Privacy Policy
Last updated June 14nd, 2025
Visualsofjulius OY (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use the “CarouselCutter” Photoshop UXP Panel Plugin (the “Plugin”)
By using the Service, you explicitly consent to the collection and processing of your data in accordance with this Privacy Policy. Users must agree to this Privacy Policy and the Terms & Conditions before using the Service.
If you do not agree with the terms of this Privacy Policy, please do not use the Service.
Data Controller
- Company Name: Visualsofjulius OY
- Email: contact@jumicreative.com
We are committed to protecting your privacy and handling your personal data in a transparent and secure manner, in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.
1. Who We Are
VisualsofJulius OY
Email: [contact@jumicreative.com
Website: [www.jumicreative.com]
We act as the Data Controller for the personal data processed in connection with the Carousel Cutter Plugin.
2. Data We Collect and Why We Collect It (Purpose and Legal Basis)
We act as the Data Controller for the personal data processed in connection with the Carousel Cutter Plugin.
2. Data We Collect and Why We Collect It (Purpose and Legal Basis)
We collect and process personal data for the following purposes and under the following legal bases:
| Type of Data Collected | Source | Purpose of Collection | Legal Basis for Processing (GDPR Article 6) | Retention Period |
| Hashed Machine ID (SHA-256 hash) | Plugin (generated locally and sent to Firebase) | To uniquely identify your machine for: Managing license activations. Associating a machine with an IP-based trial session. Revoking license activations. | Contractual Necessity: Necessary for the performance of the contract to provide the Plugin’s functionality. Legitimate Interest: Preventing fraud and ensuring compliance with licensing terms. | For licensed users: As long as your license is active and potentially for a period thereafter (e.g., 2 years). For trial users: As long as the trial session for your IP address is active, and potentially for a period (e.g., 6 months) thereafter to prevent abuse. |
| IP Address | Plugin API request (sent to Firebase) | To manage trial usage and prevent fraud: We associate a limited number of trial slots with a single IP address to prevent abuse of the free trial from a shared network. We log the IP address upon license activation and revocation for security and support purposes. | Legitimate Interest: To prevent fraud and ensure the integrity and security of our licensing and trial system. This is necessary to offer a free trial sustainably. | Stored as part of a trial session record until the session is replaced or for a period (e.g., 6 months) to prevent abuse. Stored as part of a license activation record for the duration of the license. |
| Consent Records(Terms Accepted status, Version, and Timestamp) | User input in Plugin (checkbox) | To record and demonstrate that you have given explicit consent to our Privacy Policy and Terms & Conditions, as required by law. | Legal Obligation (GDPR Art. 7): We are legally required to be able to demonstrate that consent was obtained.Consent (GDPR Art. 6(1)(a)). | For as long as we process your other personal data, and for a period thereafter to comply with legal statutes of limitation regarding proof of consent. |
| Trial Session Data(Usage counter, last used timestamp, linked to IP address and Hashed Machine ID) | Firebase (created/updated on Plugin use) | To track the number of free uses available to a specific IP address and manage the trial period for machines associated with that IP. | Legitimate Interest: Necessary for providing the freemium trial service and preventing abuse of the system. | For the duration of the trial period for an IP address, and potentially for a period (e.g., 6 months) thereafter to prevent abuse of new trials. Old trial data may be overwritten by new machine IDs on the same IP. |
| License Key | User input in Plugin; Stored locally in Photoshop’s localStorage; Stored on Firebase. | To verify your Plugin license status with our server and enable full functionality. Used for activation and deactivation. | Contractual Necessity: Necessary for the performance of the contract to provide you with the licensed software service. | As long as your license is active and potentially for a period thereafter (e.g., 2 years) for record-keeping and customer support. |
| Email Address | Collected during purchase via Stripe. Stored on Firebase. | To deliver your license key after purchase. For customer support related to your license. | Contractual Necessity: Necessary for the performance of the contract (delivery of digital product). | For the duration of your license and potentially for a period thereafter (e.g., 5-7 years) to meet legal and accounting obligations. |
| Purchase Date & Stripe Session ID | Collected during purchase via Stripe. Stored on Firebase. | To record proof of purchase and link your license key to your transaction for support and accounting purposes. | Contractual Necessity: Necessary for the performance of the contract. Legal Obligation: To comply with tax and accounting laws in Finland. | For the duration of your license and potentially for a period thereafter (e.g., 5-7 years) to meet legal and accounting obligations. |
| Activation Records(Timestamps and IP Address, linked to Hashed Machine ID) | Firebase (recorded during activation/deactivation) | To record when and from where (IP address) a license was activated/deactivated on a specific machine for security and support. | Contractual Necessity: Necessary for managing license terms. Legitimate Interest: Security and fraud prevention. | As long as the license is active and potentially for a period thereafter (e.g., 2 years) for record-keeping. |
| Last Active Tab (UI preference) | Plugin (stored locally in Photoshop’s localStorage) | To remember your last active tab within the Plugin UI for convenience. | Legitimate Interest: To enhance user experience. | Until cleared from your local storage or Plugin reinstallation. |
| Technical Log Data (e.g., IP address, request timestamps from standard server logs) | Firebase Cloud Functions (standard server logs) | For debugging, security monitoring, and performance analysis of our backend services. This is separate from the IP address stored for trial/license logic. | Legitimate Interest: To ensure the security, stability, and performance of our services. | Typically retained for a short period (e.g., 30-90 days) unless required for longer due to security incidents or legal obligations. |
Important Note on Machine ID: The Plugin generates a unique, persistent identifier (Machine ID) for your machine, stored on your local file system. A SHA-256 hash of this Machine ID is sent to our backend. While the hash is a one-way cryptographic representation, it is a persistent identifier of your device and, when linked with other data like your IP address or purchase details, is considered personal data under GDPR.
