Download

Privacy Policy

Last updated: [12 Dec 2025]

This Privacy Policy explains how we (the developers/operators of Instant Search Pro, referred to as “we”,
“us”, or “our”) collect, use, and protect your personal data when you visit our website or purchase/use the
Instant Search Pro WordPress plugin (the “Product”). We are committed to protecting your privacy and
handling your personal information in a transparent and lawful manner, in compliance with applicable data
protection laws such as the EU General Data Protection Regulation (GDPR). By using our website or Product,
you acknowledge that you have read and understood this Privacy Policy.

Important Summary: We only collect limited personal information necessary to provide our services
(such as processing your plugin purchase, licensing, and support). We do not sell or rent your data to third
parties. We use secure third-party providers for payment processing and optional analytics. You have rights
over your data, and we honor those rights. Below, we detail what information we collect, how we use it, and
the choices and controls you have.
Data We Collect
We collect personal data that you provide to us directly, data that is collected automatically through your
use of our site or Product, and data from third-party services that help us operate our business. The types
of information we collect include:

Contact and Account Information: When you purchase the Product (or contact us with inquiries),
we collect information such as your name, email address, and billing information. We need this
information to process your order and communicate with you about updates or support. For
example, if you purchase a license, you will provide an email address (to receive your license key and
receipts) and possibly a name/company name for invoicing. We may also collect your billing address
(for billing or tax purposes) if required by the payment processor or law. Note that we do not collect
or store any credit card numbers ourselves – those are handled by our payment processors (see
“Payment Information” below) .

Payment Information: Payment details (e.g., credit card information) are processed securely by
third-party payment providers such as Stripe or PayPal. We do not see or store your full credit
card number or financial account data on our servers . We receive from the payment processor
a confirmation of payment and basic details like the last four digits of the card (for reference), card
type, or a transaction ID, as well as your name, email, and country (for tax calculation). This
information is used for record-keeping and to fulfill your order. (See “Third-Party Services” below for
more on payment processors.)

License Activation and Usage Data: When you activate the Product’s license on your WordPress
site or when the Product checks for updates, certain technical information is transmitted to our
licensing server. This data may include: your site’s URL or domain, the Product license key, the
Product version, your WordPress version, and possibly your site’s IP address or server IP. We collect
this information to authenticate your license activation and to deliver updates to the plugin
. For example, our system might log a request that includes “Website example.com activated
Instant Search Pro v1.2 with license KEYXXXX on WordPress 6.x”. This usage information helps ensure
that your license is valid and helps us understand general usage (e.g., how many active installations
we have and what versions are in use) . We do not collect content from your site or any
information about your site’s users through these license checks – the data is purely technical and
tied to the plugin’s operation.

Support Correspondence: If you contact us for support or with questions (via email or a support
form), we will collect the information you choose to provide in that correspondence. This may
include your email address, name, and details about your support issue. We may ask for
additional info to help resolve your issue (such as error messages, screenshots, or temporary site
access, though providing access is optional and used only for troubleshooting with your explicit

permission). We will retain these communications as needed to assist you and for our records.
Support emails are kept confidential and are only used for addressing your inquiry.

Website Usage Data (Analytics): When you browse our website, we may collect some information
automatically about your visit. This includes data like your IP address, browser type, browser
language, referring URL, pages you view, and the date/time of access. We primarily use this
information for security (e.g., to detect malicious access) and to analyze web traffic in aggregate. If
we use analytics tools (such as Google Analytics), these tools might set cookies and collect usage
information such as your geographic region (approximate), IP address, and on-site behavior
(e.g., pages visited, time on page, etc.) . Any analytics we use are configured to anonymize data
where feasible (for example, Google Analytics can anonymize IP addresses). See the “Cookies and
Tracking” section below for more details. This automatically collected data helps us understand how
our site is used and improve it, but it is not used to identify you personally for marketing; we look
at trends aggregated across many users.
Cookies and Similar Technologies: Our website uses cookies and similar tracking technologies (like
web beacons or pixels) to provide functionality and analyze usage. Cookies are small text files
placed on your device that allow us to remember your preferences and recognize repeat visitors .
For instance, we use cookies to remember items in your shopping cart and to manage login sessions
if our site has a user account area. We also use analytics cookies as mentioned to gather usage
statistics (these may be third-party cookies from providers like Google). For more information on
cookies, please see our Cookie Policy, which provides detailed information about the cookies we use
and your choices .

Third-Party Account Data (if any): We generally do not collect data from third-party accounts since
we don’t require registration via social logins or similar. If in the future we offer something like an
integration where you can link an account (for example, subscribing to a newsletter via Mailchimp or
logging into a customer portal), we would collect whatever minimal info is necessary (such as your
email for the newsletter, or OAuth tokens if social login is used). Such cases will be explained at the
point of collection.
We do not deliberately collect any sensitive personal data such as race, religion, health information, etc.,
and we ask that you not provide such information to us as it’s not needed for our services. The personal
data we collect is generally limited to contact details, transaction information, and technical data related to
product usage.
How We Use Your Information
We use the collected information for the following purposes, in accordance with applicable data protection
laws:

To Process Transactions and Provide the Product: First and foremost, we use your information to
fulfill your orders and provide you with the Product and related services. This includes
processing payments (through our payment processors), generating your license key, delivering the
plugin download, and keeping track of your license status (active/expired) so that you receive
updates and support appropriately . For example, our system will use your email to send you the
license key and will record that license in our database under your account/email for validation

purposes. If you activate the license on a site, our server checks that activation info to confirm it’s a
legitimate use. All these steps require using the data described in “Data We Collect.”

