Live demoFeaturesReviewsPricingContact
Drapeau anglais langue

Try for free

icon arrow forward
icon menu
Live demoFeaturesCustomer reviewRatesGet help

Try for free

icon arrow forward
Drapeau anglais langue

Privacy Policy

Theme FullStack Ltd— June 2026 Version

This Privacy Policy describes how Theme FullStack Ltd collects, uses and protects the personal data of users of its website, of FullStack Hub and of its services, in accordance with Regulation (EU) 2016/679 (GDPR) and the Maltese Data Protection Act.

1. Data controller

The controller of personal data is:

Theme FullStack Ltd: 203 Triq Tal-Franciz, Apartment 2, IS-SWIEQI, SWQ 2132, Malta

Registration: Malta — No. C114160

Contact: contact@themefullstack.com

For any question regarding your personal data or the exercise of your rights, you may write to contact@themefullstack.com.

2. Personal data collected

Depending on your use of our services, we may collect the following categories of data:

  • Identity and contact: first name, last name, email address, phone number, country.
  • Billing data: billing address, VAT number, payment information and history (banking data is processed by Stripe and never stored by us).
  • Account and licence data: FullStack Hub credentials, Shopify store admin URL, data related to the licence and its activation.
  • Support data: exchanges with customer support, screenshots or information you provide in that context.
  • Usage and browsing data: audience measurement, navigation, session and consent data, where the relevant trackers are accepted.
  • Affiliate data: information needed to manage the affiliate programme, where applicable.

3. Purposes and legal bases for processing

Managing orders, payments and invoicing: Performance of the contract (art. 6(1)(b))

Managing the account, FullStack Hub and the licence manager: Performance of the contract (art. 6(1)(b))

Verifying and managing licences; fraud and piracy prevention: Legitimate interest (art. 6(1)(f))

Managing customer support: Performance of the contract / legitimate interest

Sending emails related to the purchase and customer relationship: Performance of the contract / legitimate interest

Sending marketing communications: Consent (art. 6(1)(a)) or legitimate interest, as applicable

Managing the affiliate program: Performance of the contract

Complying with legal, accounting and tax obligations: Legal obligation (art. 6(1)(c))

Audience measurement, analytics, session replay, advertising and retargeting: Consent (art. 6(1)(a))

Handling data subject requests: Legal obligation

4. Recipients and processors

Data is accessible to authorised staff within Theme FullStack Ltd, within the limits of their duties. It may be shared with the providers and processors involved in operating the service, in particular:

Stripe: Payments, invoicing, subscription management

Supabase: Database (accounts, licences) — hosting of FullStack Hub

Vercel: Application hosting of FullStack Hub

Webflow: Hosting of the website themefullstack.com

Shopify: Platform on which the Theme is installed by the Customer

Brevo: Email sending (transactional and marketing)

Google (Workspace / Gmail): Business email

PostHog: Audience measurement and navigation analysis

Tracklution: Conversion tracking

Google Ads / Meta Ads: Advertising and retargeting

n8n: Internal automations

Billing data may also be accessible to Theme FullStack Ltd's accountants in Malta.

FullStack Hub is Theme FullStack Ltd's proprietary platform; it relies technically on Supabase and Vercel, listed above.

Data is never sold to third parties.

5. Hosting

  • The website themefullstack.com is hosted by Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103, USA).
  • The FullStack Hub platform (app.themefullstack.com) is hosted by Vercel Inc. (USA) and Supabase (database).

6. Transfers of data outside the European Union

Some providers (in particular Stripe, Vercel, Webflow, Google, Meta) are located outside the European Union or may transfer certain data there. In such cases, Theme FullStack Ltd ensures that these transfers are governed in accordance with the applicable regulations, in particular on the basis of an adequacy decision of the European Commission (for example the EU-US Data Privacy Framework) or appropriate safeguards such as Standard Contractual Clauses (SCCs).

7. Retention periods

Data is kept for as long as necessary for the purposes pursued, then deleted or anonymised. The periods applied, aligned with the longest legal obligations where they exist, are as follows:

  • Billing, accounting and tax data: 10 years, in accordance with Maltese legal obligations to keep accounting records (the legal period prevails over any other).
  • Account, licence and support data: for the duration of the contractual relationship, then until the expiry of the applicable limitation period (for evidentiary purposes), unless a longer legal retention obligation applies.
  • Data of prospects and persons without an active contractual relationship: up to 3 years from the last contact.
  • Data from consent-based trackers: in accordance with the settings of the relevant tool and your choices, not exceeding the periods recommended by the competent authorities.

8. Security

Theme FullStack Ltd implements appropriate technical and organisational measures to protect personal data against loss, unauthorised access, disclosure or alteration. Payment data is processed exclusively by Stripe, PCI-DSS Level 1 certified, and is never stored by Theme FullStack Ltd.

9. Your rights

In accordance with the GDPR, you have, as applicable, the following rights:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object;
  • right to data portability;
  • right to withdraw your consent at any time, where processing is based on it;
  • right to give directions regarding the fate of your data after your death.

You may exercise these rights by writing to contact@themefullstack.com. A response will be provided within the time limits set by the regulations.

You also have the right to lodge a complaint with a supervisory authority:

  • Malta: Information and Data Protection Commissioner (IDPC) — idpc.org.mt
  • France: Commission Nationale de l'Informatique et des Libertés (CNIL) — cnil.fr
  • or the supervisory authority of your country of residence.

10. Cookies and trackers

The website uses cookies and other trackers. Some are strictly necessary for the website to function; others are only placed or read with your consent, where required. Consent management is handled via Axeptio.

The trackers used may enable, in particular: audience measurement, navigation analysis, session replay and heatmaps, advertising and retargeting, and conversion tracking with consent management.

You may change your choices at any time via the cookie management module available on the website.

11. Amendments to this policy

Theme FullStack Ltd may amend this Privacy Policy to reflect changes in its services or in the regulations. The applicable version is the one published on the website at the date you consult it. In the event of a substantial amendment, information will be provided by appropriate means.

12. Contact

For any question regarding this Privacy Policy or your personal data: contact@themefullstack.com.

© 2026 Theme FullStack Ltd. — Privacy Policy  — June 2026

203 Triq Tal-Franciz, Apartment 2, IS-SWIEQI, SWQ 2132, Malta