Frolax Logo
Frolax
Legal · Privacy

Privacy Policy

Last updated: May 2, 2026

This Privacy Policy explains what personal information Frolax collects when you visit frolax.agency or buy one of our digital products or services, how we use it, and the choices you have. We aim to collect only what we need to deliver your purchase, support you, and run our business responsibly.

1. Who is responsible for your data

The data controller for personal information processed through frolax.agency is Frolax, contactable at:

Frolax
Bonding Touch, House #03, Road #01, Nazrul Chattar, Mulatol Pakar Matha, Rangpur 5400, Bangladesh
hello@frolax.agency

2. Information we collect

Information you give us. When you check out, we ask for your full name, email address, and billing details so we can deliver your product, issue a receipt, and meet our tax and accounting obligations. Payment card details (card number, expiry, CVC) are entered directly into our payment partners' forms; we never see or store full card data.

Information from custom or agency engagements. If you engage us for custom work, we collect any information you choose to share for the project — for example, brand assets, design references, account credentials you provide for setup, or feedback on deliverables.

Information from support requests. When you email us, we keep the messages, attachments, and order details needed to help you and to maintain a record of the support we provided.

Information collected automatically. When you visit the site, our hosting provider records standard server logs (IP address, user agent, timestamps, requested URLs). This is used for security, diagnostics, and to keep the site online. We do not currently use website analytics. If we add a privacy-friendly analytics tool in the future, we will update this page first.

3. How we use your information

  • To process your order and deliver the product, license key, or service you bought.
  • To send transactional emails such as receipts, license-key delivery, and product update notices.
  • To respond to your support questions and manage custom or agency engagements.
  • To detect, prevent, and address fraud, abuse, and security incidents.
  • To comply with our legal obligations, including tax, accounting, and record-keeping requirements.

We do not use your personal information for advertising, and we do not build behavioral profiles of you.

4. Legal bases (for users in the EEA and UK)

Where the GDPR or UK GDPR applies, we rely on the following legal bases to process your data:

  • Contract — to deliver the product or service you bought and to provide related support.
  • Legitimate interests — to keep the site secure, prevent fraud, improve our products, and run our business in a sustainable way. We balance these interests against your rights.
  • Legal obligation — to retain tax, accounting, and payment records as required by law.
  • Consent — where we ask for it, for example before turning on optional cookies or analytics in the future. You can withdraw consent at any time.

5. Sharing your information

We share personal information only with service providers and partners that help us run Frolax. The current ones are:

  • Stripe — to process card payments. Stripe receives your name, email, billing details, and payment information directly from your browser. When you pay through Stripe, the charge may appear on your statement under a different legal name than "Frolax".
  • Paddle — to process payments where Paddle acts as the merchant of record and the seller to you. Paddle handles billing, tax calculation, invoicing, and receipts under its own privacy policy.
  • Mailgun — to deliver transactional emails such as receipts, license keys, and support replies.
  • DigitalOcean — to host the website and store server logs.

We may add or change service providers from time to time. Where the change is material, we will update this page. We do not sell your personal information, and we do not share it with third parties for their own marketing.

We may also disclose information where required by law, to enforce our Terms, or to protect the rights, safety, or property of Frolax, our customers, or the public.

6. Cookies

We use a small number of strictly necessary cookies (for example, the CSRF token that protects checkout). For details, see our Cookie Policy.

7. International transfers

Frolax is based in Bangladesh, and our service providers may process your data in other countries, including the United States and the European Union. Where data is transferred from the EEA or UK to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission's standard contractual clauses or equivalent mechanisms offered by our service providers.

8. How long we keep your information

  • Order and tax records — six years from the date of the order, to meet tax and accounting requirements.
  • Customer-support emails — three years from the last contact, so we can help with follow-up issues and warranty-style claims.
  • Custom and agency project files — for the duration of the engagement and up to three years after delivery, then deleted on request unless we are required to keep them longer.
  • Server logs — up to 30 days, then deleted or anonymized.

Where the law requires longer retention, we will keep records for that longer period.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise any of these rights, email hello@frolax.agency from the address you used at checkout, or include enough information for us to locate your records. We will respond within the timeframes required by applicable law. You also have the right to lodge a complaint with your local data-protection authority.

10. Children

Frolax is not directed at children under 18, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Security

We use HTTPS for all traffic, rely on Stripe and Paddle (PCI DSS Level 1 providers) for payment processing, and apply reasonable technical and organizational measures to protect your data. No system is perfectly secure, and we cannot guarantee absolute security, but we take protection seriously and respond promptly to any incident.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above shows when the latest version took effect. Material changes will be highlighted on this page.

13. Contact

For questions or requests about your personal data, email hello@frolax.agency.

Questions? Email hello@frolax.agency.