Privacy Policy
How AddiPress collects, uses, and protects oferty Your personal data — written in plain language.
Plain-language summary: We collect only what is needed to sell and deliver AddiPress Pro, process your payment, and provide support. We do not sell your data. We do not run ads. The AddiPress plugin does not send your visitors’ data to us — it sends content to OpenAI’s API only when you trigger an AI module. You can request full data deletion at any time by emailing privacy@addipress.com.
01 Who we are
AddiPress Pro is a WordPress plugin operated by AddiPress (“we”, “us”, “our”). The plugin and this website are available at addipress.com.
For GDPR purposes, AddiPress acts as the data controller for personal data collected through this website. Contact us at privacy@addipress.com for any privacy-related questions.
- Operated by: Rafał Kogut (sole trader / individual)
- Country: France
- Privacy contact: privacy@addipress.com
02 What data we collect from you
2.1 Purchase data
When you purchase AddiPress Pro, our payment processor (WooCommerce + Stripe / PayPal) collects:
- Full name and billing address
- Email address (used for licence delivery and support)
- Payment details (processed and stored by Stripe / PayPal — we never store raw card numbers)
- Order value, product purchased, and transaction ID
2.2 Account data
If you create an account on addipress.com, we store your email address, display name, and purchase history to enable licence management and plugin downloads.
2.3 Support data
When you contact us via the contact form or by email, we collect the content of your message, your email address, and optionally your website URL and licence key.
2.4 Affiliate data
If you join the affiliate programme, we additionally collect your website URL, PayPal or bank details for commission payouts, and your content category.
2.5 Technical & analytics data
We may collect anonymised usage data (page views, referrers, browser type) via privacy-respecting analytics tools. IP addresses are anonymised before storage. No analytics cookies are set without your explicit consent.
03 Data collected by the plugin & AI processing
3.1 What the plugin processes locally
AddiPress Pro operates primarily on your own WordPress server. The plugin reads and writes data within your WordPress database (listings, categories, SEO meta) but does not send this data to AddiPress servers.
3.2 AI modules & OpenAI API
When you activate AI modules (AI Terminal, Content Engine, SERP Sniper, B2B Hunter, etc.), the plugin sends data directly from your server to the OpenAI API using the API key you provide in Settings. This may include:
- Listing titles, descriptions, and category names
- Your custom AI prompts and configuration
- Anonymised page performance data (for SEO modules)
This data is sent to OpenAI, Inc. and is subject to OpenAI’s Privacy Policy. You are the data controller for any personal data you choose to send via AI prompts.
3.3 Licence verification
The plugin contacts our licence server (api.addipress.com) to verify your licence key. This call transmits: your licence key, your WordPress site URL, and WordPress version. No personal data about your site’s visitors is sent.
3.4 Your site’s visitors
AddiPress Pro does not collect, store, or transmit your website visitors’ personal data to AddiPress servers. Any visitor data processed by the plugin (e.g. geolocation for search results) stays within your WordPress installation.
04 How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Order fulfilment — delivering plugin & licence key | Name, email, purchase record | Contract |
| Customer support | Email, message content, licence key | Contract / Legitimate interest |
| Payment processing & invoicing | Billing data, transaction ID | Contract / Legal obligation |
| Product update notifications | Legitimate interest (unsubscribe any time) | |
| Affiliate commission payouts | Payout details, commission data | Contract |
| Tax & accounting records | Purchase & billing records | Legal obligation |
| Fraud prevention & security | IP (anonymised), transaction data | Legitimate interest |
| Marketing emails (optional) | Consent (opt-in only) |
We do not use your data for advertising, behavioural profiling, or selling to third parties.
05 Legal basis for processing (GDPR)
Under the EU General Data Protection Regulation (GDPR) and UK GDPR, we rely on the following legal bases:
- Contract performance — Art. 6(1)(b): Processing necessary to deliver the product you purchased and provide support.
- Legal obligation — Art. 6(1)(c): Retaining transaction data for tax and accounting requirements.
- Legitimate interests — Art. 6(1)(f): Fraud prevention, security, product improvement, and important update notifications. You may object to processing on this basis.
- Consent — Art. 6(1)(a): Marketing emails and non-essential cookies. You may withdraw consent at any time without affecting prior lawful processing.