To Provide Updates and Support: We use your information to send you important
communications about the Product, such as update notifications, security alerts, or support
responses. For example, if we release a new version, the plugin or our email system may notify you.
If you contact support, we will use your email to communicate with you and use details of the
problem to help resolve it. License activation data is used to deliver plugin updates through the
WordPress dashboard when available and to ensure only licensed users with active support periods
can obtain those updates . Additionally, knowing your setup details (like WP version or plugin
version from your support ticket or activation ping) helps us troubleshoot and improve compatibility.

To Improve Our Product and Website: We internally analyze usage information (both from our
website analytics and from aggregated, anonymized license activation data) to understand how
customers are using our product and what can be improved. For instance, we might look at how
many users are still on an older version of the plugin and decide whether to continue supporting it.
Or we might observe common search terms or documentation views on our site to identify where
users have questions. The license activation and update-check data also give us insights such as
the number of active installs and environment details (like common WordPress or PHP versions),
which we use to guide our development and testing . Any information we collect for analytics or
product improvement is typically viewed in aggregate form – we do not profile individual users for
behavioral advertising or anything of that sort. We do not use personal data for any automated
decision-making (like profiling) that would have a legal or significant effect on you.

To Send Optional Communications (Marketing): We may use your contact information to send you
newsletters, updates, or promotional offers, but only if you have opted in to receive such
communications. For example, if there is a major update to the Product or a special discount on
renewal, we might inform customers via email. We might also send a newsletter with tips or
announce new products from us, but again, this will be done in accordance with email marketing
laws (e.g., only with prior consent where required). If you have opted in, you can opt out at any time
(every marketing email will contain an unsubscribe link). We will not use your email for marketing
unless you give us permission. Transactional emails (like receipts, license info, support replies, etc.)
are not considered marketing and will be sent as needed to perform our contract with you.
To Ensure Legal Compliance: We may process and retain personal data as needed to comply with
legal obligations. For instance, we keep records of sales (which contain personal identifiers like
name, email, billing address if provided) for accounting and tax purposes, as required by law. If
required, we might use your data to fulfill obligations under consumer protection law (such as
providing refunds, if applicable, or honoring warranty requests). We also maintain data to have proof
of consent (for example, records of you agreeing to this Privacy Policy or opting into marketing) if
required for demonstrating compliance with GDPR or other laws. Additionally, if law enforcement or
regulatory authorities lawfully require us to provide information, we may use your data to respond
as needed (after verifying the legitimacy of the request).
To Protect Our Rights and Prevent Fraud: We may use personal data as necessary to enforce our
Terms & Conditions and to prevent fraud or misuse of our software. For example, if we detect an
activation pattern that suggests a license key is being shared unlawfully, we might investigate that

using the license activation logs (which include IPs or URLs) and contact the user or take action as
allowed by the Terms. We also use data (like IP addresses or user agent info) in our website logs to
maintain the security of our site, prevent unauthorized access, and mitigate DDoS attacks or
spam. This falls under legitimate interests to keep our services safe and secure.
We will not use your personal data for purposes incompatible with those above without your consent.
In particular, we do not sell your personal information to third parties for their own marketing or any
commercial purpose. We also do not use your data to make automated decisions about you beyond basic
things like determining license validity or detecting fraudulent transactions (and any such automated
checks have human oversight). We limit access to your personal data within our small team to only those
who need to know it for the tasks above (principle of least privilege).

Importantly, we will not use information collected for one purpose for a totally different purpose
without your consent . For example, if you provide us your email for support, we won’t automatically
add it to a marketing mailing list without asking you. Similarly, data collected purely for analytics is not used
to personally identify or contact you. We adhere to the principle of purpose limitation as required by GDPR
meaning we collect data for specific legitimate purposes and do not further process it in a manner
incompatible with those purposes.
Legal Bases for Processing (GDPR)
If you are in a jurisdiction like the European Economic Area (EEA) or UK where the GDPR (or equivalent law)
applies, we are required to inform you of the legal grounds on which we process your personal data. We
generally rely on the following legal bases:

Contractual Necessity: When you purchase our Product or otherwise enter into an agreement with
us, we process your personal data to fulfill our contract with you . This includes processing
payments, providing the Product download and license, delivering updates, and providing support.
For example, using your email to send your license key and plugin download, or using your
information to respond to a support request, is done on the basis that it’s necessary for us to fulfill
our obligations to you under the purchase contract. Without this data, we wouldn’t be able to
provide the product or service you expect.

Legitimate Interests: We process certain data under the basis of legitimate interests . This
applies when we use data in ways that you might reasonably expect and that have minimal privacy
impact, and where our interests are not overridden by your data-protection rights. For instance,
it’s in our legitimate interest to collect license activation data to prevent software piracy and ensure
each license is used according to terms – this benefits our business and, indirectly, all paying
customers by enabling us to sustain the product. We also have a legitimate interest in understanding
how our product is used (through analytics) so we can improve features and fix issues. Another
example is using your email to send minor product announcements or surveys to improve our
service; we believe this is within reasonable expectation for a software vendor-customer relationship
(though you will always have the option to opt out of such communications). When we rely on
legitimate interests, we ensure to balance them with your rights and interests. Security and fraud
prevention is another legitimate interest – using data like IP addresses to secure our site and
product distribution is necessary to protect our business and customers.