Important Note on IP Addresses and Trial Management: To prevent abuse of our free trial, we associate a limited number of trial “slots” (currently 2) with your public IP address. When you use the Plugin for the first time on a trial basis, your machine’s Hashed ID occupies one of these slots. This means that if you are on a shared network (like an office, school, or public Wi-Fi), the trial may be unavailable if other users on the same network have already used the available slots. We use this mechanism based on our legitimate interest to protect our service from fraud and ensure we can continue offering a free trial.
Important Note on Payment Information: We use Stripe for processing payments. When you make a purchase, your payment card details and billing information are collected and processed directly by Stripe. We do not store your full payment card details on our servers. We only receive confirmation of your payment and limited transaction details (like your email address and Stripe Session ID) for order fulfillment and record-keeping. Stripe’s Privacy Policy governs its use of your payment data.
3. How We Store and Protect Your Data
Your personal data is stored on Firebase Realtime Database, which is part of Google Cloud Platform. Google Cloud adheres to strict security standards and offers robust data protection measures.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Data Hashing: Your Machine ID is hashed before being sent to our server.
Access Control: Access to our Firebase database is restricted to authorized personnel only.
Secure Communication: All communication between your Plugin and our Firebase backend uses encrypted channels (HTTPS/SSL).
Firebase Security Rules: We use Firebase’s built-in security rules to control read and write access to your data.
While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure.
4. Data Sharing and Recipients
We do not sell, rent, or trade your personal data to third parties. We share your data only with the following service providers who act as our data processors:
Google Firebase (Google Cloud Platform): For backend services, database storage, and Cloud Functions.
Google GMail (via Nodemailer): For sending transactional emails (your license key).
Stripe Inc.: For payment processing. Stripe acts as a separate data controller for the payment data it processes.
We have entered into Data Processing Agreements (DPAs) or rely on other valid data transfer mechanisms like Standard Contractual Clauses (SCCs) with these service providers to ensure your data is handled in compliance with GDPR.
5. International Data Transfers
Our service providers (Google and Stripe) operate globally. When your data is processed by these services, it may be transferred to and stored in countries outside the European Union/European Economic Area (EU/EEA), such as the United States.
We ensure that such transfers are carried out in compliance with GDPR by relying on adequacy decisions from the European Commission where applicable, or by implementing appropriate safeguards such as Standard Contractual Clauses (SCCs) as approved by the European Commission.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the duration of your use of the Plugin, for the validity of your license, and to comply with our legal obligations.
License & Purchase Data: Retained for the duration of your license and for a period thereafter (up to 7 years) to comply with legal, tax, and accounting obligations in Finland.
Trial Session Data: Retained for the duration of the trial on a specific IP and for a limited period (e.g., 6 months) thereafter to prevent abuse. Old trial data may be overwritten by new users on the same IP.
Consent Records: Retained for as long as we process your data to demonstrate a valid legal basis, and for a period thereafter as required by law.
Technical Logs: Retained for a short period (e.g., 30-90 days) for security and operational purposes.
After the retention period, your personal data will be securely deleted or anonymized.
7. Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Information (Article 13 & 14): To be informed about the collection and use of your personal data.
Right of Access (Article 15): To request a copy of the personal data we hold about you.
Right to Rectification (Article 16): To request correction of inaccurate personal data.
Right to Erasure (“Right to be Forgotten”) (Article 17): To request that we delete your personal data, subject to our legal and contractual obligations to retain certain information.
Right to Restriction of Processing (Article 18): To request that we restrict the processing of your personal data under certain conditions.
Right to Data Portability (Article 20): To receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object (Article 21): To object to processing based on our legitimate interests.
Right to Lodge a Complaint (Article 77): To lodge a complaint with a supervisory authority. The relevant authority in Finland is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).
To exercise any of these rights, please contact us at contact@jumicreative.com. We will respond to your request within one month.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the “Last Updated” date. We encourage you to review this Privacy Policy periodically.
9. Contact Us
📧 For any questions regarding this Privacy Policy, contact us at:
contact@jumicreative.com
