Privacy Policy – zymplio – Master your WordPress Stack

Privacy Policy (hub.zymplio.com)

Last Updated: February 2026

1. Overview of Data Protection

General Information

The following gives a simple overview of what happens to your personal information when you visit our website and use our web application. Personal information is any data with which you could be personally identified.

Data Collection on Our Website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the “Imprint” (Legal Notice) of this website.

How do we collect your data?
Some data is collected when you provide it to us (e.g., by registering, entering license keys, or creating snippets). Other data is collected automatically by our IT systems when you visit the website (e.g., technical data such as browser, operating system, or time of page request).

What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website and app features. Other data may be used to analyze how visitors use the site or is necessary to provide the agreed services (storing your licenses and snippets).

2. General Information and Mandatory Information

Data Controller

The responsible body for data processing on this website (Controller) within the meaning of the General Data Protection Regulation (GDPR) is:

Magnolia Media KG
Kendl 12, 3254 Bergland
Austria

Email: hello@zymplio.com
Web: https://zymplio.com

Duration of Storage

Unless a specific storage period has been named in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies (e.g., after you delete your account). If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, provided that we have no other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods).

Data Security and Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content.
Additionally, sensitive data within the application, specifically License Keys, are encrypted (AES-256-GCM) before being stored in our database. This ensures they are not readable in plain text in the event of a database breach.

3. Hosting and Backend Infrastructure (Supabase & Hostinger)

We use Supabase for database hosting, authentication, and API services.
Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 319000.

Server Location: We have configured Supabase to process and store data on servers located within the European Union (Frankfurt, Germany).

Supabase processes the following on our behalf:

Email addresses (for authentication)
User IDs
Content you store (Plugins, Snippets, CPT structures)

This processing is based on Art. 6 (1) (b) GDPR (performance of a contract) and our legitimate interest in a secure and efficient infrastructure (Art. 6 (1) (f) GDPR).

Web Hosting (Hostinger)
Our website is hosted by Hostinger.
Provider: Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus.
Hostinger processes technical data (e.g., IP addresses, server logs) to ensure the security, stability, and performance of our website. This processing is based on our legitimate interest (Art. 6 (1) (f) GDPR).

4. Data Processing within the Application

Registration and Login

To use Zymplio, registration is required. We store your email address and a password (as a cryptographic hash). We use this data exclusively to grant you access to your account and your stored data.

Storage of License Keys

When you save license keys in Zymplio, they are stored in our database in an encrypted format. The decryption key is derived from components that ensure only you, after a successful login, have access to the plain text.

WebP Converter (Local Processing)

Our “WebP Converter” tool operates exclusively locally in your browser. When you drag and drop images into the tool, they are not uploaded to our servers. The conversion takes place entirely on your device. No image data is transmitted to us or third parties.

Artificial Intelligence (Google Gemini)

We use interfaces provided by Google Gemini (Google DeepMind / Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to provide AI features (e.g., “CPT Generator” or “Input Parsing”).

When you use these features, the text you input (e.g., the name of a Post Type or a code snippet) is sent to Google’s API.

No Personal Data: Please do not enter personal data into the AI prompts.
Processing: Google processes this data to generate the response.

This use is based on Art. 6 (1) (b) GDPR (performance of a contract to provide the feature). Google may process data in the USA. We note that Google uses Standard Contractual Clauses (SCCs) to ensure an appropriate level of data protection.

5. Payment Processing (Stripe)

For paid memberships (Pro, Lifetime), we use the payment service provider Stripe.
Provider: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

When you make a payment, your payment data (e.g., credit card number, name) is transmitted directly to Stripe. We do not store full credit card details ourselves. We only receive a confirmation of successful payment and a customer ID (stripe_customer_id) from Stripe to manage your subscription status (Free/Pro/Lifetime) in our database.

Data transmission to Stripe is based on Art. 6 (1) (b) GDPR (processing of payments). For more details, please refer to Stripe’s privacy policy: https://stripe.com/at/privacy.

6. Your Rights (Data Subject Rights)

Under applicable legal provisions, you have the right at any time to:

Access information about your stored personal data, its origin, recipients, and the purpose of data processing (Art. 15 GDPR).
Rectification of incorrect data (Art. 16 GDPR).
Erasure of your data (Art. 17 GDPR), provided no legal retention obligations exist.
Restriction of data processing (Art. 18 GDPR).
Data Portability (Art. 20 GDPR).
Withdrawal of your consent to data processing (Art. 7 (3) GDPR).

Right to Lodge a Complaint

In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority. In Austria, the competent authority is:

Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Barichgasse 40-42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at

7. Account Deletion

You can request the deletion of your account and all associated data at any time. Please contact us at hello@zymplio.com. Upon deletion, your data will be irrevocably removed from our systems, unless tax retention periods (e.g., for invoices via Stripe) require continued storage.