Security & Privacy Policy

Last Updated:

1.Who We Are

  • Legal Entity: ViraLikez @ Appslom Resources (“we”, “us”, “our”)
  • Website: ViraLikez.com
  • Contact Email: [email protected]

We provide n8n automation workflow services via two plans:

  • Managed Plan: We host and manage your automation environment.
  • Self-Hosted Plan: We deliver workflow files and documentation; you host them.

2. Scope This Security & Privacy Policy explains:

  • How we protect your data (security)
  • How we collect, use, share, and retain personal data (privacy)
  • What applies to Managed Plan vs Self-Hosted Plan
  • Your rights and choices

3. Information We Collect

a) You Provide

  • Contact: name, email, phone, company, role, country
  • Billing: billing name, address; card data processed by Stripe (not stored by us)
  • Support/Project: tickets, meeting notes, files, workflow requirements
  • Account/Portal: login credentials (hashed), preferences

b) Automatically Collected

  • Usage: pages visited, session metadata, device/browser, IP-based location
  • Cookies: strictly necessary, functional, analytics, marketing (see Cookies)

c) Third Parties

  • Stripe for payments and fraud checks
  • Analytics/performance tools (if enabled)
  • Public business data (e.g., LinkedIn, websites) where lawful

4. Security Overview We use layered, risk-based controls to safeguard confidentiality, integrity, and availability.

  • Encryption • In transit: HTTPS/TLS for site, portal, and file delivery • At rest: encryption provided by hosting/cloud providers where supported
  • Access Control • Principle of least privilege (role-based, need-to-know) • Unique accounts, MFA enforced for internal admin access • Credential vaulting for shared secrets; rotation on schedule or after incidents
  • Application & Infrastructure • Segmented environments for staging/production where applicable • Hardened configurations, minimal ports/services • Regular patching of OS, dependencies, and plugins (WordPress, Fluent Forms Pro) • Web Application Firewall (WAF) and bot protection where available
  • Monitoring & Logging • Security monitoring for suspicious access patterns • Activity logs for administrative actions and key workflow events • Alerting for anomalies and failed logins
  • Backups & Recovery • Encrypted backups on a defined schedule (Managed Plan environments and critical portals) • Periodic restore testing to validate recovery
  • Vendor & Data Processing • Due diligence for critical vendors (hosting, Stripe, email/helpdesk) • Data Processing Agreements (DPAs) where required • Standard Contractual Clauses (SCCs) for cross-border transfers when applicable
  • Staff & Operations • Confidentiality agreements for staff/contractors • Security and privacy training on onboarding and annually • Clean desk and secure device practices

5. Managed Plan vs Self-Hosted Plan Security

  • Managed Plan • We provision and secure the n8n environment, apply updates, manage secrets, and monitor uptime. • Access is limited to authorized personnel; actions are logged where feasible. • Backups are scheduled; restoration support included. • Optional IP allow listing and environment isolation available on request.
  • Self-Hosted Plan • You are responsible for hosting security, access control, backups, and compliance. • We supply workflow JSON files, setup guides, and a tutorial video. • We do not access your environment unless you explicitly grant temporary, time-bound access for support.

6. Data We Process in Automations Depending on your use case, workflows may process:

  • Contact records (names, emails, phone numbers)
  • Transactional or operational data (orders, appointments, tickets)
  • Marketing data (campaign events, tags, UTM, engagement)
  • System metadata (IDs, timestamps, logs) We recommend minimizing personal data in workflows and masking or tokenizing where possible.

7. Payment Security (Stripe)

  • All payments are processed by Stripe via hosted Stripe Checkout.
  • We do not store full card numbers or CVV.
  • Stripe may perform fraud checks and KYC/AML as required by law.

8. Forms & Website (Fluent Forms Pro)

  • Form submissions are stored in our WordPress database and may be emailed to our team.
  • Do not send sensitive data (e.g., full credentials, health data) via forms unless explicitly requested and secured.
  • For credential sharing, use our secure portal links or encrypted channels we provide.

