🚀 Founders Pricing, 40% OFF ends in 00d : 00h : 00m : 00s Lock in your price →
0 Get WooSculpt Upsell
Legal

Privacy Policy

This Privacy Policy describes how WooSculpt collects, uses, stores, and protects personal information when you visit woosculpt.com, purchase our products, or use our services.

1. Who we are

WooSculpt operates woosculpt.com and sells WordPress plugins for WooCommerce stores. Our products are digital goods distributed under per-site software licenses. For privacy inquiries contact us via our support page.

2. Information we collect

  • Account & purchase data: Name, email address, billing address, country, order ID, product purchased, license key, and payment confirmation.
  • License & activation data: The domain(s) where you activate a license key, activation timestamps, plugin version, and WordPress/WooCommerce version reported during update checks.
  • Support communications: Messages, attachments, and diagnostic information you share when contacting our support team.
  • Technical & usage data: IP address, browser type, operating system, referring URL, pages visited, and session duration collected via server logs or analytics tools.
  • Cookie data: Session identifiers, cart contents, login state, and analytics identifiers. See Section 7.

We do not intentionally collect sensitive personal data such as health information, government ID numbers, or full payment card credentials.

3. How we use your information

  • Order fulfillment (Contract): Processing payments, delivering license keys, providing plugin downloads, and managing renewals.
  • License management (Contract): Validating license keys, enforcing site limits, delivering automatic updates, and managing deactivations.
  • Customer support (Contract / Legitimate interest): Responding to support tickets, diagnosing issues, and providing technical assistance.
  • Security & fraud prevention (Legitimate interest): Detecting abuse, preventing unauthorized license sharing, and protecting our infrastructure.
  • Legal compliance (Legal obligation): Retaining transaction records for tax, accounting, and regulatory requirements.
  • Service improvement (Legitimate interest): Analyzing aggregate usage patterns to improve products and documentation.

4. Payments & Stripe

All payment processing is handled by Stripe, Inc. (stripe.com), a PCI DSS Level 1 certified payment processor. When you make a purchase:

  • Your card number, CVV, and full payment credentials are entered directly into Stripe's secure environment and are never transmitted to or stored on WooSculpt servers.
  • We receive only a payment confirmation, masked card details (last 4 digits, card type), and a Stripe transaction ID.
  • Stripe may set its own cookies and processes data per Stripe's Privacy Policy.
  • For refund disputes, Stripe may process additional data including your IP address for fraud detection.

WooCommerce (by Automattic) provides the e-commerce framework and handles cart, checkout, and order data per Automattic's Privacy Policy.

5. Third-party data sharing

We do not sell your personal data. We share data only in the following circumstances:

  • Stripe: Payment processing (Section 4).
  • Automattic / WooCommerce: E-commerce platform powering our store.
  • Email delivery providers: Transactional emails (order confirmations, license keys, support replies) sent via third-party delivery services.
  • Analytics providers: Aggregated, anonymized usage data. We do not share identifiable data with advertisers.
  • Legal requirements: We may disclose data if required by law, court order, or to protect the safety of WooSculpt or our customers.
  • Business transfer: If WooSculpt is acquired, your data may transfer to the new entity under the same privacy commitments.

6. Data retention

  • Order & billing records: Retained for a minimum of 7 years for tax and accounting compliance.
  • License activation data: Retained for the duration of your license and up to 2 years after final expiry.
  • Support records: Retained for up to 3 years after ticket closure.
  • Account data: Retained until deletion is requested, subject to legal retention obligations.
  • Analytics data: Raw session logs deleted after 90 days; aggregated data retained indefinitely.

7. Cookies

  • Essential (required): WordPress login session, WooCommerce cart, checkout nonce, security tokens. Cannot be disabled without breaking site functionality.
  • Functional: Remembering login state, currency preference, and checkout progress.
  • Analytics: Tracking page visits and session behavior. May be provided by third-party analytics tools.
  • Payment: Set by Stripe during checkout for fraud detection and session continuity.

You may manage non-essential cookies via your browser settings. Disabling cookies may affect cart and checkout functionality.

8. Your rights (GDPR & applicable law)

Depending on your location you may have the following rights:

  • Access: Request a copy of personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to legal retention obligations.
  • Restriction: Request we limit processing in certain circumstances.
  • Portability: Receive your data in a machine-readable format where feasible.
  • Objection: Object to processing based on legitimate interest including analytics.
  • Withdraw consent: Where processing is consent-based, withdraw at any time.

To exercise any right, contact us via our support page. We respond within 30 days. Some data may be retained for legal reasons even after a deletion request.

9. Data security

We implement HTTPS encryption for all data in transit, access controls limiting data access to authorized personnel, and secure credential storage. No internet transmission is 100% secure; we take reasonable precautions but cannot guarantee absolute security.

10. International transfers

Data may be processed on servers outside your country. Where international transfers occur we rely on standard contractual clauses or other lawful mechanisms. Stripe processes data globally per their data processing agreements.

11. Children's privacy

Our services are not directed at individuals under 16. We do not knowingly collect data from children. Contact us if you believe a child has provided data and we will delete it promptly.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on our website. Continued use after changes constitutes acceptance.

Last updated: May 2026