Consent: In certain cases, we rely on your consent to process data . The primary example is for
optional marketing emails or newsletters – we will only send these if you have opted in. Another
example is non-essential cookies (like analytics cookies) on the website; we ask for consent via the
cookie banner where required by law (e.g., in the EU) before setting those cookies. If we ever want to
use your data in a way that requires consent (and is not covered by another legal basis), we will
obtain your consent explicitly. You have the right to withdraw consent at any time, and if you do,
we will stop the processing that was based on consent. Withdrawing consent will not affect the
lawfulness of any processing we did before your withdrawal.

Legal Obligation: We will process data when necessary to comply with a legal obligation to which
we are subject . For example, retaining transaction records for tax auditing, or providing
information to law enforcement if we are legally required to do so (and after verifying the request),
would fall under this basis. If an EU law or member state law requires us to keep data for a certain
period or to report something, we will do so as required.
(In GDPR terms, [Your Company/Name] is the “Data Controller” for the personal data we handle; our contact
details are provided at the end of this policy. We do not have a Data Protection Officer (DPO) because we are not
legally required to appoint one given the nature of our processing.)
Third-Party Services and Data Sharing
We do not sell or share your personal information with third parties for their independent marketing or
business purposes. We only share your data in limited situations, such as with service providers who help us
run our business, or if required by law. The third parties with whom we may share data (and why) include:

Payment Processors: As mentioned, we use reputable third-party payment gateways (such as
Stripe and PayPal) to handle credit card transactions and other payment forms. When you make a
purchase, your payment details are provided directly to these processors, and they will process
your payment under their own security and privacy practices . They provide us with the outcome
of the payment (success/failure) and certain information like your name, email, billing address (if
applicable), and an anonymized token or transaction ID. We have to share some data with them to
process the payment (e.g., the purchase amount, order ID, and your email to tie the payment to your
order). These payment companies are data controllers of your payment data in their own right, and
we recommend checking their privacy policies for how they handle your personal information. We
do not receive your full credit card number or bank account info; at most, we see last 4 digits
and card type for reference on receipts.

Email Service Providers: We may use an email service (for example, Mailchimp, SendGrid, or
similar services) to send out our transactional or marketing emails. If you are on our mailing list or
we send you a purchase receipt/license email, your name and email address will be stored on such a
service for the purpose of sending you emails. These providers act as data processors on our
behalf. For instance, if we use Mailchimp for newsletters, your email is stored in our Mailchimp
account to deliver the newsletter (Mailchimp is a service provided by The Rocket Science Group LLC,
based in the USA) . Such providers have access to your email address and any metadata needed
to send the email (like email content, timestamps, etc.), but they are contractually prohibited from
using your data for anything other than providing services to us. You can unsubscribe from
marketing emails at any time, and we will then remove your email from the marketing list.

(Transactional emails for purchases/support are separate, and we use your email there purely to
fulfill those necessary communications.)

Web Hosting and Infrastructure: Our website and license activation server may be hosted by third
party hosting companies. This means that any data you submit through our website (forms, support
requests) or data that our site automatically logs (IP addresses, etc.) will pass through and be stored
on the servers of our hosting provider. These providers could technically have access to data stored
on the server, but they are not allowed to use it. We choose reputable hosting providers with strong
security practices. We also utilize services like Cloudflare or other CDN/security providers, which
may process traffic data (including IP addresses of visitors) for performance and security purposes.
Such infrastructure services act as our processors, handling data to ensure the website runs
smoothly and safely.

Analytics Services: We use third-party analytics tools (such as Google Analytics) on our website to
gather usage information. These tools set cookies and collect site usage data (as described in
“Website Usage Data” above) and provide us with aggregated reports. Google Analytics, for example,
will collect data like your IP address, device info, and on-site behavior, and it may process that data
on Google’s servers (which could be outside your country) . We have configured Google Analytics
to anonymize IP addresses (which means Google truncates your IP so it cannot be easily linked to
you). We use analytics strictly to improve our website and marketing effectiveness – for instance, to
see how many users visit our homepage or documentation pages. Google acts as a processor for us
in this context, though for its own analytics system’s functioning it is often considered a controller as
well. You can opt out of Google Analytics by not consenting to analytics cookies (if our cookie banner
is presented) or by using
Google’s opt-out tools. We do not combine analytics data with any
identifiable customer data; the analytics is more about general website trends.
License Verification API: When the Product checks our server for license validation or updates, it
connects to our server (which might be hosted on a cloud platform). That server might use certain
services or logs internally (for example, it might run on Amazon AWS or other cloud infrastructure).
The data exchanged (license key, site URL, etc.) could be stored in logs for a short period. Those logs
might be accessible to our infrastructure provider for troubleshooting. We treat license check data as
confidential and do not share it externally, but it is processed by the nature of the internet through
various networks.
Legal Disclosure: If required by law, or if we have a good-faith belief that such disclosure is
necessary to (a) comply with a legal obligation (for example, a court order or subpoena), (b) protect
and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of
users of our services or the public, or (d) protect against legal liability, we may disclose certain
personal information to law enforcement authorities or other relevant third parties. We will
attempt to notify you about such requests when permissible and practical. However, we will carefully
review any request to ensure it has valid legal basis and only provide the minimum data necessary.
Business Transfers: In the unlikely event that our business or a portion of it is involved in a merger,
acquisition, sale of assets, or other corporate change, personal data held by us may be transferred
to the succeeding entity. We will ensure continuity of privacy protections in such an event. You would
be notified via our website (and/or email if applicable) of any change in data control, and your
choices would remain (you could opt out or request deletion as applicable).