06 Data sharing & third parties
We share your data only with the following processors, each bound by a data processing agreement:
- Stripe, Inc. — payment processing (PCI-DSS Level 1 compliant)
- PayPal, Inc. — optional payment method
- Automattic / WooCommerce — e-commerce platform and order management
- Transactional email provider — order confirmations and licence key delivery
- Affiliate management system — commission tracking and payout processing
- Web hosting provider — server infrastructure (EU-based or covered by SCCs)
OpenAI, Inc. receives data via API calls triggered by AI modules on your WordPress site — see §3 for full details.
07 Cookies & tracking
Essential cookies (no consent required)
- wp_woocommerce_session_* — WooCommerce cart session (expires: session)
- wordpress_logged_in_* — WordPress login session (expires: session / 14 days)
- woocommerce_cart_hash — cart state indicator (expires: session)
Functional storage (consent required)
- ap_eb_v2 — Early Bird bar dismissal, stored in
localStoragefor 24 hours (not a cookie)
Analytics cookies (consent required)
We use privacy-respecting analytics. No analytics cookies are set without your explicit consent via our cookie consent banner.
Affiliate tracking
If you arrive via an affiliate link, a 60-day affiliate tracking cookie is set to attribute any resulting commission. It contains no personal data.
You can manage cookie preferences at any time via the cookie settings link in the footer of this site.
08 Data security
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS / TLS encryption for all data in transit
- Encrypted storage for sensitive fields (licence keys, API keys)
- Access controls — only authorised personnel can access personal data
- PCI-DSS compliant payment processing — raw card data never touches our servers
- Regular security reviews of our website and plugin codebase
- Multi-factor authentication for internal systems
No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
09 Data retention
| Data type | Retention period | Reason |
|---|---|---|
| Purchase & billing records | 7 years | Legal / tax requirement |
| Licence & account data | Account lifetime + 2 years after deletion request | Contract / licence management |
| Support tickets & communications | 3 years | Customer service records |
| Marketing consent records | Until consent withdrawn | GDPR audit trail |
| Affiliate records | 5 years after last payout | Financial records |
| Anonymised analytics | 26 months | Product improvement |
10 Your rights (GDPR & UK GDPR)
Under GDPR and UK GDPR, you have the following rights. To exercise any right, email privacy@addipress.com — we will respond within 30 days.
- Access: Request a copy of all personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure (“right to be forgotten”): Request deletion of your data, subject to legal retention obligations.
- Restriction: Request that we temporarily restrict processing of your data.
- Portability: Receive your data in a structured, machine-readable format (JSON or CSV).
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent: Withdraw consent for marketing emails or non-essential cookies at any time.
- Lodge a complaint: File a complaint with your national data protection authority (e.g. UODO in Poland, ICO in the UK).
11 California consumer rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to delete: Request deletion of personal information we have collected, subject to certain exceptions.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt out of sale / sharing: We do not sell or share personal information for cross-context behavioural advertising.
- Right to non-discrimination: You will not receive discriminatory treatment for exercising your CCPA rights.
To exercise California rights, email privacy@addipress.com with the subject line “California Privacy Request”. We will respond within 45 days.
12 International data transfers
Some of our service providers (Stripe, OpenAI, transactional email) may process data outside the European Economic Area (EEA) or UK. We ensure adequate protection through:
- EU Standard Contractual Clauses (SCCs) — the 2021 SCCs approved by the European Commission
- UK International Data Transfer Agreement (IDTA) for UK-originating transfers
- Adequacy decisions where the destination country has been deemed adequate by the European Commission
13 Children’s privacy
AddiPress Pro is a professional B2B software product. Our services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@addipress.com and we will delete it promptly.
14 Data breach notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible (as required by Art. 33 GDPR)
- Notify affected individuals without undue delay where the breach is likely to result in high risk to their rights (Art. 34 GDPR)
- Document all breaches in our internal breach register regardless of whether notification is required
If you suspect your account or data has been compromised, contact us immediately at security@addipress.com.
15 Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification to registered customers
- A notice on this page with the updated “Last updated” date
Your continued use of our website after changes are posted constitutes acceptance of the updated policy.
16 Contact & Data Protection Officer
For all privacy-related enquiries, data subject access requests, or complaints:
- Privacy email: privacy@addipress.com
- Security issues: security@addipress.com
- General contact: hello@addipress.com
- Response time: Within 30 days as required by GDPR
You also have the right to lodge a complaint with your local supervisory authority:
- France: CNIL — cnil.fr
- UK: ICO — ico.org.uk
- EU (other countries): Find your national DPA
Questions about your data?
We take privacy seriously and respond to every enquiry within 30 days. Write to us and we’ll help.