Last updated: April 9, 2026
Hi there. This is the privacy policy for Pubvana and the pubvana.net website. We want to be upfront about what information we collect, why we collect it, and how we handle it. No legalese walls of text, just a straightforward explanation.
This policy covers two things: the pubvana.net website itself, and the Pubvana CMS software that you install on your own server.
What We Collect When You Visit pubvana.net
When you browse pubvana.net, we track page views to understand which content is helpful. This includes the page you visited, the website that referred you (just the domain name, not the full URL), and a timestamp. We don't store your IP address or any personally identifying information for page views.
Account Information
If you create an account on pubvana.net, we collect a username, email address, and password. Your password is securely hashed before it's stored, so we never see or keep it in plain text.
You can also sign in with Google or Facebook if you prefer. When you do, we receive your email address and a unique ID from that provider. We don't get your social media password or access to your account beyond basic profile info.
Payments and Stripe
We use Stripe to process payments for premium themes, plugins, and other digital products. Stripe is one of the most widely used and trusted payment processors in the world, handling billions of dollars in transactions for businesses of all sizes.
When you make a purchase, your payment details (like your card number) go directly to Stripe. We never see, handle, or store your full card information on our servers. What we do receive from Stripe is a transaction confirmation, the last four digits of your card (for your reference), and your billing email.
For the full details on how Stripe handles your payment data, you can read Stripe's Privacy Policy.
How the CMS Connects to pubvana.net
When you install Pubvana on your own server, the CMS makes a few background connections. Here's exactly what those are and why:
Update checks. Pubvana checks GitHub once a day to see if a newer version is available. The only thing sent is a version identifier in the request header. No site info, no user data.
Marketplace catalog. When you browse the built-in marketplace, Pubvana fetches the current list of available themes, widgets, and plugins from pubvana.net. This is a simple catalog lookup with no personal data attached.
License validation. If you've purchased a premium item, Pubvana sends your license key and your site's domain to pubvana.net to confirm the license is valid. This happens when you first install a licensed item and is rechecked periodically (about once every 90 days). Your site's domain is needed so we can verify the license is being used on the right site.
Extension safety checks. When you install a new theme, widget, or plugin, Pubvana checks it against our safety registry (the Vetted system). This sends the extension's name, version, author, your CMS version, and your site's URL to pubvana.net. This is how we flag known-unsafe add-ons before they're activated on your site.
Extension updates. Pubvana checks daily for updates to your installed extensions. This sends your CMS version and a list of what you have installed (name, version, and license key for licensed items). No personal data is included.
Plugins on pubvana.net
The pubvana.net website runs three Pubvana plugins:
Digital Store powers the storefront where you can browse and purchase themes, plugins, and other digital products. It handles product listings, license key generation, and integrates with Stripe for payment processing.
Pubvana Docs runs the documentation section of the site. It's a read-only reference, and it doesn't collect any additional data beyond normal page views.
Vetted is the safety registry for Pubvana add-ons. When a CMS installation checks whether an extension is safe (as described above), the Vetted plugin on our end handles that lookup. It stores the domain that made the request, which version of Pubvana it's running, and when the check happened. This helps us understand how many sites are actively using Pubvana and which versions are in use, so we can prioritize support and compatibility.
Third-Party Services
Depending on how you or your site admin have things configured, these third-party services may be involved:
hCaptcha protects forms (comments, contact) from spam. If enabled, the hCaptcha widget loads in your browser and your captcha response is verified with hcaptcha.com. See hCaptcha's Privacy Policy. hCaptcha is free for most websites.
Google Analytics is an optional integration. If the site admin has added a tracking ID, Google's analytics script will load for visitors. This is entirely opt-in by the site admin. See Google's Privacy Policy.
Google and Facebook OAuth are optional sign-in methods. If enabled, clicking "Sign in with Google" or "Sign in with Facebook" redirects you to that provider's login page. We only receive your email and a provider ID back.
CDN services like jsDelivr and Cloudflare deliver common files (like CSS frameworks and icon fonts) to your browser. Some themes also load fonts from Google Fonts. These are standard web requests and are subject to each provider's own privacy policies.
Cookies
Pubvana uses a small number of cookies, and none of them are used for tracking or advertising:
Session cookie stores a session ID so the site knows you're logged in. It expires when you close your browser unless you've chosen "Remember Me".
Remember-me cookie keeps you logged in for 30 days if you choose that option. It contains a random token, nothing personal.
CSRF token is stored in your session to protect forms from cross-site request forgery. It's a standard security measure.
That's it. No tracking cookies, no advertising cookies, no third-party cookie walls.
Emails We Send
Pubvana may send you emails for the following reasons:
- Account activation when you first register or change your email address
- Password reset if you request one
- Account change alerts if your username, email, or password is changed (sent to your previous email as a security measure)
- Contact form responses if you reach out through the contact form, your message is forwarded to us by email. We don't store contact form submissions in the database.
Data Retention and Your Rights
We keep your account information for as long as you have an active account. Page view analytics are kept indefinitely but contain no personal information.
If you'd like to delete your account or have questions about your data, reach out to us through our contact page. We'll take care of it.
Changes to This Policy
If we make meaningful changes to this policy, we'll update the date at the top and make it easy to find what changed. We won't sneak anything in.
Questions?
If you have any questions about this privacy policy or how we handle your data, please reach out through our contact page.