2DL2DL

Privacy Policy

Last updated: 2026-01-22

This Privacy Policy describes how 2DL ("we", "us") collects, uses, and shares information when you use 2dl.app and related services.

Who this applies to

  • Sellers who create accounts and manage stores on 2dl.app.
  • Buyers who purchase products from sellers using 2DL-powered checkout and delivery.
  • Affiliates who participate in the 2DL affiliate program (for example, referral attribution).
  • WordPress site owners who install the 2 Download (2DL) plugin and connect it to 2dl.app.

What we collect

  • Seller data: account details and store/domain configuration needed to operate the service.
  • Buyer email (if provided): used to deliver receipts, access links, and support.
  • Transaction and checkout data: information about purchases and payment events (for example, checkout session status, amounts, currency, and payment event timestamps).
  • Product file metadata: file names, sizes, and storage identifiers needed to deliver digital content. (Sellers may upload files; we do not encourage uploading unnecessary personal information.)
  • IP/device and request logs (if collected): used for security, abuse prevention, and reliability.
  • Webhook and audit logs: records of payment events and system actions for debugging, dispute handling, and reconciliation.
  • Affiliate attribution data: referral codes, attribution events, and aggregated reporting needed to operate the affiliate program.

Cookies and similar technologies

We use cookies or similar technologies primarily to maintain secure sessions (for example, keeping sellers signed in). We may also use standard logs and security signals to protect the service.

We may also collect and store marketing attribution data, such as referral sources and campaign identifiers included in URLs (for example, UTM parameters). We may store this attribution data using cookies, local storage, or similar technologies so we can associate visits and actions with earlier campaigns or referrals. This may include affiliate referral codes (for example, an affiliate_code parameter).

How we use information

  • Provide checkout, entitlement, license, and download experiences.
  • Prevent fraud/abuse and secure multi-tenant access.
  • Customer support and incident investigation.
  • Compliance and accounting needs related to payments.

External services and processors

We use third-party service providers to operate 2DL. Depending on your use of the service, your data may be processed by:

  • Stripe (payment processing and payment event webhooks).
  • Supabase (hosted Postgres database infrastructure).
  • Cloudflare R2 (object storage for digital product files and related assets).
  • Vercel (application hosting and delivery).

WordPress plugin data flows

If you use the 2 Download (2DL) WordPress plugin, the plugin may send data from your WordPress site to 2DL hosted services (2dl.app) to create hosted checkout sessions and to look up receipts/licenses. The plugin may transmit a store API key for server-to-server authentication (admin/server calls only). Payments are processed by Stripe on hosted checkout, not by your WordPress site.

Data retention

We retain data only as long as needed to provide the service, meet legal/accounting requirements, and support security and dispute resolution. Retention periods may vary by data type.

  • Request logs (security/diagnostics): typically 14–30 days.
  • Webhook event payloads (support/replay): typically 30–90 days.
  • Webhook processing status/errors (support/audit): typically 90–180 days.
  • Orders and entitlements (accounting/support): retained as required for the business and applicable laws (often years).
  • Financial and transaction records (accounting/compliance): typically retained for at least 7 years (or longer where required).

Security

We use administrative, technical, and physical safeguards designed to protect information. No method of transmission or storage is 100% secure.

Sharing

We may share information with service providers used to operate 2DL (for example, payment processors and infrastructure providers). We do not sell personal information.

Your choices and rights

Depending on where you live, you may have rights to access, correct, or delete certain personal information, and to object to or restrict certain processing. You can also request account deletion.

US residents (including certain US states such as California) may have additional rights, including the right to appeal certain decisions and to opt out of certain types of processing. We do not sell personal information.

California privacy rights

If you are a California resident, you may have rights to: (a) know what personal information we collect, use, disclose, and share; (b) request deletion of certain personal information; (c) request correction of certain personal information; and (d) opt out of the sale or sharing of personal information (we do not sell personal information).

To exercise rights, contact 2download@2dl.app. We may need to verify your request.

International transfers

If you access 2DL from outside the United States, your information may be processed in the United States or other locations where we or our service providers operate.

Children

2DL is not intended for children under 13, and we do not knowingly collect personal information from children.

Changes

We may update this Privacy Policy from time to time. We will update the “Last updated” date when changes are posted.

Contact

For privacy questions, contact 2download@2dl.app.