Legal
Privacy Policy
Effective June 1, 2026
1. Information we collect
Account information. Your name, email address, and password (stored as a salted hash, never in plain text), used to operate your account and send transactional email such as verification, password reset, and alerts.
Connected-site metadata. For each WordPress site you connect, the agent plugin reports the site URL, WordPress, PHP, and server versions, the active theme and plugin inventory, and Site Health diagnostics. This is used to power the dashboard, uptime and update checks, and security scanning.
Backups. Backup archives of your database and/or files are encrypted before they leave your server and stored either on our managed infrastructure or on storage you configure and control, depending on your plan.
Aggregate performance telemetry. If you enable Real User Monitoring on a site, it collects anonymous Core Web Vitals and page-load timing from that site's visitors: no page content, no visitor names, emails, or other personally identifying information, and no cookies. Query strings are stripped from recorded page paths before storage.
Billing information. We do not collect or store your card details. Payment information is collected and processed by whichever payment provider you choose at checkout: Razorpay, Stripe, or Paddle. See section 3.
Operational logs. Standard request and error logs needed to run, secure, and troubleshoot the Service.
2. How we use information
We use the information described above to:
- Provide, operate, and maintain the dashboard and the features you enable.
- Authenticate your account and secure it against unauthorized access.
- Send transactional email: verification, password reset, and alerts you opt into.
- Process payment, manage your subscription, and communicate billing changes.
- Monitor, debug, and improve the reliability and security of the Service.
- Comply with legal obligations and enforce our Terms of Service.
We do not sell your data, and we do not use your account or site data for advertising.
3. Sub-processors
We share data with a small number of sub-processors, each engaged solely to operate the Service on our behalf:
- Google Cloud Platform hosts the control plane, database, and managed backup storage.
- Stripe, Inc. and Razorpay Software Private Limited are payment processors for payments made through those providers. For those payments, WPMgr - WordPress Manager is the seller, and Stripe or Razorpay processes the payment on our behalf. Each receives the billing and contact data needed to process your payment and acts as an independent data controller for that billing data under its own privacy policy.
- Paddle.com Market Ltd is our payment processor and merchant of record for sales it processes. Paddle receives the billing and contact data needed to process your payment, calculate tax, issue invoices and receipts, and process refunds for Paddle-processed sales. Paddle acts as an independent data controller for that billing data under its own privacy policy.
- A transactional email provider, used solely to deliver account emails.
Self-hosted deployments of the WPMgr control plane involve no sub-processors at all.
4. Data location and international transfers
Hosted-service data is stored on Google Cloud Platform infrastructure. Where data is transferred across borders, for example to Stripe, Razorpay, or Paddle for payment processing, we rely on the sub-processor's own safeguards, such as standard contractual clauses, for that transfer. Contact us at support@wpmgr.app if you need details about a specific transfer.
5. Data retention
We retain account and site data for as long as your account is active. Backup archives are retained according to your plan's retention settings. If you close your account, we delete or anonymize account and site data within a commercially reasonable period, except where we are required to retain records (for example billing records) for legal or tax purposes.
6. Security
- Backup archives are encrypted before they leave your server.
- All network traffic to and from the Service uses TLS.
- Agent-to-control-plane requests are cryptographically signed and replay-protected.
- Passwords are stored as salted hashes; we never store plain-text passwords.
- The control plane and agent are open source at https://github.com/mosamlife/wpmgr, so our security design is auditable rather than taken on faith.
7. Your rights
You can access, correct, export, or delete your account data at any time by contacting support@wpmgr.app. Depending on your jurisdiction, you may also have the right to object to or restrict certain processing, or to lodge a complaint with your local data protection authority. We will respond to verified requests within a reasonable time and in any event within the period required by applicable law.
8. Cookies
The hosted dashboard uses a minimal set of cookies: a session cookie required to keep you signed in, and, where enabled, a cookie that remembers a trusted device for two-factor authentication. We do not use advertising or cross-site tracking cookies on the dashboard. Real User Monitoring, described above, does not use cookies.
9. Children's privacy
The Service is a business tool for managing WordPress sites and is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us at support@wpmgr.app and we will delete it.
10. Changes to this policy
We may update this Privacy Policy as the Service evolves. We will post the updated policy here with a new effective date, and for material changes we will provide reasonable advance notice by email or in the dashboard.
11. Contact
Questions about this policy or a request regarding your data: support@wpmgr.app. Our registered address is Ahmedabad, Gujarat, India.
Questions about this policy?
Reach us at support@wpmgr.app.