Privacy Policy
Last updated: 4 June 2026
1. Introduction
This Privacy Policy explains how SmokeOverlay.com collects, uses, shares and protects personal data when you visit our website, purchase digital products, subscribe to our emails, contact us, or interact with our website and advertising.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), applicable Czech data protection laws and other applicable legal requirements.
This Privacy Policy is for information purposes. Using our website does not automatically mean that you consent to optional analytics, marketing, advertising, session replay or tracking technologies. Where consent is required, we ask for it separately, for example through our cookie banner, forms or checkout settings.
2. Data Controller
The controller of personal data is:
Jan Oplt
U Lávky 527
468 41 Tanvald
Czech Republic
Email: info@test.smokeoverlay.com
Website: SmokeOverlay.com
For privacy-related requests, contact us at info@test.smokeoverlay.com.
We have not appointed a Data Protection Officer because we are not currently legally required to do so.
3. Personal Data We Process
Depending on how you use our website, we may process the following types of personal data:
- Order and customer data: name, email address, billing details where required, country, tax-related information, order history, purchased products, download/access information, support messages, refunds, disputes or chargebacks.
- Payment-related data: payment status, transaction ID, invoice or receipt information, payment method type and fraud-prevention signals. We do not directly store full payment card numbers.
- Website and technical data: IP address, browser and device information, operating system, approximate location, pages visited, referring URLs, timestamps, cookies, pixels, local storage and similar online identifiers.
- Marketing and communication data: email address, name if provided, newsletter subscription status, consent records, unsubscribe records, campaign attribution and email engagement data where enabled.
- Analytics and UX data: page views, clicks, scrolling, navigation flow, form interaction metadata, heatmaps, event data and session recordings or replays where enabled.
- Security and anti-spam data: IP address, user agent, referrer, timestamps, form metadata, security logs, spam-check results and similar technical data.
- User-generated content: comments, reviews or uploaded files if such features are available and you choose to use them.
Where possible, we configure analytics and UX tools to minimize personal data collection and to mask or exclude sensitive fields, including checkout fields, payment fields, names, email addresses, addresses and similar personal input fields.
4. Temporary Checkout Field Preservation
We may use browser-based local storage or similar browser storage to temporarily preserve checkout form entries. This may include fields such as name, email address, company name, VAT number, phone number or similar checkout details.
The purpose is to prevent loss of checkout data if you leave the checkout page, refresh the page or return later before completing the purchase.
This data is stored on your device, is not used for advertising tracking, and is not intentionally shared with third parties for marketing purposes. It is intended to be retained for a limited period, typically up to 24 hours, unless your browser or device settings clear it earlier.
You can remove this data by clearing your browser cache, cookies, local storage or site data for SmokeOverlay.com.
5. Approximate Location and Local Currency Display
We may use your IP address or country information to estimate your approximate location. This may be used to display an estimated price in a local currency, improve website functionality, apply regional website settings or support security and fraud-prevention features.
This may involve country information provided by our website infrastructure and, where needed, third-party IP geolocation or exchange-rate services.
Local currency display is for convenience only. The final checkout currency, taxes and final price are confirmed at checkout by our payment provider.
6. How We Collect Personal Data
We collect personal data directly from you when you:
- purchase a product;
- subscribe to our newsletter;
- download a free resource or lead magnet;
- contact us by email or form;
- leave a comment or review;
- request customer support;
- manage your cookie preferences;
- interact with checkout, forms, embedded content or website features.
We also collect some data automatically through cookies, pixels, local storage, server-side tracking, analytics tools, advertising tools, security tools, anti-spam tools, fraud-prevention systems, approximate country detection and website log files.
Some data may be received from third-party providers used to operate the website, process payments, send emails, measure advertising, prevent fraud, protect the website or improve the user experience.
7. Why We Process Personal Data
We process personal data for the following purposes and legal bases:
| Purpose | Examples of data | Legal basis |
|---|---|---|
| Processing and delivering digital orders | Name, email, order data, payment status, country, product access data | Performance of a contract |
| Customer support | Email, order details, support messages | Performance of a contract; legitimate interest |
| Invoicing, accounting and tax compliance | Order data, invoice data, tax-related data | Legal obligation |
| Fraud prevention, website security, spam prevention and abuse prevention | IP address, logs, transaction data, risk signals, form metadata | Legitimate interest; legal obligation where applicable |
| Operating the website, cart and checkout | Necessary cookies, session data, cart data, checkout storage | Performance of a contract; legitimate interest |
| Temporary preservation of checkout fields | Checkout form fields stored locally in the browser | Legitimate interest; performance of a contract where related to checkout |
| Displaying estimated local currency prices and regional website settings | IP address, approximate country, selected currency, exchange-rate data | Legitimate interest; website functionality |
| Newsletter and email marketing based on subscription | Email, name if provided, consent record, campaign activity | Consent |
| Marketing to existing customers for similar products, where legally allowed | Email, order history, opt-out status | Legitimate interest / customer exception under applicable direct marketing rules |
| Analytics, UX analytics, session replay and product improvement | Page views, device data, events, interaction data, masked session data | Consent where required |
| Advertising measurement, retargeting and campaign optimization | Cookie IDs, event data, click IDs, hashed identifiers where used, purchase events | Consent where required |
| Server-side or backend conversion measurement | Event data, IP address, user agent, click IDs, hashed identifiers where used | Consent where required |
| Legal claims and compliance | Relevant order, payment and communication data | Legitimate interest; legal obligation |
8. Payments
We use Paddle as our Merchant of Record and/or payment provider for digital product purchases.