9. Data Use Purposes We use data to:

  • Deliver services and support
  • Process payments and invoices
  • Communicate about orders, onboarding, and system notices
  • Improve services, quality, and security
  • Comply with legal obligations and prevent fraud Legal bases (EU/UK GDPR where applicable): contract, legitimate interests, consent (where required), legal obligation.

10. Data Sharing We share personal data only with:

  • Service providers (processors): hosting, email/helpdesk, analytics, CRM, backups, security, payment processing
  • Professional advisers: legal, accounting, compliance
  • Authorities: when required by law
  • Business transfers: merger or acquisition; protections will continue under this or a successor policy We do not sell personal data.

11. International Transfers

  • Data may be processed in countries outside your own.
  • Where required, transfers are protected by SCCs or equivalent safeguards.

12. Data Retention

  • Orders/billing: retained per tax and legal requirements
  • Support/project files: retained during engagement and a reasonable period after
  • Portal accounts: retained while active; deleted or anonymized after closure and retention period
  • Marketing: retained until you opt-out or withdraw consent We minimize retention to what’s necessary.

13. Your Rights Depending on your location, you may have the right to:

  • Access, rectify, erase
  • Restrict or object to processing
  • Data portability
  • Withdraw consent (for consent-based processing)
  • Lodge a complaint with a regulatory authority Contact: [email protected] . We may verify your identity before actioning requests.

14. Cookies & Tracking

  • We use cookies for functionality, analytics, and (where enabled) marketing.
  • Manage preferences via your browser and/or our consent banner.
  • Disabling certain cookies may reduce site functionality.

15. Incident Response

  • We maintain an incident response process: identification, containment, eradication, recovery, and post‑mortem.
  • If a breach likely impacts your rights and freedoms, we will notify you and, where required, regulators without undue delay.

16. Client Responsibilities

  • Provide accurate information and maintain secure passwords.
  • For Managed Plan: share necessary access via our secure channels; revoke access when no longer needed.
  • For Self-Hosted: secure your infrastructure, rotate keys, restrict permissions, and maintain backups.
  • Avoid sending secrets via email or unsecured channels.

17. Children’s Data Our services are not directed to children under 16, and we do not knowingly collect their data. Contact us to remove any such data.

18. Third-Party Links Our site may link to external sites. Review their security and privacy practices independently.

19. Marketing Preferences You can opt out of marketing emails at any time via unsubscribe links or by contacting us. Transactional/service emails will still be sent as necessary.

20. Do Not Track We currently do not respond to DNT signals. Use cookie controls and browser settings to manage tracking.

21. Changes to This Policy We may update this policy to reflect changes in law, services, or security practices. We will post updates with a new “Last Updated” date.

22. Contact

Jurisdiction-Specific Notices

A) EEA/UK

  • Controller: ViraLikez
  • Legal bases: contract, legitimate interests, consent, legal obligation
  • Transfers: protected by SCCs or equivalent
  • Rights: contact your supervisory authority to lodge a complaint

B) California (CCPA/CPRA)

  • We do not sell or share personal information for cross-context behavioral advertising.
  • Rights: know, delete, correct, limit sensitive data use (if applicable), and opt out of sharing (if applicable).
  • To exercise rights: contact [email protected]
  • Categories collected may include: identifiers, commercial info, internet activity, inferences.

Annex: Managed Plan Security Controls (Summary)

  • Provisioned n8n instance with hardened defaults
  • Secrets stored securely; access strictly limited
  • Scheduled updates and patches; monitored uptime
  • Encrypted backups; restore testing
  • Optional: IP allowlisting, SSO/MFA where supported, log export to your SIEM

Annex: Self-Hosted Security Recommendations

  • Use TLS/HTTPS and restrict public access
  • Enable MFA for admin accounts; enforce strong passwords
  • Store secrets in environment variables or a vault; rotate regularly
  • Implement role-based access in connected tools
  • Enable regular encrypted backups and test restores
  • Monitor workflow failures and set alerting
  • Keep n8n and dependencies up to date

If you have questions about our Security & Privacy practices, contact us at [email protected]

Scroll to Top