Other than the scenarios above, only our own team has access to your personal data, and we treat it
with confidentiality. Our team members are bound by confidentiality obligations and trained on data
protection.
No Public Disclosure: We do not publicly display or release your personal information. For example, if you
leave a review or comment on our site (if such functionality exists), we might display your name/username
as provided, but only with your consent or as per your action. We won’t ever post your email or other
sensitive data publicly.
In summary, any sharing of data is either with your consent, at your direction, or as necessary to
complete a transaction or provide a service to you, or as required by law. We strive to ensure any third
party that handles your data is compliant with privacy laws and will use it solely for the purposes we dictate.
Cookies and Tracking Technologies
Our website and software use cookies and similar technologies to ensure functionality and to collect
analytics information. We want to be transparent about what cookies we use and why, as well as how you
can control them.

What Cookies Are: Cookies are small text files placed on your device (computer or mobile) when you visit
a website . They allow the website to remember your actions and preferences (such as login, language,
font size and other display preferences) over a period of time, so you don’t have to re-enter them whenever
you come back to the site or browse from one page to another. Cookies can be “session cookies” which are
temporary and deleted when you close your browser, or “persistent cookies” which remain on your device
until they expire or you delete them .

We also may use related technologies like web beacons (tiny invisible images) or scripts that do similar
things like track when an email was opened or compile usage statistics. For simplicity, in this policy we refer
to all these technologies as “cookies”.
Cookies We Use: We use the following categories of cookies on our site:

Strictly Necessary (Essential) Cookies: These cookies are essential for the operation of our
website and for you to use its features. They enable core functionality such as security,
authentication, and network management. For example, if our site has a shopping cart or login
system, these cookies remember your session so you can add products or remain logged in. Without
these cookies, services you have asked for (like checkout or login) cannot be provided properly.
These cookies do not collect personal data for marketing; they are only used to make the site
function . Because they are necessary, they are typically placed as soon as you visit our site
(regardless of consent, where applicable law permits essential cookies without consent).

Functionality Cookies: These cookies allow our website to remember choices you make and
provide enhanced, more personal features . For instance, a functionality cookie may remember
your preferred language or region or remember that you dismissed a particular notification so it
doesn’t show again. They may also be used to provide services you request, such as playing a video
or remembering your chat history with support. While not strictly necessary, these cookies enhance

your experience on our site. If you disable them, some or all of these services may not function
properly. Importantly, any data stored in functionality cookies is generally anonymized and not used
to track your browsing activity on other sites .

Analytics (Performance) Cookies: We use analytics cookies to understand how visitors use our
website. These cookies collect information such as which pages are most frequently visited, how
long users stay on each page, how they navigated to our site, and if they encounter errors. This
information is collected in an aggregated and anonymized form – it does not identify you personally

. For example, we might use Google Analytics cookies (like
_ga ,
_gid ) to collect such
information. These cookies may track things like how you arrived on our site (e.g., from a search
engine or a referring link), your general geographic location (city/country, not your precise address),
and your behavior on the site (pages clicked, time spent, etc.) . We use these insights to
improve our website’s performance and design. Analytics cookies will generally only be set on
your device if you consent to them (depending on your jurisdiction’s laws) via our cookie consent
banner. You can also opt out of analytics as described in the “Managing Cookies” section below.

Advertising/Marketing Cookies: Currently, we do not use advertising or targeting cookies on our site.
These cookies, if used, would be employed to track browsing habits and activity across our site
and others in order to show personalized ads or to measure the effectiveness of ad campaigns
. They can be set by us or (more commonly) by third-party advertising networks. Such cookies
can remember that you visited our site and may show you related advertisements on other websites.
As of now, our site is focused on our single product and we do not run third-party ads, so we do not
deploy these tracking cookies. If this changes in the future, we will update this policy and request
appropriate consent. (Examples of such cookies could include Facebook Pixel or Google Ads cookies,
but again, we are not using these at this time.)
In addition to the above, third-party services integrated into our site (like the payment checkout, or
embedded YouTube/Vimeo videos, etc.) might set their own cookies. For example, if we embed a tutorial
video from YouTube, YouTube might set cookies to track video views or remember your volume
preferences. These third-party cookies are governed by the third party’s own privacy/cookie policies.

