logs: retained to demonstrate entitlement and prevent abuse; may persist in anonymized form after account deletion where necessary.
  • Support tickets: retained for a defined period to improve service and train staff.
  • Security logs: retained for incident investigation windows, then rotated or aggregated.

14. Your Choices and Controls

You control many aspects of how your data is used: maintain accurate profile information, opt out of non-essential marketing emails, choose whether to involve publishers in support tickets, and request access or deletion as described above.

Browser controls can limit certain cookies; however, disabling strictly necessary cookies may impair login and checkout.

If you disagree with our handling practices, you may close your account and cease using the Service, subject to retention exceptions described in this policy.

15. Contact and Policy Updates

We may update this Data Handling Policy to reflect new features, subprocessors, or legal guidance. Updates will be posted with a revised "Last updated" date.

For questions about how we handle your data, email support@ceerf.com. For security concerns, contact support@ceerf.com. For legal inquiries, contact support@ceerf.com.

Remember: we never sell or rent your personal data. That commitment is central to how Permisoft operates.

Ceerf LLC d/b/a Permisoft — transparency about data, without selling it.