When you purchase a product, Paddle may process your personal data as an independent controller for payment processing, tax handling, fraud prevention, invoicing, refunds, chargebacks, compliance and transaction-related customer communication.
Paddle may share necessary purchase information with us so we can provide access to purchased digital products, customer support and order-related services.
You should review Paddle’s own privacy notice and buyer terms when completing a purchase.
9. Email Marketing
We use email marketing tools for newsletters, email campaigns, free resources, lead magnets and customer communication.
If you subscribe to our newsletter, download a free resource, or otherwise give marketing consent, we may send you promotional emails about SmokeOverlay.com products, tutorials, updates, discounts and related content.
If you purchase from us, we may send marketing emails about our own similar products where this is legally allowed and where you had a clear opportunity to opt out. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us at info@test.smokeoverlay.com.
Email open and click tracking may be used to measure campaign performance. Where legally required, such tracking is used only with your consent.
10. Analytics, UX Tools and Advertising
We use or may use analytics, UX analytics and advertising tools to understand how visitors use our website, improve our products and checkout experience, measure advertising performance and optimize campaigns.
These tools may include analytics platforms, advertising platforms, product analytics tools, UX analytics tools, pixels, tags, consent-mode signals and server-side or backend conversion measurement.
These tools may process technical data such as IP address, browser and device data, page views, product views, add-to-cart events, checkout events, purchase events, click IDs, cookie IDs, hashed identifiers where used, approximate location, timestamps, referrer data and campaign data.
Where required, analytics, session replay, marketing pixels and conversion measurement are used according to your consent preferences.
11. Regional Cookie and Tracking Settings
For visitors from the European Economic Area, the United Kingdom and Switzerland, optional analytics, UX analytics, advertising, session replay and marketing technologies are intended to run according to the visitor’s cookie consent choices.
For visitors from known non-EU/EEA/UK/Swiss regions, and where permitted by applicable law, we may use a regional default tracking mode where analytics and advertising technologies may be enabled by default, unless applicable local law requires a different approach or the visitor opts out where such an option is available.
Where technically available, visitors can change or withdraw their cookie and tracking choices through the cookie settings on our website or through their browser settings.
If a visitor’s region or consent status cannot be determined reliably, we aim to apply the more protective consent-first mode for optional tracking.
12. Anti-Spam, Security and Abuse Prevention
We use or may use security, anti-spam, infrastructure and fraud-prevention tools to protect our website, forms, checkout, comments, reviews and user interactions from spam, bots, fraud, abuse and malicious activity.
These tools may process technical data such as IP address, user agent, referrer, timestamps, form metadata, spam-check results, security logs and temporary anti-spam identifiers.
We process this data based on our legitimate interest in protecting the website, users, checkout process and business from spam, abuse, fraud and security threats.
13. Cookies, Local Storage and Similar Technologies
We use cookies, pixels, local storage, server-side tracking and similar technologies.
Cookies may be categorized as:
- Necessary cookies – required for website operation, security, checkout, cart functionality, consent management, fraud prevention and product delivery.
- Analytics cookies – used to understand website traffic, performance and user behavior. These are used only with consent where required.
- Marketing cookies and pixels – used for advertising, retargeting, conversion measurement and campaign optimization. These are used only with consent where required.
- Functional cookies – used to remember preferences, apply regional settings or improve website functionality.
You can manage your cookie preferences through our cookie banner or cookie settings link. You can also restrict cookies in your browser, but some website functions may not work correctly.
For more detailed information about cookies, pixels, local storage, analytics, advertising tools and similar technologies, please see our Cookie Policy: Cookie Policy.
14. Embedded Content
Our website may include embedded content from third-party websites, such as videos or other external content.
Embedded content from third-party websites behaves as if you visited that third-party website directly. These third parties may collect data about you, use cookies, embed additional tracking and monitor your interaction with the embedded content.
Where required, embedded third-party content is blocked until you give the relevant consent through our cookie banner or content placeholder.
