Privacy Policy

1. Who We Are

AutomagicWP is operated by Chris Jayden, an Eenmanszaak (sole proprietorship) registered in the Netherlands.

Chris Jayden is the data controller for the personal data described in this policy. We are subject to Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR").

2. What Data We Collect

2.1 Account Data

When you create an account we collect: your name, email address, and a hashed password. If you sign in via an OAuth provider (e.g. GitHub) we receive only what that provider shares with us (typically name, email, and avatar URL).

2.2 Billing Data

Payments are processed by Stripe. We store your subscription plan and billing status. We do not store full card numbers or raw payment details. Those remain with Stripe under their own privacy policy and PCI DSS compliance.

2.3 Plugin & Release Data

Plugin ZIP files and release assets you upload are stored in Cloudflare R2 object storage. We store associated metadata (plugin name, version numbers, release notes, timestamps). Plugin file contents are not accessed, scanned, or processed beyond storage and delivery.

2.4 Usage & Analytics Data

We use Pirsch Analytics (Pirsch GmbH, Germany) to understand how visitors use our website. Pirsch is cookie-free and GDPR-compliant by design: it processes only anonymised, aggregated data and does not track individuals across sites. No personal data is shared with Pirsch.

We also collect internal product usage metrics (e.g., number of plugin releases, API call counts) for billing and service improvement. These are tied to your account, not shared with third parties.

2.5 Communication Data

We use Bento (bentonow.com) to send transactional emails (e.g. account verification, billing receipts) and occasional product update emails. Your email address is shared with Bento for this purpose. You can unsubscribe from marketing emails at any time via the unsubscribe link in each email; transactional emails cannot be opted out of while your account is active.

2.6 Technical Logs

Our servers and hosting provider (Vercel) may log IP addresses, request timestamps, and error traces for security, debugging, and abuse prevention. These logs are retained for up to 30 days.

3. Legal Basis for Processing (GDPR)

4. Data Sharing & Third Parties

We do not sell your personal data. We share it only with the following sub-processors, each bound by a Data Processing Agreement (DPA):

• Vercel Inc. (USA):application hosting. Covered by Standard Contractual Clauses.
• Cloudflare Inc. (USA):R2 object storage for plugin files. Covered by Standard Contractual Clauses.
• Stripe Inc. (USA):payment processing. Covered by Standard Contractual Clauses and certified under EU-US Data Privacy Framework.
• Bento / Bentonow.com:transactional and marketing email delivery.
• Pirsch GmbH (Germany):anonymous website analytics. Based in the EU; no personal data transferred.

We may disclose personal data if required to do so by law or in response to valid legal process from Dutch or EU authorities.

5. International Data Transfers

Some of our sub-processors are based outside the European Economic Area (EEA), primarily in the United States. Where personal data is transferred outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the EU-US Data Privacy Framework where applicable.

6. Data Retention

• Account data: Retained for the duration of your account. Upon account deletion, your personal data is deleted or anonymised within 30 days, unless we are required to retain it by law (e.g. tax records, up to 7 years under Dutch law).
• Plugin files: Deleted from R2 within 30 days of account deletion or manual removal.
• Server logs: Retained for up to 30 days.
• Billing records: Retained for 7 years as required by Dutch tax law (Belastingdienst).

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights. To exercise any of them, contact us at support@automagicwp.com.

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17): You can ask us to delete your personal data, subject to legal retention obligations.
• Right to restriction (Art. 18): You can ask us to restrict processing of your data in certain circumstances.
• Right to data portability (Art. 20): You can request your account data in a machine-readable format.
• Right to object (Art. 21): You can object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

We will respond to requests within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch supervisory authority:

8. Cookies

AutomagicWP uses only strictly necessary session cookies for authentication. We do not use tracking or advertising cookies. Our analytics provider (Pirsch) is cookieless. You do not need to accept any cookie banner to use this service.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption in transit, hashed password storage, and access controls on our infrastructure. However, no method of transmission over the internet is 100% secure.

10. Children

AutomagicWP is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of the service after the effective date of changes constitutes acceptance of the updated policy.