Privacy Policy

1. Information We Collect

When you use this plugin and connect your WordPress site to our AI service, or when you create an account on our SaaS platform, we collect limited information necessary to operate and manage the service.

a. Technical and Usage Information (Plugin & AI Service)

We collect the following technical and usage-related information:

  • Server IP Address (hashed) – The public IP address of the server where the plugin is installed. For privacy protection, IP addresses are stored in a hashed and non-reversible form.
  • Website Domain – The domain name of the WordPress site using the plugin.
  • AI API Usage Data – Information related to API usage, including: Type of request (e.g. text generation, image generation), AI engine or model used, token or credit usage, request timestamps.

b. Account Information (Login with Google)

When you sign in or register using Login with Google, we collect and store the following account-related information provided by Google:

  • Email address
  • Full name
  • Profile photo

This information is used solely for account identification, authentication, and account management within our SaaS platform.

c. Information We Do Not Collect

We do not collect or store:

  • AI prompts or generated content
  • Personal data of site visitors
  • Google account passwords or sensitive authentication credentials
  • WordPress user profile data (such as usernames, emails, or passwords)

All collected data relates only to the WordPress site owner, administrators, or authorized users who access our service.

 

2. Purpose of Data Collection

We process this data strictly for the following purposes:

  • Providing and operating the AI service and SaaS platform
  • Creating and managing user accounts authenticated via Google
  • Verifying user identity and securing access to the service
  • Tracking usage and calculating AI credits
  • Preventing abuse, fraud, or excessive usage
  • Monitoring system performance and troubleshooting
  • Ensuring security and reliability of the service

The data is not used for advertising, profiling, or marketing purposes.

 

3. Legal Basis for Processing (GDPR)

We process this data based on:

  • Contractual necessity – Data processing is required to deliver the AI service requested by the user.
  • Legitimate interests – Ensuring service security, abuse prevention, and operational integrity.
  • Consent – By choosing to sign in using Google, you consent to the collection of the basic account information (email, name, and profile photo) required to create and manage your account.

Explicit consent is not required, as this processing is essential for the functionality of the service.

 

4. Data Storage and Retention

  • Data is stored securely on our AI infrastructure with access limited to authorized personnel.

  • IP addresses are stored in hashed form using industry-standard techniques.

  • Usage logs are retained only for as long as necessary to fulfill operational, security, and billing purposes.

  • Detailed logs are automatically deleted after a defined retention period (typically 90 days to 12 months), after which only aggregated usage data may be retained.

  • Upon account deletion, personal account data will be deleted or anonymized, unless retention is required by law.

 

5. Data Sharing

We do not sell, rent, or share collected data with third parties.

Data may only be disclosed:

  • If required by applicable law or legal process
  • To protect the security and integrity of our service

Authentication via Google is handled through Google’s secure OAuth mechanism. We do not receive or store your Google password.

 

6. User Access and Transparency

Registered users can:

  • View their own AI usage logs and credit consumption
  • Manage their account information through the user dashboard

Access is strictly limited to data associated with the user’s own connected WordPress sites and SaaS account.

 

7. Your Rights (GDPR / PDPA)

Depending on your jurisdiction, you may have the right to:

  • Request access to the data associated with your WordPress site

  • Request correction of inaccurate data

  • Request deletion of data, subject to legal and contractual obligations

  • Object to or restrict certain processing activities

  • Withdraw consent for account-related data processing by discontinuing use of the service

Requests can be submitted via our support email or customer support portal.

 

8. Data Protection Commitment

We apply appropriate technical and organizational measures to protect all processed data, including encryption, access controls, and regular security reviews. We continuously evaluate our data protection practices to ensure compliance with applicable data protection laws.

 

WP Composer – December 16, 2023