Cookie Consent: On your first visit to our website (and periodically thereafter, as required), you will see a
cookie consent banner or notice, especially if you are visiting from a region that requires consent (like the
EU). This banner informs you that we use cookies and allows you to consent or manage your cookie
preferences . By clicking “Accept All” (if offered) on that banner, you agree to our use of all cookies as
described. You may also choose to customize which types of cookies to accept (e.g., you might allow
essential and functional cookies but decline analytics cookies). Your preferences will be remembered via a
functional cookie so that on subsequent visits the banner may not show again (unless you clear cookies or
the cookie expires). Please note: essential cookies may be set regardless of user consent, as they are
needed for site functionality, but non-essential cookies (like analytics) will not be set until you consent
where applicable law mandates prior consent.
If you are located in certain jurisdictions (such as the United States where explicit cookie consent is not
uniformly required), we may not show a banner and instead rely on your browser settings as acceptance,
while still honoring “Do Not Track” signals or global privacy controls where feasible. Nonetheless, we want
to give all users control, so the following section explains how you can manage cookies manually as well.

Managing Cookies & Your Choices
Browser Settings: You have the right to control and delete cookies. Most web browsers automatically
accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a
cookie is being placed on your device. For example, you can usually find the cookies settings in the
“Options” or “Preferences” menu of your browser. You can configure your browser to block all cookies, to
only allow “trusted” sites to set them, or to accept only certain types of cookies. You can also delete cookies
already stored on your device. Please note that if you choose to disable cookies, some parts of our
website may not function properly – for example, you might not be able to complete a purchase or
maintain a logged-in session .

For convenience, here are links to cookie management instructions for popular browsers:

Google Chrome: See Google’s guide on
Mozilla Firefox: See Mozilla’s page on
cookie settings in Firefox
Microsoft Edge: See Microsoft’s instructions to
Apple Safari: For Mac, see Apple’s guide

managing cookies in Chrome (desktop and Android)
clear and control cookies in Edge
Manage cookies and website data in Safari; on iOS, see
Clear cookies from Safari on your iPhone/iPad.
(If you use a different browser, please consult its help documentation for cookie controls.)
Cookie Preference Center: If our website offers a “Cookie Preferences” or “Cookie Settings” tool (via the
banner or a link in the footer), you can use that interface to toggle certain categories of cookies on or off
even after your initial choice. This is an easy way to withdraw consent for analytics cookies, for example,
without having to change browser settings. When available, we will provide a link (e.g., “Privacy Settings” or
“Cookie Settings”) on our site where you can adjust your preferences at any time.
Do Not Track and Global Privacy Controls: “Do Not Track” (DNT) is a setting available in most browsers
that signals to websites that you do not wish to be tracked. However, there is currently no industry standard
as to how to interpret DNT signals, and as such, our site may not respond to all DNT signals. That said, we
generally only track users on our site for the purposes described (and not across third-party sites except
through standard analytics). Some browsers and extensions now support Global Privacy Control (GPC)
signals which are intended to communicate opt-out of sale/sharing under laws like CCPA; we will honor
such signals in the context of our site’s functionality (though we do not sell data, as noted). If you enable
such signals, our site should recognize them where legally required.
Third-Party Opt-Outs: For third-party tools that set cookies, you can also opt-out directly with those
providers. For example, to opt-out of Google Analytics, you can install the
Google Analytics Opt-out Browser
Add-on which stops Google Analytics from collecting information on any site. For other advertising-related
cookies (though we don’t use them, if you suspect any are present), you can often use industry opt-out sites
like the
NAI Opt-Out or
YourAdChoices (for US) or
Your Online Choices (for EU) to manage preferences.
Remember that cookie preferences are typically stored per browser and device. So if you use multiple
browsers or devices, you should set your preferences on each.
Consequences of Disabling Cookies: If you disable or reject cookies, please be aware that some features
of our service may not function correctly. Essential functions such as adding items to a cart, logging in to

download updates, or remembering your preferences might be affected . We will do our best to provide
a usable experience regardless, but certain conveniences or securities (like maintaining a session) rely on
cookies.
For further details on how we use cookies and data collected through them, please see our Privacy Policy
(above) or contact us with any questions. For more information about cookies in general, you may consult
resources like allaboutcookies.org, which provide helpful guidance.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected,
including for the purposes of satisfying any legal, accounting, or reporting requirements .

Customer and Transaction Data: If you purchase the Product, we will retain your personal
information (name, email, license details, transaction records) for as long as you remain a customer
and typically for a period after that. This retention after your active subscription/license has ended is
to ensure we have records of your transaction for reference, to facilitate reactivation if you return,
and to comply with legal obligations. For example, we generally retain invoice and payment
records for at least 7 years for tax and accounting purposes (this duration may vary based on local
laws). Even if you request deletion of your data, we may need to keep certain financial records as
required by law (we will inform you if that’s the case).
Support Tickets and Communications: We retain support emails and communications for a period
of time to ensure continuity in support (so we have context if you reach out again) and to improve
our services (we might review past issues to create FAQs or improve the product). Typically, support
correspondence is retained for a minimum of 1 year, and older communications may be deleted or
anonymized after a few years if no longer needed. If you want us to delete a specific support email
that contains personal data, you can request it, and we will do so unless we need to keep it for legal
reasons.
License Activation Logs: Data about license activations (site URL, IP, plugin version, timestamp) is
kept in our server logs. These logs are usually automatically rotated or deleted within 12 months
or sooner, unless we need to retain them longer to investigate a security or licensing issue. In
aggregated form (without personal identifiers), activation data may be kept longer for statistical
purposes (e.g., total active license count), but not in a way that can identify you.
Analytics Data: Analytics providers like Google Analytics retain data according to their own policies
and as configured in our account. We have set Google Analytics data retention to [e.g., 14 months] (a
common default), which means user-level and event-level data tied to cookies or advertising IDs will
be deleted automatically after that period. We mainly look at aggregate trends, not individual user
profiles, so we do not maintain identifiable analytics data long-term on our own. Any aggregated
reports we download (which don’t contain personal data) may be kept indefinitely.
Newsletter/Marketing Data: If you have subscribed to our newsletter or marketing
communications, we will retain your contact information for as long as you remain subscribed. If you
unsubscribe, we will remove you from the list immediately and will not send further marketing

