EN PT
Sign in Create account

Privacy Policy

Last updated 13 Jun 2026

Three Sixty ("we", "us", "our") operates Three Sixty Tools, the software store and licensing platform available at tools.threesixty.pt. This policy explains what personal data we collect, why we collect it, how long we keep it and the rights you have over it. We wrote it to be read, not skimmed past — if anything is unclear, write to us at support@threesixty.pt.

The data controller is Three Sixty, Lisbon, Portugal. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Portuguese data protection law.

What we collect

Account data

When you create an account we store your name, email address and a salted, one-way hash of your password — never the password itself. You may optionally add a company name, country and VAT number, which we use to issue correct invoices. We also record when the account was created and last signed in.

Orders and payments

Payments are processed by Stripe. Your card details are entered on Stripe's secure checkout and never reach our servers — we do not see, transmit or store card numbers. For each purchase we keep an order record (product, licence type, amount, currency and Stripe transaction identifiers) together with the billing details needed to issue an invoice. Keeping invoicing records is a legal requirement under Portuguese tax law.

Licence validation telemetry

Our applications periodically validate their licence against this platform. Each validation request contains the licence key, the product and application version, and a one-way hash of a machine identifier; we record the request IP address and timestamp. This data is used solely to enforce activation limits, detect abuse of licence keys and help you troubleshoot activation problems. The machine hash cannot be reversed into information about your hardware.

Support tickets

When you open a support ticket we store your name, email address, the messages exchanged and any attachments or system information you choose to share. Tickets often contain technical details such as application versions and operating system builds — please avoid including data you consider sensitive.

Newsletter

If you subscribe to the newsletter we store your email address until you unsubscribe. Every newsletter contains a one-click unsubscribe link.

Server logs

Like virtually all web servers, ours keeps short-lived technical logs (IP address, requested URL, browser user agent) used for security monitoring and fault diagnosis.

Cookies and local storage

  • Essential — the session cookie that keeps you signed in, the CSRF protection token and your language and theme preferences. These are always active because the site cannot function without them.
  • Analytics — Google Analytics, loaded only after you opt in through the cookie banner. It helps us understand which pages and products are useful.
  • Marketing — not currently used. The category exists in the consent banner so you can refuse it in advance should that ever change.

You can change your choice at any time using the cookie settings link in the footer.

Why we process your data

  • To operate your account and deliver the products you buy (performance of a contract).
  • To issue and retain invoices (legal obligation).
  • To enforce licence activation limits and prevent fraud (legitimate interest).
  • To answer support requests (performance of a contract and legitimate interest).
  • To send the newsletter (consent, withdrawable at any time).

Who we share data with

We share data only with the processors required to run the service: Stripe (payment processing), our transactional email provider (delivery of receipts, licence keys and password resets) and our hosting infrastructure. All processors are bound by GDPR-compliant data processing agreements. We do not sell personal data and we do not share it with advertising networks.

How long we keep it

  • Account data — for as long as your account exists, deleted within 30 days of account deletion except where the law requires longer retention.
  • Orders and invoices — 10 years, as required by Portuguese tax legislation.
  • Licence validation logs — up to 24 months, then deleted or anonymised.
  • Support tickets — up to 36 months after closure, so we can refer back to your history when you contact us again.
  • Newsletter subscription — until you unsubscribe.

Your rights

Under the GDPR you may, at any time: request access to the data we hold about you; have inaccurate data corrected; request erasure ("right to be forgotten"); restrict or object to processing; receive your data in a portable format; and withdraw any consent previously given. Write to support@threesixty.pt and we will respond within 30 days. You also have the right to lodge a complaint with the Portuguese supervisory authority, the CNPD (Comissão Nacional de Proteção de Dados, www.cnpd.pt).

Security

All traffic to the platform is encrypted with TLS. Passwords are stored only as modern salted hashes, uploaded files and installers live outside the web root, and administrative access is restricted and logged. No system is perfectly secure, but we treat your data the way we want our own treated.

Changes to this policy

If we change this policy we will update it here and adjust the date shown on this page. Material changes will be announced by email or with a notice on the site before they take effect.