Permisoft · Ceerf LLC
Privacy Policy
How Permisoft Collects, Uses, and Protects Your Personal Information
Last updated: June 11, 2026
This Privacy Policy describes how Ceerf LLC, doing business as Permisoft ("Ceerf LLC," "we," "us," or "our"), collects, uses, discloses, and protects personal information when you visit our website, create an account, purchase software, activate licenses, contact support, or otherwise interact with our marketplace and related services (collectively, the "Service"). We are committed to transparency and to handling your information responsibly. A central commitment of this policy: we do not sell your personal information. We do not sell personal data to data brokers, advertisers, or list renters. We do not monetize your identity by trading contact details for payment. Read this policy together with our Data Handling Policy, which provides additional operational detail about marketplace-specific practices.
1. Scope and Data Controller
This Privacy Policy applies to personal information processed by Ceerf LLC in connection with Permisoft as a marketplace for buyers and publishers. It does not govern third-party websites, publisher software that runs on your device, or services that link from our pages unless we expressly state otherwise.
For purposes of applicable data protection laws, Ceerf LLC acts as the controller of personal information described in this policy, except where we process information solely on behalf of publishers under separate written agreements, in which case roles are defined in those agreements and on relevant product pages.
If you have questions about this policy or wish to exercise privacy rights, contact us at support@ceerf.com.
2. We Do Not Sell Personal Data
Ceerf LLC does not sell, rent, or trade your personal information to third parties for their independent marketing or profiling purposes. We do not participate in data broker marketplaces. We do not exchange your email address, purchase history, or device signals for cash or other consideration.
When we share information, we do so with service providers and subprocessors that help us operate Permisoft—for example, payment processing, cloud hosting, email delivery, fraud prevention, and customer support tooling—under contracts that restrict their use of your data to providing services to us.
We may use aggregated or de-identified information that cannot reasonably be linked to you for analytics, product improvement, and security reporting. Aggregated data is not personal information and is not sold as personal profiles.
- No sale of personal data to advertisers for targeted advertising based on your Permisoft activity.
- No rental of customer lists to unrelated third parties.
- No exchange of personal data for cross-context behavioral advertising profiles.
- We do not use ad networks that sell individual-level audience segments derived from your purchases on Permisoft.
3. Categories of Personal Information We Collect
The information we collect depends on how you interact with the Service. We collect only what is reasonably necessary to operate the marketplace, fulfill purchases, prevent fraud, comply with law, and provide support.
- Account information: name, email address, username, password hash, authentication tokens, account preferences, and communication settings.
- Purchase and billing information: order history, product titles, prices paid, currency, billing address where provided, partial payment method metadata from Stripe (such as card brand and last four digits), tax identifiers where required, and invoices.
- License and activation information: license keys issued to you, activation timestamps, seat counts, hashed device identifiers, installation fingerprints, deactivation events, and entitlement status.
- Device and technical information: IP address, browser type, operating system, device type, language settings, referral URLs, and log data generated when you access the Service.
- Support and communications: messages you send to support, attachments you provide, survey responses, and records of our replies.
- Security and fraud signals: risk scores, velocity checks, dispute indicators, and records of policy enforcement actions tied to your account where applicable.
- Cookies and similar technologies: session cookies, preference cookies, and analytics cookies as described in Section 14.
4. Sources of Information
We collect personal information directly from you when you register, checkout, activate software, update your profile, or contact us.
We also receive information from payment processors such as Stripe regarding transaction authorization, refunds, and chargebacks; from authentication providers if you choose social or single sign-on options when available; and from publishers only to the extent necessary to validate licenses or respond to support escalations you initiate.
We generate certain technical information automatically through server logs, application events, and security monitoring systems.
5. How and Why We Use Personal Information
We use personal information for legitimate business purposes connected to operating Permisoft. We do not use your purchase history to build advertising profiles for unrelated third-party ad networks.
- Providing the Service: creating accounts, displaying your library, delivering downloads, issuing license keys, and enabling activation.
- Processing transactions: calculating totals, collecting payments through Stripe, issuing receipts, and remitting publisher payouts subject to our ${PLATFORM_FEE_PERCENT}% platform fee structure.
- License enforcement: verifying seat limits, preventing key sharing abuse, and protecting publishers from fraudulent activations.
- Customer support: responding to inquiries, troubleshooting access issues, and mediating platform-related purchase disputes.
- Security and fraud prevention: detecting stolen cards, abusive refunds, credential stuffing, and marketplace manipulation.
- Legal compliance: tax, accounting, sanctions screening, responding to lawful requests, and enforcing our Terms of Service.
- Product improvement: understanding feature usage through aggregated analytics and diagnosing reliability issues.
- Communications: sending transactional emails about orders, security alerts, and policy updates; marketing emails only where permitted and with opt-out choices.
6. Legal Bases for Processing
Where the General Data Protection Regulation (GDPR) or similar laws require a legal basis, we rely on one or more of the following, depending on context: performance of a contract with you; compliance with legal obligations; legitimate interests that are not overridden by your rights; and consent where required, such as for certain optional cookies or marketing communications.
