Privacy for WordPress site owners and cloud teams

Effective date: June 1, 2026. This policy explains how WPLURA handles website, account, plugin, and cloud workflow data across product-scoped services.

Submit Privacy Request Legal Center

Plain-language summary

We separate local plugin behavior from optional cloud workflows, avoid collecting cloud passwords inside WordPress admin screens, and use product-scoped retention, deletion, and support paths.

Scope

What this policy covers

This policy applies to WPLURA public pages, cloud account services, product account views, support flows, and plugin-connected workflows when a site owner enables them.

Who may interact with WPLURA

Website visitors reviewing public content, pricing, SiteCheck, documentation, or contact flows.
WordPress administrators using WPLURA plugins as local site agents.
Cloud account users managing subscriptions, reports, sites, billing, support, or product workflows.
Security researchers, support contacts, and legal/privacy requesters.

What this policy does not replace

Product documentation, plugin readme disclosures, the Data Processing Addendum, and customer contracts may provide additional details for specific integrations, subprocessors, service commitments, or enterprise arrangements.

Data Categories

What WPLURA may process

Account and access data

Information needed to create accounts, authenticate users, protect sessions, support teams, and enforce tenant boundaries.

Name, email, organization, role, and account status
Authentication/session metadata and security events
Support conversations and legal notices

Site and product workflow data

Product-scoped operational data generated when a WordPress admin chooses to use plugin workflows or cloud-connected services.

Site identity, product activation state, entitlement context
Scan, backup, restore, report, alert, and incident metadata
Configuration choices, job status, audit events, and retention/deletion state

Public website and diagnostic data

Limited website, form, and diagnostic data used to run public pages, route requests, prevent abuse, and improve reliability.

Contact and SiteCheck form submissions
Cookie, preference, analytics, and abuse-prevention signals
Request metadata such as IP address, user agent, timestamps, and error logs

Controls

How privacy is handled by design

Local-first where the plugin can stay local

WPLURA products are designed so local plugin capability is not automatically treated as cloud processing. Product pages and plugin disclosures explain where cloud workflows begin.

Consent and activation before cloud workflow

Cloud processing is tied to account, product, entitlement, and activation flows. The WordPress plugin must not ask for or store cloud account passwords.

Purpose-limited processing

We process data for requested product workflows, security operations, billing, support, abuse prevention, legal compliance, and service reliability.

Bounded retention and deletion controls

Operational records are retained only as needed for product, security, compliance, or account purposes, with product-specific cleanup and deletion workflows.

Product Annexes

Product-specific privacy notes

WPLURA products do not all process the same data. These notes summarize the practical difference between local plugin capability and cloud workflows.

WPLURA Security

Local checks can run without a paid cloud plan where the product supports that local baseline.
Cloud reports, remote scans, entitlement decisions, and customer account views use product-scoped cloud processing.
External service use is disclosed in product documentation and plugin readme materials.

WPLURA Revenue Shield

Local processing consent and cloud processing consent are separate.
Revenue-risk reports, incident artifacts, upload sessions, and retention controls are product-scoped.
Customer-owned deletion controls may block plugin/cloud sync while deletion is pending or running.

WPLURA Backup Restore & Disaster Recovery

Local backup/restore workflows and managed cloud backup/DR workflows are separate operating models.
Cloud workflows use policy, entitlement, durable job state, and storage controls.
Permanent object-store credentials are not stored in the plugin or exposed in plugin logs.

WPLURA Diagnostics

Core diagnostics are local-first and currently free.
A cloud account is not required for core local diagnostics behavior.
Diagnostic retention should remain bounded by plugin settings and cleanup behavior.

Rights and Contact

Access, correction, deletion, objection, and support

Data controller legal name: WPLURA
Privacy email: privacy@wplura.com
Support email: support@wplura.com
Postal address: Dhaka, Bangladesh
Privacy rights request path: /contact