emails. However, we may keep a record of your unsubscribe request (email address and the fact you
opted out) to ensure we honor it going forward. If you want complete deletion of your email from
our marketing records, you can contact us to request that (though keep in mind we might then lack
a record to prevent accidental re-addition).

Website Logs: Our web server logs (which contain IP addresses of visitors, pages visited,
timestamps, etc.) are typically kept for a short duration, usually 30 to 90 days, for security
monitoring and analysis, after which they are automatically purged. Some security-related logs (like
firewall or error logs) may be kept slightly longer if they are being analyzed for malicious activity.
They remain protected and accessible only to administrators.
Legal Compliance: In cases where certain data must be kept longer due to legal disputes,
investigations, or to exercise or defend our legal rights, we will retain the data as long as needed for
that purpose. For instance, if we’re involved in a legal claim, we might need to preserve relevant
communications or transaction data until the matter is resolved.
When we no longer have a legitimate need to retain your personal information, we will either delete it or
anonymize it so that it can no longer be associated with you. For example, we might remove personal
identifiers from a dataset, keeping the core information (like sales figures, or number of users) for statistical
analysis but without any data that can identify individuals.
If deletion or anonymization is not immediately feasible (e.g., because the data is stored in secure backups),
we will securely store your personal data and isolate it from further processing until deletion is possible.
Our backup systems are encrypted and have a limited retention as well, so any personal data in backups
will be purged in the normal backup rotation cycle (typically within a few weeks to a few months, depending
on the system).
Your Rights and Choices
You have certain rights regarding your personal data, especially if you are located in the EU/EEA, UK, or
other jurisdictions with data protection laws. We are committed to honoring these rights. Below is a
summary of your rights as a data subject:

Right to Be Informed: You have the right to be informed about how we collect and use your
personal data . This Privacy Policy is intended to provide you with that information. If anything is
unclear, you can always contact us for more details.

Right of Access: You have the right to request a copy of the personal data we hold about you
. This is commonly known as a “Data Subject Access Request.” Upon verification of your identity,
we will provide you with a copy of the data in our records related to you, typically within one month
(as required by GDPR). This will include details of what data is processed and for what purpose, as
well as the sources of that data and any parties with whom it’s shared. Note that this right allows you
to see what information we have about you; there are some exceptions (for example, we might not
be able to share data that includes others’ personal information, or repetitive requests may incur a
fee as allowed by law).

Right to Rectification: If you believe that any personal data we hold about you is inaccurate or
incomplete, you have the right to request that we correct or update it . For instance, if your
email address or name has a typo in our system, or if you’ve legally changed your name, you can ask
us to fix it. We will rectify erroneous data promptly. In some cases, you can also directly update your
information (e.g., if we offer an account profile page), but you can always ask us to handle it.

Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal
data . You can ask us to erase your personal information from our records. We will do so unless
an exemption applies. For example, we may need to retain certain information for legal or legitimate
business reasons (as explained in the Data Retention section). If you request deletion, we will remove
what we can, and we’ll let you know if there’s any data we are required to keep and why. Once we
fulfill a valid erasure request, your data will be gone from our active systems and you would likely
need to re-provide information if you engage with us again (for instance, if you delete your data but
later purchase another license, we won’t have your old account info anymore).

Right to Restrict Processing: In certain circumstances, you have the right to ask us to limit the
processing of your data . This means we would store your data but not use it further (beyond
storing it). You might exercise this right if you contest the accuracy of the data (until it’s corrected), or
if you object to processing and we are evaluating that request, or if processing is unlawful but you
prefer restriction over deletion. When processing is restricted, we will flag the data in our system to
ensure it’s not used for anything except the specific reasons allowed (like legal claims or with your
consent).

Right to Data Portability: You have the right to obtain your personal data in a structured,
commonly used, and machine-readable format, and to request that we transmit it to another
controller where technically feasible . This right applies to data you provided to us which is
processed by automated means based on consent or contract. For example, you could ask for an
export of the personal information you gave us when signing up or purchasing (like your account
details and purchase history) in a CSV or JSON format, either for your own use or to transfer to a
service of your choosing. We will provide the data in a commonly used format and help transfer it if
possible. Note that this is different from the right of access; portability focuses on electronic data
moving to another service.

