Privacy Policy

AI WP Coder ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform and services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

We collect the following personal data when you register and use our services:

• Account information: name, email address, company name (optional)
• Billing information: address (line 1, line 2, city, county, postcode, country), phone number, VAT number (optional)
• Payment information: payment details are processed securely by Stripe. We do not store your full card details on our servers. We store only a Stripe customer ID for recurring transactions.
• Order data: details of the plugins/themes you request, including specifications and uploaded files
• Technical data: IP address, browser type, and usage data collected automatically when you visit our site

2. How We Use Your Data

We use your personal data for the following purposes:

• To create and manage your account
• To process and fulfil your orders
• To process payments via Stripe
• To communicate with you about your orders and change requests
• To provide customer support
• To send marketing communications (only where you have opted in)
• To improve our services and platform
• To comply with legal obligations

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract: processing necessary to fulfil our contract with you (e.g., processing orders, delivering products)
• Legitimate interest: processing necessary for our legitimate business interests (e.g., improving our services, preventing fraud)
• Consent: where you have given consent (e.g., marketing communications)
• Legal obligation: where processing is required by law (e.g., tax records)

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data is retained while your account remains active
• Order data is retained for 7 years for tax and legal compliance
• Marketing preferences are retained until you withdraw consent

You may request deletion of your account and associated data at any time, subject to our legal retention obligations.

5. Cookies

We use cookies in three categories. Non-essential cookies are never set until you give consent via the cookie banner on your first visit.

Strictly necessary cookies (always on): session cookies that keep you signed in, CSRF tokens that protect form submissions, and the cookie-consent preference itself. These are exempt from consent under the PECR regulations.

Analytics cookies (set only after you accept): Google Analytics 4 drops the standard _ga and _ga_* cookies to measure site usage in aggregate. No personally identifying data is sent to Google. You can opt out at any time from the Cookie settings link in the footer.

Affiliate-attribution cookies (set only after you accept): if you visit us via an affiliate partner's referral link, a first-party ref cookie is stored for 30 days so the partner can be credited if you later place an order. This cookie contains only the affiliate's short referral code and is handled by our affiliate platform provider, Goaffpro.

6. Third Parties

We share your data with the following third-party services, only as necessary to provide our services:

• Stripe: payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
• Redmine: internal project management for tracking orders and change requests. Access is restricted to authorised staff.
• Goaffpro: affiliate programme platform. Stores the short referral code of any partner who sent you our way, plus aggregated conversion data once you place an order. See Goaffpro's Privacy Policy. Only used when you have accepted cookies.
• Google Analytics: aggregated site-usage measurement. Personal data is not shared and the cookies are set only if you accept cookies via our banner. See Google's Privacy Policy.

We do not sell your personal data to any third parties.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate data
• Right to erasure: request deletion of your data (subject to legal obligations)
• Right to restrict processing: request limitation of how we use your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for marketing
• Right to withdraw consent: withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at the details below. We will respond within one month.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/SSL), secure server infrastructure, and access controls.

9. International Transfers

Your data is primarily stored and processed within the United Kingdom. Where data is transferred outside the UK (e.g., via Stripe), appropriate safeguards are in place in accordance with UK GDPR requirements.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.