Punapai
Privacy Policy
Last updated: 13 March 2026

1. What This Policy Covers

This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it when you use Punapai ("Service"). We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

GOBYTE SOFTWARE LTD, registered in England and Wales, is the data controller responsible for your data.

2. What Data We Collect

We collect only what we need to run the Service:

  • Account details: your name, email address, and password (stored encrypted — we never see your actual password). If you sign in with Google, we receive your name, email address, and profile photo from Google
  • Payment information: if you subscribe to a paid plan, our payment processor (Stripe) collects your payment method, billing address, and transaction details. We do not store your full card number — Stripe handles this securely on our behalf
  • Content you create: landing pages, text, images, and other content you build with Punapai
  • Usage information: which features you use and how you interact with the Service
  • Analytics data: we collect anonymous visitor statistics for your landing pages, including page views, referrers, and browser information. Retention periods vary by plan
  • Technical information: your IP address, browser type, device, and operating system — collected automatically when you visit
  • Visitor data from your landing pages: if you enable email collection or contact forms on your pages (available on paid plans), we store the submissions on your behalf

3. Why We Collect Your Data

We use your data for these purposes:

  • To run the Service: log you in, save your work, and display your landing pages
  • To improve Punapai: understand how the Service is used so we can make it better
  • To keep things secure: detect and prevent fraud, abuse, and technical issues
  • To communicate with you: send important account updates and respond to your questions

4. Our Legal Basis (UK GDPR)

Under UK GDPR, we must have a lawful reason to process your data. Ours are:

  • Contract: we need your data to provide the Service you signed up for
  • Legitimate interests: to improve the Service, ensure security, and prevent fraud
  • Consent: for optional things like marketing emails (you can opt out at any time)
  • Legal obligation: when the law requires us to process or retain data

5. Who We Share Your Data With

We never sell your personal data. We only share it with:

  • Stripe: our payment processor, which handles billing and payment method storage
  • Google: if you choose to sign in with Google, we exchange authentication data with Google's OAuth service
  • Service providers: companies that help us run Punapai (hosting, email delivery) — they only access data needed to do their job
  • Law enforcement: only when legally required

6. Your Role as a Data Controller

When you use Punapai to collect personal data from visitors to your landing pages (for example, through email collection forms or contact forms), you act as the data controller for that visitor data. We act as a data processor on your behalf — we store and manage the data, but you decide what to collect and how to use it.

As a data controller, you are responsible for:

  • Ensuring you have a lawful basis (such as consent) to collect personal data from your visitors
  • Providing your visitors with appropriate privacy information about how their data will be used
  • Complying with all applicable data protection laws, including UK GDPR, regarding the data you collect
  • Responding to data subject requests from your visitors (access, deletion, etc.)

We will assist you in meeting your data protection obligations where reasonably possible. If you require a formal Data Processing Agreement (DPA), please contact us at stefanos@gobyte.software.

7. International Transfers

If your data is transferred outside the UK (for example, to cloud servers), we make sure it is protected using Standard Contractual Clauses approved by the ICO.

8. How Long We Keep Your Data

Your account data: we keep it for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are legally required to keep it longer.

Analytics data: visitor analytics for your landing pages are retained based on your plan — 7 days on Free, 90 days on Pro, and 1 year on Business and Enterprise. After the retention period, analytics data is automatically pruned.

Visitor data collected through your landing pages: email addresses and contact form submissions collected from your visitors are stored on our servers for as long as the associated project exists. For free accounts, collected data is deleted when the project expires (30 days after publishing). It is your responsibility to export any collected data before expiration.

Payment data: Stripe retains payment and transaction records in accordance with their own privacy policy and applicable financial regulations.

Expired project data: when a free plan project expires, all associated data — including landing page content, uploaded assets (images, files), collected email addresses, and contact form submissions — is permanently deleted.

9. Your Rights

You have the following rights over your data under UK GDPR:

  • See your data: request a copy of the personal data we hold about you
  • Fix your data: ask us to correct anything that is wrong
  • Delete your data: ask us to erase your personal data
  • Limit processing: ask us to temporarily stop using your data
  • Take your data: receive your data in a portable format
  • Object: tell us to stop processing your data for a specific purpose
  • Withdraw consent: if you previously gave consent, you can take it back at any time

To exercise any of these rights, email us at stefanos@gobyte.software.

10. Cookies

We use essential cookies to keep you logged in and the Service working. We may also use analytics cookies to understand usage patterns. You can control cookies through your browser settings.

11. How We Protect Your Data

We use industry-standard security measures to protect your data, including encryption, secure servers, and access controls. No system is 100% secure, but we take reasonable steps to keep your information safe.

12. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you by email or through the Service.

13. Complaints

If you are not happy with how we handle your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.

14. Get in Touch

For any privacy questions, email us at stefanos@gobyte.software.

GOBYTE SOFTWARE LTD, registered in England and Wales.

Back to registration
Back to home