Right to Object: You have the right to object to certain types of processing of your personal data. For instance, you can object to processing carried out based on our legitimate interests
(including profiling on those grounds), and we will honor it unless we have compelling legitimate
grounds to continue or the processing is needed for legal claims. Most notably, you have an absolute
right to object to your data being used for direct marketing purposes . So if you ever receive a
marketing email from us and you don’t want them, you can opt out and we will stop sending them.
You can also object to any automated decision-making (though we don’t do that with any legal
effects on you). If you object to processing that we believe is essential (e.g., for providing the
service), we will inform you if we cannot cease processing and why (perhaps inviting you to instead
delete your data if you prefer).

Rights Related to Automated Decision-Making and Profiling: You have rights to not be subject to
a decision based solely on automated processing, including profiling, which produces legal effects or
similarly significant effects on you . As mentioned, we do not engage in fully automated

decision-making with legal or significant effects using personal data. We might use automated
processes to detect fraudulent transactions or license misuse, but any enforcement actions involve
human review. If that ever changes, we will inform you and ensure you have the right to contest
such decisions or request human intervention.

Right to Withdraw Consent: If we are processing your personal data based on your consent, you
have the right to withdraw that consent at any time. For example, you can unsubscribe from our
newsletter (withdrawing consent to marketing emails), or turn off non-essential cookies via our
cookie settings (withdrawing consent to analytics). Withdrawing consent will not affect the
lawfulness of processing we carried out before your withdrawal, and it won’t affect processing under
other bases (for instance, if you withdraw consent for marketing, we might still process your data
under contract for your purchase, etc.). If you withdraw consent for something like analytics cookies,
we will stop collecting data from those tools going forward.
To exercise any of these rights, please contact us at [Contact Email] with your request. For security, we may
need to verify your identity before fulfilling certain requests (especially for access, deletion, or portability, to
ensure that we’re giving data to the right person). We will respond to your request within one month, or
inform you if we need more time (up to an additional two months for complex requests, as allowed by
GDPR). There is no fee for making a request, unless it’s manifestly unfounded or excessive/repetitive, in
which case we may charge a reasonable fee or refuse the request (we would explain why in such cases).
If you are not in the EU but are in a region with similar rights (such as certain US states like California, which
grants access and deletion rights under the CCPA/CPRA), we will extend the same courtesy of those rights to
you. For example, California residents have the right to know what personal information is collected and to
request deletion or opt-out of sale; since we don’t sell data and we’ve covered access/deletion already,
you’re essentially covered. We treat all users’ data with respect and generally provide these controls to
everyone, not just those strictly entitled by law, whenever feasible.
Right to Lodge a Complaint: If you believe we have not complied with applicable data protection laws or
have infringed your privacy rights, you have the right to file a complaint with a supervisory authority. For
EU users, this is typically your country’s Data Protection Authority (DPA). For example, if you’re in the UK,
you can complain to the ICO; if in France, to the CNIL; in Germany, to your state’s DPA, etc. A list of DPAs can
be found on the European Data Protection Board’s website. For California residents, you can contact the
California Attorney General or the California Privacy Protection Agency. We kindly ask that you try to resolve
any issue with us first by contacting us directly – we take privacy seriously and will do our best to address
your concerns.
Data Security
We implement appropriate technical and organizational measures to secure your personal data and
protect it against unauthorized access, loss, destruction, or alteration. While no system is 100% secure, we
strive to follow industry best practices to safeguard information. Our security measures include:

Encryption: Our website is served over HTTPS, which means that any data transmitted between
your browser and our site (such as when you enter personal information on an order form) is
encrypted in transit using TLS (Transport Layer Security). Likewise, sensitive data in our
databases (like passwords if accounts are used, or license keys) are encrypted or hashed. Payment

information is handled by third parties with strong encryption standards (PCI DSS compliant). We
also use encryption for device backups or physical storage containing personal data.

Access Controls: We restrict access to personal data to authorized personnel who have a legitimate
need to know. Our small team is trained on confidentiality and data protection. Administrative access
to servers, databases, and third-party dashboards (e.g., payment portal, email marketing list) is
protected with strong passwords and, where available, multi-factor authentication (MFA). We log
access and maintain audit trails for critical systems to detect any unauthorized access.
Storage Security: Personal data is stored on secure servers provided by reputable hosting providers
with robust security track records. We keep software up to date with security patches (both on our
servers and within the Product itself, to guard against vulnerabilities). Regular backups are made to
ensure data resilience, and those backups are secured and encrypted. We segregate environments
(for example, test/development environments use dummy data, not real customer data, whenever
possible).
Monitoring and Testing: We employ firewalls and intrusion detection/prevention systems to protect
our infrastructure. We monitor for suspicious activities, such as repeated failed logins or abnormal
server loads, and have measures to block malicious IPs (possibly through services like Cloudflare or
fail2ban). We periodically review our security practices and may run vulnerability scans or engage in
security assessments. If we use third-party software libraries, we keep them updated to mitigate
known vulnerabilities.
Payment Security: As described, we do not handle credit card data directly, but our chosen
payment processors are PCI-compliant. When you enter payment details on our checkout, that
information is transmitted directly to the processor; our site may receive a token or confirmation but
not the sensitive card number or CVV. This delegation to expert processors adds a layer of security
for financial info.
Despite these efforts, it’s important to acknowledge that no method of transmission over the Internet,
and no method of electronic storage, is completely secure. We cannot guarantee absolute security.
However, we do maintain a security-first mindset and will continue to update and improve our security
measures as new technologies and best practices emerge.
In the unlikely event of a data breach that affects your personal data, we will follow applicable laws in
notifying you and relevant authorities. This would include determining the scope of the breach, restoring
system integrity, and informing affected individuals with information on what happened and
recommendations for protecting themselves.
We also encourage you to take steps to protect your own data. This includes using strong, unique
passwords for any accounts (e.g., if we offer an account login on our site), not sharing your license keys
publicly, and being aware of phishing attempts (we will never ask you for your password via email, for
example). If you have any reason to believe your interaction with us is no longer secure (for instance, if you
suspect your account or payment information has been compromised), please contact us immediately.

