Legal

Privacy Policy

How WPSafer collects, uses, and protects your information when you use our platform.

Effective: January 1, 2025 Last Updated: April 6, 2026 GDPR Compliant

Contents

Introduction

WPSafer (“we,” “our,” or “us“) operates the WPSafer platform — a Software-as-a-Service (SaaS) solution for remote WordPress site management, available at wpsafer.com and via our WordPress plugin.

This Privacy Policy explains what personal and technical data we collect, why we collect it, how we store and protect it, and what rights you have over your data. By using WPSafer, you agree to the practices described in this policy.

WPSafer processes data both as a Data Controller (for our own users’ account data) and as a Data Processor (for end-user data on the WordPress sites you manage through our platform).

Information We Collect

We collect information in the following categories:

Category	Data Points	Source
Account Information	Name, email address, hashed password, account creation date, subscription plan	Provided by you at registration
Billing Information	Subscription status, plan tier, PayPal payer ID, transaction IDs	PayPal Subscriptions API webhook
Connected Sites	WordPress site URLs, site nicknames, plugin version, PHP/WP versions, last sync timestamp	WPSafer plugin on your sites
Backup Data	WordPress core files, themes, plugins, uploads, and database exports from sites you connect	WPSafer plugin during backup operations
Security & Uptime Logs	Uptime check results, malware scan results, plugin/theme vulnerability reports	WPSafer automated monitoring
Technical & Usage Data	IP address, browser type, dashboard activity logs, API request timestamps	Automatically via server logs
Authentication Tokens	JWT bearer tokens used for plugin↔backend communication (short-lived, never stored long-term)	Generated at authentication

We do not collect raw payment card numbers. All payment processing is handled directly by PayPal.

How We Use Your Data

We use the data we collect for the following purposes:

Service delivery — Providing backup, monitoring, update management, and security scanning features for your connected WordPress sites.
Account management — Creating and maintaining your user account, authenticating sessions, and managing subscription access.
Billing & subscription — Processing payments via PayPal, sending subscription confirmation and renewal notices, and resolving billing disputes.
Security — Detecting unauthorized access, preventing fraud, and protecting the integrity of our platform and your data.
Product improvement — Analyzing aggregated, anonymized usage patterns to improve platform features and reliability.
Support — Responding to help requests, diagnosing issues, and communicating important platform updates.
Legal compliance — Meeting our obligations under applicable laws and regulations.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Data Storage & Security

Your account data and site metadata are stored in our secured database. Backup files and other large assets are stored in a private, encrypted cloud storage located in the European Union (Frankfurt, DE). All files are stored with private access controls; download links are served exclusively through our backend — never via direct public URLs.

We implement the following security measures:

All data in transit is encrypted using TLS (HTTPS).
Plugin-to-backend communication uses short-lived JWT bearer tokens.
Backup operations use single-use tokens invalidated immediately after use.
Passwords are stored as salted hashes; plaintext passwords are never retained.
Database access is role-restricted; plugin connections use read-only credentials where applicable.
Site credentials stored within our system are encrypted at rest.

Data residency: Primary storage is located in the European Union (Frankfurt, DE). If you are located outside the EU, your data may be transferred to and processed in the EU. Such transfers are covered by appropriate safeguards in accordance with GDPR requirements.

Third-Party Services

WPSafer integrates with the following third-party services that may process your data:

Service	Purpose	Data Shared
PayPal	Subscription payment processing	Name, email, subscription plan — governed by PayPal’s Privacy Policy
Cloud Storage Provider	Encrypted backup & asset storage	Backup files — stored in private, access-controlled buckets in the EU
screenshotapi.net	Fallback screenshot generation for connected sites	Site URLs only — no personal user data

Each third-party service operates under its own privacy policy. We encourage you to review their respective policies. We select processors that maintain appropriate security standards and, where required, enter into Data Processing Agreements.

Data Retention

Account data — Retained for the duration of your account plus 90 days after deletion, to allow recovery if needed.
Backup files — Retained per your plan’s backup retention policy. You may delete individual backups at any time from your dashboard.
Activity & security logs — Retained for up to 12 months for security and troubleshooting purposes.
Billing records — Retained for 7 years in accordance with applicable tax and accounting regulations.
Deleted site data — Sites moved to trash are retained for 30 days before permanent deletion, allowing restoration.

Upon account termination you may request complete data erasure (see Section 7). Anonymized, aggregated analytics data may be retained indefinitely.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights regarding your personal data:

Right to Access Request a copy of the personal data we hold about you.

Right to Rectification Request correction of inaccurate or incomplete data.

Right to Erasure Request deletion of your personal data (“right to be forgotten”).

Right to Portability Receive your data in a structured, machine-readable format.

Right to Restrict Request restriction of processing in certain circumstances.

Right to Object Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@wpsafer.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Cookies

Essential cookies — Required for authentication and session management on the WPSafer dashboard. These cannot be disabled without affecting service functionality.
Preference cookies — Store your dashboard settings (e.g., table sort order, items per page).
Analytics cookies — Anonymized usage statistics to understand how the dashboard is used. No personally identifiable data is shared with analytics providers.

Our WordPress marketing site (wpsafer.com) may use cookies for analytics purposes. You may control cookie preferences through your browser settings.

Children’s Privacy

WPSafer is a professional service intended for adults. We do not knowingly collect personal information from individuals under the age of 16. If you believe a minor has provided us with personal data, please contact us immediately and we will take steps to delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the “Last Updated” date at the top of this page.
Send an email notification to registered users at least 14 days before the changes take effect.
Display a notice in your WPSafer dashboard.

Your continued use of WPSafer after the effective date of any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

WPSafer

Email: privacy@wpsafer.com

Website: https://wpsafer.com

For data protection inquiries, you may also contact our support team through the dashboard.