Back to Home

Privacy Policy

Last Updated: January 2025

Your privacy is important to us. This policy explains how we collect, use, and protect your information when you use Cocoon.

1. Information We Collect

1.1 Account Information

  • Email address (required for account creation)
  • Password (encrypted and hashed)
  • Account type and permissions
  • Subscription status and billing information
  • Two-factor authentication settings

1.2 Usage Analytics

  • Page Views: Pages visited, time stamps, and session duration
  • Blog Engagement: Reading progress, scroll percentage, time spent on articles, completion rates
  • IP Addresses: Used for analytics, security, and generating anonymous visitor IDs
  • Device Information: Browser type, operating system, device type (mobile/desktop)
  • Referrer Information: How you arrived at our site (search engines, social media, direct links)

2. How We Use Your Information

2.1 Service Provision

  • Account creation, authentication, and management
  • Processing payments and managing subscriptions
  • Providing access to premium features
  • Enabling blog publishing and content management

2.2 Analytics and Improvement

  • Understanding user behavior and engagement patterns
  • Improving site performance and user experience
  • Measuring content effectiveness and popularity
  • Generating anonymous usage statistics

3. Data Sharing and Disclosure

3.1 Third-Party Services

We work with carefully selected third-party services to provide you with the best possible experience:

Stripe

We use Stripe for secure payment processing and subscription management. Stripe processes your payment information according to their own privacy policy and security standards. We do not store your full payment card details on our servers.

PrivateMail

We use PrivateMail as our email service provider for sending transactional emails including account verification, password resets, two-factor authentication codes, and important service notifications.

Internal Analytics

We operate our own analytics service and do not share your usage data with external analytics providers like Google Analytics. All analytics processing is handled internally on our secure servers, giving us complete control over your data privacy.

4. Data Security

4.1 Technical Safeguards

  • Password encryption using bcrypt hashing
  • JWT token authentication
  • Admin session management with expiration
  • Two-factor authentication for administrative accounts
  • SQL injection prevention through parameterized queries

4.2 Access Controls

  • Role-based permissions (admin, blog editor, affiliate, user)
  • Session-based admin access controls
  • IP address tracking for security monitoring
  • Rate limiting on sensitive operations

5. Data Retention

We believe in keeping your data only as long as necessary to provide our services and meet legal obligations.

5.1 Account Data

  • Active accounts: Your account information, blog posts, and user preferences are retained while your account remains active.
  • Deleted accounts: When you delete your account, we immediately remove all associated data. This deletion is permanent and cannot be undone.

5.2 Tracking and Analytics Data

  • Page view analytics: Anonymous page view data is automatically deleted after 60 days.
  • Affiliate tracking data: Performance data is retained indefinitely to ensure proper payment, but is anonymized.
  • Security logs: Security-related logs help us protect all users' accounts and maintain system integrity.

6. Your Rights and Choices

We believe you should have full control over your personal information. Here are the rights and options available to you:

6.1 Access and Control

  • View and update: You can access and modify your account information at any time through your account dashboard.
  • Delete your account: You have the right to permanently delete your account and all associated data.
  • Export your data: You can request a copy of your data.
  • Analytics opt-out: You can opt out by emailing azhar.dilmamode@cocoon-plugin.com with "Analytics Opt-Out Request".

7. Contact Information

If you have any questions about this privacy policy, want to exercise your privacy rights, or need assistance with your account, please contact us:

We typically respond to privacy-related inquiries within 48 hours. For complex data requests, we may need up to 7 business days to provide a complete response.