International Data Transfers
We are based in [Your Country] and the majority of our operations (including data storage) occur in [Your
Country]. However, in today’s interconnected world, the personal data we collect may be transferred to or
accessible from other countries:

European Union (EU)/United Kingdom Users: If you are located in the EU, UK, or other regions
with data transfer restrictions, please note that your data will likely be transferred to and processed
in [Your Country] (if outside the EU) and/or other countries. For example, if you’re in the EU and you
purchase our Product, your data will travel to our servers in [Your Country] in order to fulfill the
contract. Some of our third-party service providers are also located outside the EU (for instance, we
might use Amazon Web Services in the USA, Google Analytics in the USA, or Mailchimp in the USA)
. The USA and other non-EEA countries may not have data protection laws equivalent to those
in your home jurisdiction.
When we transfer personal data out of the EU/EEA, we take steps to ensure that appropriate safeguards
are in place to protect your information in accordance with GDPR Chapter V. These safeguards may include:

Relying on countries that have been deemed “adequate” by the European Commission (meaning
they offer sufficient data protection, e.g., if our hosting was in an adequate country).
Using Standard Contractual Clauses (SCCs) approved by the European Commission in our contracts
with service providers, which legally commit them to protect your data to EU standards.
Ensuring that our U.S. service providers are certified under frameworks like the EU-U.S. Data Privacy
Framework (DPF), if applicable, or have other binding corporate rules or certifications.
For example, our email service Mailchimp participates in the DPF as of 2025, or Google has SCCs and
additional supplementary measures in place for Google Analytics. We keep informed of legal developments
and will adjust our transfer mechanisms accordingly (e.g., if relying on SCCs, we perform Transfer Impact
Assessments to verify that the data will be adequately protected in practice).

Other International Users: If you are accessing from other jurisdictions (e.g., Canada, Australia,
India, etc.), your data will similarly be transferred to our locations or those of our processors. By
using our site or purchasing our Product, you consent to your data being transferred to and
processed in these countries. We will handle it with the same care as described in this policy
regardless of location.
It’s our goal to ensure that wherever your data is processed, it is afforded a high level of protection.
However, you should be aware that different countries have different privacy laws and authorities, and in
some cases, foreign governments or courts may have access to your data under their local laws. For
instance, data stored in the U.S. might be subject to lawful requests by U.S. authorities. We will only disclose
data to such authorities if required by law (as described earlier under Third-Party Disclosure), and we’ll push
back when appropriate.
If you would like more information about the specific transfer safeguards we have in place for your data
(such as a copy of the Standard Contractual Clauses we use), you can contact us and we’ll be happy to
provide more detail, to the extent it doesn’t breach confidentiality.

Children’s Privacy
Our website and Product are not directed to children under the age of 16 (or the relevant age of consent
for data processing in your jurisdiction, if different). We do not knowingly collect personal information from
children. If you are under 16, please do not use our site or purchase the Product without parental consent.
We do not sell services to children, and the nature of our Product (a WordPress plugin for websites) is
generally not of interest to young children.
If we become aware that we have inadvertently collected personal data from a child under 16 without
proper consent, we will take steps to delete such information as soon as possible. If you are a parent or
guardian and you believe that your child under 16 has provided us with personal information, please
contact us immediately so that we can locate and delete the data.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal
requirements, or for other operational reasons. If we make material changes to how we handle your
personal information, we will provide a prominent notice (e.g., on our website or by email notification to
customers, if appropriate) prior to the change becoming effective, and we will indicate at the top of the
policy when it was last updated.
For example, if we were to start collecting additional personal data not currently collected, or begin using
your data for a new purpose, we would update this Policy and notify you as required. We encourage you to
review this Privacy Policy periodically to stay informed about how we are protecting your information.
Your continued use of our website or services after any modifications to this Privacy Policy will constitute
your acknowledgment of the changes and agreement to abide and be bound by the updated policy. If you
do not agree with any changes, you should stop using our site and services, and you may request that we
remove your personal data (as per your rights outlined above).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or about how we handle your
personal data, please do not hesitate to contact us:
Email: [Privacy Contact Email]
Address: [Your Business Address, if applicable]
Phone: [Phone number, if you provide one for privacy inquiries]

We will gladly assist with any inquiries or issues you might have. Your privacy is important to us, and we
strive to be transparent and responsive to your needs.
If you contact us to exercise any of your rights, please include your name, the email address associated with
your purchase or account, and detail the request. We may need to verify your identity to ensure we’re
dealing with the correct individual. We will respond as soon as possible, and no later than any timeframe
required by law.

Thank you for reading our Privacy Policy. We value your trust and are committed to protecting your
personal information while providing you with a useful and enjoyable product experience