Privacy Policy

Last updated July 5, 2026
On this page

This Privacy Policy explains how ThemeCloset collects, uses, shares, and protects personal information when you use our website builder, hosting, theme marketplace, store tools, and related services (the "Service"). By using the Service, you acknowledge the practices described here.

1. Who We Are

ThemeCloset (테마클로젯) is a sole proprietorship registered in the Republic of Korea (Business Registration Number 211-17-08110). For personal data about your ThemeCloset account, we act as the data controller. Contact us any time at privacy@themecloset.com.

2. Information We Collect

A. Information you provide

  • Account & profile. Name or nickname, email address, password (stored only as a secure hash), and profile image.
  • Billing. If you buy a paid plan, our payment processors collect your billing details. We do not store full card numbers on our servers.
  • Seller & payout information. If you run a store, information needed to connect your payment provider and manage orders.
  • Your content. The text, images, files, products, and data you upload to build and run your sites.
  • Support & communications. Messages you send us, including support tickets and waitlist or contact-form submissions.

B. Information collected automatically

  • Device & log data. IP address, browser and device type, operating system, referring URLs, and error/crash logs.
  • Usage data. Pages viewed, features used, and interactions with the dashboard and builder.
  • Cookies & similar technologies. Used to keep you signed in, remember preferences, and understand usage (see Cookies).

C. Information from third parties

  • Sign-in providers. If you sign in with Google, we receive basic profile information from that provider.
  • Payment processors. Transaction status and limited billing metadata needed to manage your plan or store.

3. Data From Sites & Stores You Run

When you build a site or store on ThemeCloset, you may collect personal data from your visitors and customers — for example names, email addresses, orders, and form submissions. For that data, you are the controller and we are your processor: we host and process it on your behalf to provide the Service, and you are responsible for having a lawful basis, your own privacy notice, and appropriate consents. You must not use the Service to collect sensitive data unlawfully or to send unsolicited messages.

Store payments. When your customers pay you, the transaction is processed by the third-party payment provider you connect (such as Stripe, PayPal, or Paddle) under your own account with them, and their handling of payment and card data is governed by their privacy policies. ThemeCloset does not receive, hold, or store your customers' full payment-card details, and is not the payment processor for your store.

4. How We Use Information

We use personal data to:

  • Provide and maintain the Service — create your account, host your sites, and power the builder, stores, and memberships.
  • Process payments and manage subscriptions, invoices, and payouts through our processors.
  • Improve and personalize the Service — analyze usage, fix bugs, and develop features.
  • Communicate with you — transactional emails (password resets, billing, security), service updates, and support replies.
  • Keep the platform safe — detect fraud and abuse, enforce our Terms, and moderate content, including automated scanning of uploads (using services such as OpenAI) to detect illegal or prohibited material.

Where the GDPR or similar laws apply, we rely on these legal bases: performance of our contract with you, our legitimate interests in operating and securing the Service, your consent (for example for optional marketing), and compliance with legal obligations.

5. Cookies & Tracking

We use a small number of cookies and similar technologies, grouped as:

  • Essential — authentication and session cookies required for the Service to work. These can't be switched off.
  • Preferences — remember choices like your selected site or interface settings.
  • Analytics — help us understand aggregate usage so we can improve performance.

You can control cookies through your browser, though disabling essential cookies will break core functionality.

6. How We Share Information

We do not sell your personal data. We share it only as needed:

  • Service providers (sub-processors). Trusted vendors that host and operate the Service under confidentiality obligations (see Sub-processors).
  • Payment providers. To process platform or store payments.
  • Legal & safety. When required by law, legal process, or governmental request, or to protect the rights, property, or safety of ThemeCloset, our users, or the public.
  • Business transfers. If we are involved in a merger, acquisition, or asset sale, your data may transfer as part of that transaction; we will notify you of any change in control.

7. Sub-processors

We rely on reputable providers to run the Service, which may include: cloud hosting and infrastructure (e.g. DigitalOcean), content delivery and security (e.g. Cloudflare), object storage for media, payment processing (e.g. Stripe, PayPal, Paddle, Polar), email delivery, and automated content moderation (e.g. OpenAI). These providers process data only to provide services to us and are bound by appropriate data-protection terms.

8. Your Rights & Choices

Depending on where you live (for example under the GDPR or California's CCPA/CPRA), you may have the right to:

  • Access & portability — request a copy of the personal data we hold about you.
  • Correction — fix inaccurate information, much of it directly in your account settings.
  • Deletion — request deletion of your account and associated personal data from your dashboard.
  • Object or restrict — object to or limit certain processing, and withdraw consent where processing is based on consent.
  • Opt out of marketing — unsubscribe from promotional email via the link in any such message. You'll still receive essential transactional emails.

To exercise these rights, use your dashboard or contact privacy@themecloset.com. We will not discriminate against you for exercising them. If a request concerns data held on behalf of a store or site operator, we will refer you to that operator as the controller.

9. Marketing & Waitlist

We send promotional messages only where permitted. If you join a waitlist or opt in to updates, we use double opt-in where required and you can unsubscribe at any time.

10. Data Retention

We keep personal data and User Content for as long as your account is active or as needed to provide the Service. When you delete your account, we remove your data from our active systems, though limited copies may persist in secure backups for a short period for disaster recovery and legal compliance before being overwritten.

11. International Data Transfers

We operate globally, and your data may be processed in countries other than where you live, including the Republic of Korea, the United States, and wherever our providers operate. Where required, we use appropriate safeguards for such transfers.

12. Security

We use technical and organizational measures — including encryption in transit, hashed passwords, access controls, and monitoring — to protect personal data. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security, but we work continuously to protect your information.

13. Children's Privacy

The Service is not directed to anyone under 18, and we do not knowingly collect personal data from children. If we learn we have, we will delete it.

14. Session Tracking & Abuse Prevention

To keep the Service stable and prevent abuse (such as automated scraping or anomalous request patterns), we may use short-lived session tracking.

  • Temporary identifiers. We may use cookieless hashing or temporary session storage to generate non-persistent, short-lived identifiers during an active session.
  • Purpose. Strictly to count consecutive page views, enforce rate limits, and detect suspicious behavior — not to build marketing profiles.
  • Privacy protection. These identifiers are not used to track you across third-party sites and expire or are irreversibly discarded when the session ends or shortly after.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or the law. We'll post the updated policy here and revise the "Last updated" date, and we'll provide additional notice of material changes where appropriate.

16. Contact Us

Questions or requests about your privacy? Email privacy@themecloset.com or reach us through your ThemeCloset dashboard.