MegaWorksheets.com — Privacy Policy (Global)

Effective date: October 20, 2025

This Privacy Policy explains how MegaWorksheets.com (“MegaWorksheets”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you use MegaWorksheets.com (the “Site”), purchase our digital products, or otherwise interact with us. It also describes your privacy rights and how the law protects you.

We design our products for use by adults (parents/guardians/educators) with/for children. We do not knowingly collect personal information from children without verifiable parental consent (see Section 12 — Children).

1. Who we are & how to contact us

  • Controller: MegaWorksheets

  • Email: teammegaworksheet@gmail.com

2. What data we collect

We collect the minimum data necessary to operate our Site and deliver digital products.

2.1 Data you provide directly

  • Account data (name, email, password).

  • Order & billing data (billing address; country; zip/postcode, phone (optional); product purchased, transaction amounts, invoice/receipt details). We do not store full card numbers.

  • Support & communications (emails, chat messages, request content).

  • Reviews/testimonials (text, rating, display name you choose).

  • Consents & preferences (marketing opt‑in, cookie choices, region, language).

2.2 Data collected automatically

  • Device/usage data (IP address; unique IDs; device type; browser; operating system; referral URL; pages viewed; time stamps; approximate location derived from IP; performance metrics).

  • Cookies & similar technologies (see Section 10 — Cookies & Tracking for details and choices).

2.3 Data from third parties

  • Payment processors (PayPal and other providers) — payment confirmation, last 4 digits of card, card brand, country, risk signals, and fraud‑screening results.

  • Analytics/advertising partners — aggregated metrics; campaign/utm parameters; conversion events.

  • Anti‑abuse & security services — IP reputation, device fingerprinting (where permitted).

We do not collect sensitive categories of data as defined by GDPR/CPRA.

3. Why we use your data (purposes) & legal bases

3.1 Purposes

  1. Provide the Site & services (account, checkout, downloads, customer support).

  2. Process transactions and deliver digital products; provide invoices/receipts.

  3. Prevent fraud & abuse; secure our systems; enforce license terms.

  4. Communicate about orders, updates, and account security.

  5. Improve content, UX, and performance (analytics, debugging, A/B tests).

  6. Marketing with your consent (newsletters, product updates, promotions).

  7. Compliance with legal, tax, accounting, and regulatory obligations.

3.2 Legal bases under GDPR/UK GDPR (where applicable)

  • Contract (Art. 6(1)(b)): to fulfill orders, provide downloads, and provide customer service.

  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, analytics limited to audience measurement and product improvement, non‑intrusive marketing to existing customers where allowed (soft opt‑in). We balance our interests against your rights.

  • Consent (Art. 6(1)(a)): email marketing to non‑customers; optional cookies; certain advertising/retargeting; storing preferences; some region‑specific requirements.

  • Legal obligation (Art. 6(1)(c)): tax, accounting, consumer protection, responding to lawful requests.

4. What we share & with whom

We share data only as necessary and under agreements that require recipients to protect it.

  • Payment processors: PayPal and similar providers — to process payments and screen fraud.

  • Hosting & infrastructure: web host/CDN, backup, DDoS protection.

  • Email & communications: transactional email service, newsletter platform, helpdesk.

  • Analytics & measurement: privacy‑centric analytics and (if enabled) third‑party analytics.

  • Advertising/retargeting (optional): platforms such as Meta or Google Ads — only if you consent to marketing cookies/trackers where required.

  • Professional advisors & authorities: accountants, auditors, legal counsel; regulators or law enforcement when legally required.

We do not sell personal information for money. Under some US state laws, certain ad‑tech sharing may be deemed a “sale” or “sharing” for cross‑context behavioral advertising; see Section 11 — Region‑specific rights for opt‑out.

5. International transfers

We operate globally. Your data may be processed outside your country (e.g., in the United States, Vietnam, EU/UK). When we transfer personal data internationally, we use appropriate safeguards:

  • EU/UK: Standard Contractual Clauses (SCCs) and, where required, the UK Addendum; transfer risk assessments; supplementary security measures.

  • Other regions: contractual protections and technical measures appropriate to the risk.

6. Data retention

We keep personal data only as long as necessary for the purposes set out above:

  • Account data: for the life of the account; delete after {{24–36}} months of inactivity.

  • Order/financial records: 7–10 years (tax/accounting laws).

  • Support tickets: 2 years after closure unless needed for disputes/security.

  • Marketing preferences: until you unsubscribe or request deletion, we keep minimal suppression records to honor opt‑outs.

  • Analytics logs: typically 14–26 months (or shorter where configured).

7. Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data, including encryption in transit (TLS), network segmentation, least‑privilege access, MFA for admin accounts, regular patching, and vendor due diligence. No system is 100% secure; we cannot guarantee absolute security.

8. Your rights

Depending on your region and with best of our technical ability, you may have rights to:

  • Access your personal data and obtain a copy.

  • Rectify inaccurate or incomplete data.

  • Erase data (right to be forgotten) in certain circumstances.

  • Restrict or object to processing, including profiling based on legitimate interests.

  • Portability of the data you provided to us.

  • Withdraw consent at any time (does not affect processing before withdrawal).

  • Appeal our decision on your request (US state laws).

To exercise rights, contact teammegaworksheet@gmail.com with your request. We will verify your identity and respond within the applicable statutory period (e.g., 30–45 days). You may also authorize an agent as permitted by law (we may require signed permission and identity verification).