15. Service Providers
Our website is built on WordPress and WooCommerce and may use service providers and plugins for checkout, digital product delivery, payment support, email communication, hosting, caching, security, backups, analytics, advertising, product feeds, reviews, customer support, fraud prevention and website performance.
Depending on the current website configuration, these providers may include payment providers, email marketing providers, advertising and analytics platforms, security and anti-spam providers, hosting and infrastructure providers, backup and recovery providers, website plugin providers and other technical service providers needed to operate and improve our website.
Examples of commonly used providers may include Paddle for payment-related services, email marketing tools, Google, Meta or TikTok advertising and analytics services, website security and infrastructure services, backup providers and WordPress/WooCommerce-related providers.
We do not sell your personal data. Where required, we use data processing agreements or equivalent contractual terms with processors.
Service providers may process personal data only to the extent necessary to provide their services, protect the website, process orders, deliver products, communicate with customers, send emails, measure performance, manage backups, support legal compliance or improve the website.
16. International Data Transfers
Some providers may process personal data outside the European Economic Area, including in the United States or other countries.
Where personal data is transferred outside the EEA, we rely on appropriate safeguards where required, such as European Commission adequacy decisions, EU Standard Contractual Clauses, Data Processing Agreements, supplementary technical and organizational measures, or EU-US Data Privacy Framework certification where applicable.
For example, where backup storage, analytics, advertising, email, hosting or technical service providers are used, they may process data outside the EEA and may rely on applicable adequacy decisions, Data Privacy Framework certification, contractual terms or other safeguards for relevant transfers.
Because international data transfer rules and vendor infrastructure can change, we periodically review our providers and configurations.
17. Data Retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.
| Data category | Typical retention period |
|---|---|
| Order, invoice and tax records | For the period required by applicable accounting, tax and legal obligations. |
| Customer support communication | Usually up to 3 years after the last communication, unless needed longer for legal claims. |
| Newsletter data | Until you unsubscribe or your data is deleted, plus a suppression record where needed to prevent re-subscription. |
| Consent records | For as long as needed to prove consent and compliance. |
| Temporary checkout browser storage | Typically up to 24 hours, unless cleared earlier by your browser or device settings. |
| Analytics, advertising and UX data | According to the retention settings of the relevant tool. |
| Security, anti-spam and abuse-prevention logs | For a limited period necessary for security, spam prevention, fraud prevention and abuse prevention. |
| Backups | Retained according to our backup cycle and then overwritten or deleted. |
We may retain some data longer if required by law, tax obligations, accounting rules, dispute resolution, fraud prevention or legal claims.
18. Your Rights
Under GDPR, you have the following rights:
- right of access;
- right to rectification;
- right to erasure;
- right to restriction of processing;
- right to data portability;
- right to object to processing based on legitimate interest;
- right to withdraw consent at any time;
- right not to be subject to solely automated decision-making with legal or similarly significant effects;
- right to lodge a complaint with a supervisory authority.
You can exercise your rights by contacting us at info@test.smokeoverlay.com.
If you are located in the Czech Republic or the EU, you may also contact the Czech supervisory authority:
Úřad pro ochranu osobních údajů
Pplk. Sochora 27
170 00 Praha 7
Czech Republic
Website: uoou.gov.cz
19. Withdrawal of Consent and Opt-Out
You can withdraw consent to optional cookies, analytics, session replay and tracking through our cookie settings.
You can unsubscribe from marketing emails by clicking the unsubscribe link in any email.
You can also contact us at info@test.smokeoverlay.com and request deletion, opt-out or restriction of processing.
Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
20. Automated Decision-Making and Profiling
We do not use personal data for solely automated decision-making that produces legal or similarly significant effects.
Advertising platforms may use profiling, audience segmentation, conversion optimization, lookalike audiences or similar automated processing to deliver and optimize ads. This processing is used only where legally permitted and according to your consent preferences where consent is required.
21. Security
We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.
These measures may include HTTPS encryption, limited administrative access, access controls, security monitoring, security filtering and traffic protection, anti-spam protection, vulnerability management, backups, data minimization, masking or excluding sensitive fields from analytics/session replay tools, vendor review and contractual safeguards.
No website or online service can guarantee absolute security.
22. Children
Our products and services are intended for photographers, designers and other users interested in digital creative assets. They are not directed to children.
We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, contact us at info@test.smokeoverlay.com.
23. Changes to This Privacy Policy
We may update this Privacy Policy from time to time, for example when we change our tools, service providers, tracking setup, legal obligations or business processes.
The latest version will always be available on this page.
24. Contact
For privacy-related questions or requests, contact:
Jan Oplt
Email: info@test.smokeoverlay.com
Website: SmokeOverlay.com