Our legitimate interests include operating a secure marketplace, preventing fraud, improving the Service, and communicating important non-marketing updates. We balance these interests against your privacy rights and implement safeguards such as data minimization and access controls.
You may withdraw consent where processing is consent-based without affecting the lawfulness of processing before withdrawal.
8. Data Retention
We retain personal information only as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law.
Account information is retained while your account is active and for a reasonable period afterward to resolve disputes, enforce terms, and meet legal obligations. Purchase records may be retained for tax and accounting periods required by applicable law. License activation logs may be retained to demonstrate entitlement history and prevent abuse.
When information is no longer needed, we delete, anonymize, or aggregate it in accordance with our retention schedules and technical capabilities.
- Support tickets may be retained to improve service quality and train staff on resolved issues.
- Security logs may be retained for a defined period to investigate incidents.
- Backup systems may retain deleted data for a limited window before overwrite.
9. Security Measures
We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure. Measures include encryption in transit, access controls, least-privilege administrative access, monitoring, and vendor security reviews.
No method of transmission or storage is completely secure. While we work diligently to protect your information, we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and promptly reporting suspected compromise.
If we become aware of a data breach affecting your personal information where notification is required by law, we will provide notice consistent with our Data Handling Policy and applicable regulations.
10. Your Privacy Rights and Choices
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, and to receive a portable copy of information you provided.
To submit a request, email support@ceerf.com with sufficient detail to verify your identity. We may request additional information to prevent fraudulent requests. We respond within timeframes required by applicable law.
You may update account details through your profile settings where available. You may opt out of marketing emails using unsubscribe links. Transactional messages related to purchases and security may still be sent.
- Access: request confirmation of processing and a copy of personal information we hold about you.
- Correction: request correction of inaccurate information.
- Deletion: request deletion where we have no overriding legal basis to retain data.
- Restriction: request limited processing in certain circumstances.
- Objection: object to processing based on legitimate interests where applicable.
- Portability: receive certain data in a structured, commonly used format where technically feasible.
11. California and U.S. State Privacy Rights
Residents of California and certain other U.S. states may have additional rights under state privacy laws, including rights to know categories of information collected, purposes of use, categories of recipients, and rights to delete and correct personal information.
We do not sell personal information as defined under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not share personal information for cross-context behavioral advertising in exchange for monetary or other valuable consideration.
We will not discriminate against you for exercising privacy rights. Authorized agents may submit requests on your behalf with proof of authorization as required by law.
California residents may contact support@ceerf.com for rights requests. We will describe our practices regarding sensitive personal information collection and use upon request where applicable.
12. European Economic Area and United Kingdom Rights
If you are located in the European Economic Area or the United Kingdom, you may have rights under the GDPR or UK GDPR, including those listed in Section 10. You also have the right to lodge a complaint with your local supervisory authority.
Where we transfer personal information outside your country, we implement appropriate safeguards such as standard contractual clauses or equivalent mechanisms permitted by law.
Our legal bases for processing are described in Section 6. Where we rely on legitimate interests, you may object as described in Section 10.
We do not sell personal data. We do not profile you in a manner that produces legal or similarly significant effects solely through automated processing without human involvement where prohibited by law.
13. Children's Privacy
Permisoft is not directed to children under thirteen (13) years of age, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact support@ceerf.com and we will take steps to delete it promptly.
Individuals between 13 and the age of majority may use the Service only with parental or guardian consent where required by law.
14. International Data Transfers
Ceerf LLC is based in the United States. If you access the Service from outside the United States, your information may be processed in the United States and other countries where we or our subprocessors operate.
Those countries may have data protection laws different from those in your jurisdiction. We implement safeguards designed to ensure an adequate level of protection for transferred data, including contractual commitments with subprocessors.
Contact support@ceerf.com for more information about transfer mechanisms relevant to your location.
16. Automated Decision-Making and Profiling
We may use automated systems to assess fraud risk, prevent abusive transactions, and protect license keys. These systems may consider factors such as payment velocity, geographic signals, and activation patterns.
Automated decisions may result in declined transactions, additional verification steps, or temporary account restrictions. You may contact support@ceerf.com to request human review of significant platform access decisions where required by applicable law.
We do not engage in profiling that produces legal or similarly significant effects concerning you without appropriate safeguards where such profiling is restricted by law.
17. Changes to This Policy and Contact Information
We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or business operations. We will post the updated policy with a revised "Last updated" date and provide additional notice for material changes where required.
Your continued use of the Service after an update constitutes acknowledgment of the revised policy, subject to applicable law.
For privacy questions, rights requests, or concerns about our no-sale commitment, contact support@ceerf.com. For general support, contact support@ceerf.com. For legal notices, contact support@ceerf.com.
- We will never sell your personal data—this commitment survives policy updates unless we provide prominent, lawful notice and choice where a change is permitted.
- Material changes affecting publishers are tracked separately in publisher legal versioning.
- You may request a plain-language summary of how your data is used for a specific purchase.
This Privacy Policy is provided by Ceerf LLC d/b/a Permisoft. We do not sell your personal information.