9. How to make a complaint

If you are in the EU/EEA/UK, you may complain to your local supervisory authority (for example, ICO in the UK or your country’s DPA). We encourage you to contact us first to resolve concerns.

10. Cookies & tracking technologies

We use cookies and similar technologies to:

  • Enable core site functions (checkout, authentication, security, licensing, fraud prevention);

  • Remember preferences (language, region, cookie choices);

  • Measure performance and improve the Site (privacy‑centric analytics);

  • (Optional) personalize ads and measure campaigns only with your consent, where required.

10.1 Consent & control

  • On your first visit, a Cookie Banner/Consent Management Platform (CMP) lets you accept, reject, or customize categories (Strictly Necessary; Functional; Analytics; Marketing). You can change your choices anytime via Cookie Settings in the footer.

  • Browser settings can block cookies; some features may not work.

10.2 Categories (examples)

  • Strictly necessary (always on): session ID, CSRF token, payment/checkout, license enforcement.

  • Functional: remembering login, region, and cart persistence.

  • Analytics: page views, events, A/B testing; configured for IP truncation where available.

  • Marketing/ads (optional): remarketing tags; conversion tracking.

10.3 Signals

Where legally required and technically supported, we honor Global Privacy Control (GPC) as an opt‑out of sale/sharing for cross‑context behavioral advertising.

11. Region‑specific disclosures

11.1 European Economic Area (EEA) & UK

  • Controller details, legal bases, and transfer mechanisms are described above.

  • You have the rights listed in Section 8 and may lodge a complaint with your DPA.

  • For email marketing, we rely on consent except for existing customers (soft opt‑in where allowed).

  • For digital content, you may lose the right of withdrawal once download begins (see Terms & Conditions).

11.2 United States (CCPA/CPRA & state laws)

  • We do not sell your personal information for money. Some advertising activities may be considered “sharing” or “selling” under CPRA. You can opt out via Cookie Settings and (where applicable) the “Do Not Sell or Share My Personal Information” link. We honor GPC signals.

  • Your rights include access, deletion, correction, and opt‑out of sale/sharing and targeted advertising. You also have the right to limit use of sensitive data (we do not use sensitive data for inferring characteristics).

  • We do not discriminate against you for exercising your rights.

11.3 Brazil (LGPD)

  • We process data under legal bases such as contract, legitimate interest, consent, and legal obligation. You have rights of confirmation, access, correction, anonymization, portability, deletion, and information about sharing.

11.4 Canada (PIPEDA), Australia, New Zealand, Singapore (PDPA) & others

  • We comply with applicable consent, purpose‑limitation, and access/correction principles. Contact us to exercise rights or file a complaint.

12. Children’s privacy

Our Site is intended for adults purchasing materials to use with children. We do not knowingly collect personal information from children without parental consent. If you believe a child has provided us personal information without consent, contact us and we will take appropriate action (e.g., delete the data or obtain consent).

13. Automated decision‑making & profiling

We do not engage in automated decision‑making that produces legal or similarly significant effects on individuals. Limited profiling may occur for fraud prevention and license enforcement and for analytics/marketing with consent; you may object where applicable.

14. Third‑party links & integrations

Our Site may link to third‑party websites or apps. Their privacy practices are governed by their own policies; we are not responsible for them. When you choose a third‑party payment method, that provider collects and processes your data under its terms.

15. Changes to this Policy

We may update this Policy to reflect changes in laws, technologies, or our practices. The Effective date will be updated and, where required, we will notify you (e.g., via the Site or email). Your continued use of the Site after changes means you accept the updated Policy.

16. Exercising your rights — how to contact us

  • Submit requests by emailing teammegaworksheet@gmail.com (subject: Privacy Request).

  • Include your name, email, country, and the right you wish to exercise.

  • We may request additional information to verify your identity.

  • If we cannot honor your request, we will explain why and how to appeal.

17. Addenda & references

  • Terms & Conditions (license, refunds, and withdrawal).

  • Cookie Policy (detailed cookie list; updated periodically).

  • Data Processing Addendum (DPA) for institutional/commercial customers acting as controllers purchasing multi‑seat licenses (on request).

Appendix A — Records of Processing (summary)

Category Data elements Purpose Legal basis Retention Recipients
Account Name, email, password hash, country Provide account; access downloads Contract Life of account / inactivity window Hosting, email service
Orders Billing details, items, amounts, IP, timestamps Fulfillment; invoices; support Contract; Legal obligation 7–10 years Payment processors; accountants
Device/Usage IP, device, browser, events Security; fraud; analytics Legitimate interests; Consent (analytics/ads) 14–26 months Hosting, analytics, security
Marketing Email, consent, UTM Newsletters, promos Consent/soft opt‑in Until opt‑out (+ suppression) Email platform

Appendix B — Sub‑processors (illustrative; update on site)

  • Hosting/CDN: PAVietnam

  • Email (transactional): Google

  • Email (newsletter): Google

  • Payments: PayPal + partners

  • Analytics: Google Analytics

  • Advertising: Meta/Google Ads

  • Security: reCAPTCHA/Anti‑fraud tool

© 2025, MegaWorksheets. All rights reserved.

Who we are

Suggested text: Our website address is: https://megaworksheets.com.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.