Flowye Licensing System — Privacy Notice
Last updated: 11 April 2026
This Privacy Notice explains how Flowye Licensing handles personal data in connection with the Flowye Licensing System plugin and related services.
Flowye Licensing is used inside the Unity Editor to verify and activate protected VRChat avatar packages. This notice covers two groups of people:
- Creators, who use Flowye Licensing as customers of the service.
- End Users / Buyers, who activate a protected avatar obtained from a Creator.
This notice should be read together with the Creator Terms of Service.
Data Controller
The Flowye Licensing System is provided by Dummics, Dominik Martignago, an individual developer based in Udine, Italy.
- Email: business@dummics.com
- Postal address: Udine, Italy
Creators remain responsible for their own storefront terms, customer support, and any personal data they process independently from Flowye Licensing.
What We Process
We try to keep data processing narrow and practical. We collect only what is needed to run the licensing system, verify access, support users, and protect the service against abuse.
Creator data
For Creators, we may process:
- contact details such as name, brand name, email address, and support contact identifiers;
- license and project references needed to identify the protected avatar or package covered by the Creator License;
- support, billing, and operational records needed to provide the service and maintain business records.
We do not store full payment card details. Payments are handled by the relevant payment or marketplace provider.
End User / Buyer data
For End Users or Buyers, we may process limited identifiers such as:
- VRChat user ID and display name;
- activation and verification records such as timestamps, avatar or license references, and success/failure state;
- processed or hashed network and device-related security signals where applicable;
- limited provider-related verification identifiers when needed to confirm activation eligibility or licensing state.
Depending on the provider integration, this may include information such as:
- a Payhip key or activation-related state;
- a Gumroad order, license, or similar provider identifier;
- equivalent identifiers required by another configured provider integration.
We do not use this data to inspect creator revenue, creator sales performance, or commercial analytics.
We also do not scan personal files, monitor unrelated system activity, or collect marketing analytics through the plugin.
How We Use the Data
We use the data above only for purposes directly related to the licensing system.
License verification and activation
We use limited identifiers to determine whether a protected avatar can be activated, whether a user remains eligible to use it, and whether a licensing action should be allowed.
Verification may rely on:
- configured provider integrations;
- internal licensing records maintained by Flowye Licensing;
- activation history and anti-abuse checks.
Security and abuse prevention
We use technical security signals to detect suspicious activity, repeated abuse, attempted circumvention, or unauthorized sharing.
Support and operations
We use creator and end-user records to troubleshoot activation problems, answer support requests, and maintain operational continuity.
Legal compliance and protection
We may keep or disclose limited records where necessary to comply with legal obligations, respond to valid requests, or protect the service, creators, and users against fraud or abuse.
No marketing use
We do not sell personal data and do not use plugin-related personal data for advertising or unrelated marketing.
Legal Basis
We rely on the following legal bases where applicable:
- Performance of a contract for Creator-side service delivery, support, billing, and account administration.
- Legitimate interests for end-user activation, license enforcement, fraud prevention, abuse detection, and security operations.
- Legal obligations where retention or disclosure is required by law.
If a future optional feature requires consent, that would be handled separately.
Sharing and Disclosure
We keep sharing limited and purpose-based.
We may share data:
- with the relevant Creator, but only to the extent needed to manage activation or access for that Creator's protected avatar;
- with infrastructure or support providers that help us operate the service on our behalf;
- with advisors, authorities, or technical responders where reasonably necessary for legal compliance, fraud prevention, or security response;
- as part of a business transfer if the service is sold or reorganized, subject to continued protection of the data.
We do not share personal data with advertisers.
Hosting and International Transfers
The current core application infrastructure is hosted on OVHcloud in Frankfurt, Germany.
If a limited support or infrastructure provider processes data from another jurisdiction in the future, we will apply the safeguards required by applicable law.
Security
We use practical security measures appropriate to a small licensing service, including:
- encrypted transport (HTTPS / TLS);
- access controls around application and database infrastructure;
- processed or hashed handling of certain technical identifiers where appropriate;
- logging and verification controls designed to detect tampering or abuse;
- operational restrictions intended to reduce unnecessary data exposure.
No system can promise absolute security, but we try to keep the data footprint small and the controls proportionate.
Retention
We keep personal data only as long as it remains reasonably necessary for licensing, support, abuse prevention, dispute handling, or legal obligations.
In practice:
- Creator account, license, and billing records may be kept while the Creator relationship is active and for any legally required follow-up period.
- End-user activation, licensing, and security records may be kept while they remain relevant to an active or recently managed protected avatar, and longer when needed for abuse prevention, chargeback/dispute handling, or legal obligations.
- Backups are retained for a limited operational period and then rotated out.
We avoid making promises about fixed retention periods when the correct answer depends on operational, security, and legal context.
Your Rights
Subject to applicable law, you may have rights such as:
- access;
- correction;
- deletion;
- restriction;
- objection;
- portability;
- complaint to the competent supervisory authority.
You can exercise these rights by contacting us using the details below. We may need to keep limited records where a deletion request conflicts with legal, security, or abuse-prevention needs.
Children's Privacy
The service is not intended for children under 13, and we do not knowingly seek to collect personal data from children under 13 through the licensing flow.
Changes to This Notice
We may update this Privacy Notice from time to time to reflect operational or legal changes.
If we make a material update, we will revise the "Last updated" date and, where appropriate, notify Creators through the contact channels available to us.
Contact
If you have questions or requests about this Privacy Notice, contact:
- Email: business@dummics.com
- Discord: Official Discord server