Privacy policy

This Privacy Policy explains how WPShift collects, uses, stores, shares, and protects personal data in connection with the WPShift platform, website, dashboard, APIs, and related services (collectively, the “Service”).

WPShift is registered in the Netherlands under KvK number 94904561.

If you have questions about this Privacy Policy or our data practices, you can contact us at:

WPShift
Email: info@wpshift.io
Website: wpshift.io

1. Who we are

For the purposes of applicable data protection law, including the General Data Protection Regulation (“GDPR”), WPShift is the controller of the personal data described in this Privacy Policy, except where we act as a processor or service provider on your behalf.

In some cases, WPShift may process personal data as a processor on behalf of users who use the Service to host, manage, or process data relating to their own websites, applications, or end users.

2. What data we collect

We may collect and process the following categories of personal data:

2.1 Account and profile information

• name

• email address

• billing address

• company name

• account credentials and authentication-related data

• account preferences and settings

2.2 Billing and transaction information

• subscription status

• invoices and billing records

• payment-related metadata

• tax information where applicable

• transaction identifiers from payment providers such as Paddle

We do not typically store full payment card details ourselves where payments are processed by third-party payment providers.

2.3 Technical and usage data

• IP addresses

• browser type and device information

• operating system

• log data

• timestamps

• pages viewed

• actions taken in the dashboard

• API usage data

• diagnostic and performance information

2.4 Infrastructure and integration data

When you connect providers or infrastructure services, we may process data such as:

• cloud provider account identifiers

• server names and IP addresses

• DNS data

• deployment metadata

• SSH public keys and related access configuration data

• backup, monitoring, or usage metadata

• service configuration details

2.5 Support and communications data

• support requests

• emails and chat communications

• feedback and survey responses

• troubleshooting materials you provide to us

2.6 Website and cookie data

When you visit our website, we may process data collected through cookies or similar technologies, such as session information, analytics data, and website interaction data.

3. How we collect data

We collect personal data:

• directly from you when you create an account, use the Service, contact us, or purchase a subscription;

• automatically when you use the website or Service;

• from third-party services you connect to WPShift;

• from payment processors or resellers involved in transactions, such as Paddle;

• from service providers, analytics providers, and infrastructure partners.

4. Purposes of processing

We may process personal data for the following purposes:

• creating and managing accounts;

• providing, operating, and maintaining the Service;

• provisioning and managing servers and related infrastructure;

• authenticating users and securing accounts;

• processing subscriptions, billing, invoicing, and renewals;

• providing customer support;

• monitoring usage, performance, abuse, and security;

• sending service-related notices and operational communications;

• improving the Service, troubleshooting issues, and developing new features;

• complying with legal obligations;

• enforcing our legal rights, Terms of Service, and internal policies.

5. Legal bases for processing

Where GDPR applies, we rely on one or more of the following legal bases:

• Performance of a contract: where processing is necessary to provide the Service, manage your account, or fulfill transactions.

• Legitimate interests: where processing is necessary for security, fraud prevention, analytics, product improvement, customer support, enforcing our rights, or operating our business, provided those interests are not overridden by your rights.

• Legal obligation: where processing is required to comply with tax, accounting, sanctions, legal process, or other regulatory obligations.

• Consent: where required by law, for example for certain marketing communications or non-essential cookies.

• Establishment, exercise, or defense of legal claims: where necessary in relation to disputes or enforcement.

6. When we act as controller and when we act as processor

WPShift generally acts as a controller for personal data relating to:

• your account;

• billing and subscription management;

• support communications;

• website analytics and operational logging;

• security and abuse-prevention processes.

WPShift may act as a processor or similar service provider role when processing data on your behalf in connection with the infrastructure, applications, or websites you manage using the Service.

You are responsible for ensuring that you have an appropriate legal basis for any personal data you upload to or process through the Service.

7. Sharing of personal data

We may share personal data with:

• payment processors and billing providers, including Paddle, where relevant for payment and subscription handling;

• infrastructure and hosting providers, including Hetzner where relevant for WPShift Cloud and related infrastructure;

• analytics, monitoring, logging, email, support, or communication providers;

• professional advisers, auditors, insurers, and legal counsel;

• regulators, courts, law enforcement, or competent authorities where required by law;

• affiliates, successors, or acquirers in connection with a merger, acquisition, financing, or sale of assets.

We do not sell your personal data to advertisers.

8. Hetzner and infrastructure processing

WPShift Cloud currently runs on infrastructure provided by Hetzner. As a result, infrastructure-related personal data, server metadata, IP addresses, logs, and other operational data may be processed through systems operated by Hetzner or related infrastructure providers.

Hetzner publishes terms and data protection information for its services and also offers a GDPR-oriented Data Processing Agreement framework for controller-processor relationships.

9. International data transfers

Your personal data may be processed in countries other than your country of residence.

Where required by applicable law, we will take appropriate measures to ensure that international transfers of personal data are protected by suitable safeguards, such as contractual protections, adequacy decisions, or other lawful transfer mechanisms.

10. Data retention

We retain personal data for as long as necessary for the purposes described in this Privacy Policy, including to:

• provide the Service;

• maintain account and billing records;

• resolve disputes;

• enforce agreements;

• comply with legal, tax, accounting, and regulatory obligations;

• maintain security and abuse-prevention logs for an appropriate period.

Retention periods may vary depending on the type of data and the reason for processing.

When data is no longer needed, we will delete it or anonymize it where reasonably possible.

11. Security

We take reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, disclosure, or alteration.

However, no method of transmission over the internet or method of electronic storage is completely secure. We therefore cannot guarantee absolute security.

You are also responsible for maintaining the security of your own account, credentials, infrastructure, and connected services.

12. Your rights

Depending on your location and applicable law, you may have rights regarding your personal data, including the right to:

• access your personal data;

• correct inaccurate personal data;

• request deletion of your personal data;

• restrict processing;

• object to certain processing;

• request portability of your personal data;

• withdraw consent where processing is based on consent;

• lodge a complaint with a supervisory authority.

If you want to exercise your rights, contact us at info@wpshift.io.

We may request additional information to verify your identity before responding to certain requests.

13. Cookies and similar technologies

We may use cookies and similar technologies to operate the website and Service, remember preferences, improve functionality, analyze usage, and support security.

Where required by law, we will ask for consent before placing non-essential cookies.

You can usually control cookies through your browser settings. Disabling some cookies may affect website or Service functionality.

14. Third-party websites and services

The Service may contain links to or integrations with third-party websites, tools, or services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you use.

15. Children

The Service is not intended for children under the age of 18, and we do not knowingly collect personal data from children under 18.

If you believe that a child has provided us with personal data, please contact us so we can take appropriate action.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may provide notice through the Service, by email, or by updating the date at the top of this Privacy Policy.

The updated version becomes effective on the date stated in the updated version.

17. Contact

If you have questions, requests, or complaints regarding this Privacy Policy or our processing of personal data, please contact:

WPShift
Email: info@wpshift.io
Website: wpshift.io