Get License

Legal

Privacy Policy

What we collect, what we don’t, and how to control your data.

Last updated: 27 April 2026

In Plain English

We collect the minimum needed to deliver your license and updates: your email, your billing details (handled by our payment processor, not us), the license key we issued you, the domain(s) you activate it on, and basic server logs (IP + timestamp) for abuse prevention. We never see the article content the Plugin generates on your site — that traffic goes directly between your WordPress install and OpenAI. We don’t sell your data. We don’t run analytics that identify you. You can request export or deletion anytime.

1. Who we are

“We” / “us” / “our” refers to AI Autoblogger LLC, the publisher of WP AI AutoBlogger and operator of wpaiautoblogger.com (the “Site”). For privacy-related questions or requests, email support@wpaiautoblogger.com.

2. Data we collect

a) When you buy a license

  • Email address — to deliver your license key and account-related notices.
  • Billing details (name, address if required for tax, payment method) — handled by our payment processor (Stripe and/or PayPal) under their own privacy policies. We see only the last 4 digits of the card and the order metadata; we never see or store the full payment instrument.
  • Order history — which plan you bought, when, the order number, refund status if applicable. Stored in WooCommerce on our server.

b) When the Plugin is installed and activated

  • License key + domain — sent to our license server when you activate, deactivate, or verify a license. Tied to your purchase record.
  • IP address + timestamp — captured by our server in standard request logs. Used for rate-limiting (preventing abuse) and security investigations. Not used to profile you.
  • Plugin version + WordPress version — sent during the daily update-check call so we can deliver the right update payload and avoid pushing incompatible builds.

c) When you visit the Site

  • Standard server logs — IP, user agent, requested URL, referrer, timestamp. Retained ~30 days for security and traffic analysis.
  • Functional cookies set by WordPress and WooCommerce — session identifier, cart contents, login state. No third-party advertising or tracking cookies.
  • Affiliate-tracking cookie, if you arrive via an affiliate referral link. Identifies the referring affiliate so we can credit them for any subsequent purchase. 30-day duration.

3. What we explicitly DO NOT collect

  • The articles, prompts, or content the Plugin generates on your site. That data flows directly from your WordPress install to OpenAI (and any image provider you’ve configured). We never see it. We have no access to it. We could not produce it if asked or subpoenaed.
  • Your OpenAI API key. Stored only in your own WordPress database; never transmitted to us.
  • Visitor analytics from your WordPress site. The Plugin does not phone home about your traffic, your readers, or your published posts.
  • Behavioural advertising data. No Google Analytics, no Facebook Pixel, no tracking SDKs on the Site.

4. The Lite (free) version

The free version of the Plugin distributed via WordPress.org makes outbound API calls only to OpenAI. It does not contact wpaiautoblogger.com at all — no licensing system, no telemetry, no usage analytics, no update checks (WordPress.org handles updates the standard way). If you only ever use the Lite version, we have no record of your existence.

5. How we use your data

  • Fulfill your order — issue the license key, send the receipt and download link, validate activations, deliver Plugin updates.
  • Provide support — respond to your emails, look up your order if you have a question.
  • Bill you — process the initial payment and (if you opt in) annual renewals.
  • Prevent abuse — rate-limit license-server requests, investigate suspicious activation patterns, enforce the no-key-sharing rule.
  • Improve the product — aggregate, non-identifying counts of which Plugin versions are in active use so we can plan deprecations.
  • Send transactional emails only — order confirmations, license-delivery emails, renewal-due notices, security or terms-change notices. We do not send marketing emails unless you explicitly opt in.

6. Legal basis (GDPR / UK GDPR)

  • Performance of a contract (Art. 6(1)(b)) — for processing your purchase, license issuance, and updates.
  • Legitimate interests (Art. 6(1)(f)) — for security logging, abuse prevention, and basic version-counting. Our interest is operating a functional business; the impact on you is minimal because we do not profile or share.
  • Legal obligation (Art. 6(1)(c)) — for tax records and compliance with payment-processor requirements (e.g. retaining order records for 7 years).
  • Consent (Art. 6(1)(a)) — only if you opt in to a future marketing list. None active today.

7. Third parties we share data with

We use a small number of vetted third-party processors. Each receives only the minimum data needed for its specific function:

  • Stripe and/or PayPal — payment processing. Receive your name, email, billing address, and payment instrument. Subject to Stripe’s privacy policy and PayPal’s privacy policy.
  • Email-sending provider (currently configured via WP Mail SMTP, transit varies by setup) — receives the contents of any transactional email we send you.
  • Hosting provider — operates the servers that store the data described above. Bound by data-processing terms.
  • AffiliateWP — runs our affiliate program. If you are an affiliate, your account details (name, email, payout method) are stored in our WordPress install. Visitor referral data is anonymous (cookie ID + affiliate ID, no PII).

We do not sell, rent, or trade your personal data to anyone, ever.

8. International data transfers

Some of our processors (notably Stripe, PayPal, and our hosting provider) operate servers in the United States. Where personal data of EU/UK residents is transferred outside the EEA/UK, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and equivalent UK addendum where applicable. The same data-minimisation principles apply regardless of where the data is physically stored.

9. How long we keep data

  • Order records and license keys — kept for 7 years after the last activity on the account, to comply with tax and accounting obligations.
  • Server access logs — ~30 days, then rotated.
  • License-server activation logs — last 90 days for active investigation, then aggregated counts only.
  • Email correspondence — retained while the support relationship is active, then archived for up to 3 years.
  • Affiliate accounts — kept while the affiliate is active, plus 7 years after the last commission payout (tax requirement).

10. Your rights

You have the right to:

  • Access — ask for a copy of the data we hold about you.
  • Rectify — ask us to correct inaccurate or incomplete data.
  • Erase — ask us to delete your data, subject to legal retention obligations (we cannot delete tax-mandated records before the legal window expires, but we can pseudonymise them on request).
  • Port — ask for your data in a machine-readable format you can take elsewhere.
  • Object — to processing based on legitimate interests, where you have grounds related to your situation.
  • Withdraw consent — for any processing where consent is the legal basis, at any time.
  • Lodge a complaint with your local data-protection authority (in the EU/UK) if you believe we’ve mishandled your data.

Email support@wpaiautoblogger.com with the subject line “Privacy Request” to exercise any of these rights. We respond within 30 days.

11. Cookies

We use only cookies that are strictly necessary for the Site to function (login session, cart contents, CSRF tokens) plus the affiliate-attribution cookie noted in Section 2(c). Strictly-necessary cookies do not require consent under EU/UK ePrivacy rules. We do not run third-party advertising or cross-site tracking cookies. If we ever add optional analytics, we will add a consent banner first and update this section.

12. Children

The Service is intended for users aged 18 or over. We do not knowingly collect data from children under 16. If you believe a child has submitted personal data to us, contact us and we will delete it.

13. Security

We use HTTPS site-wide, hash sensitive credentials, rate-limit our public APIs, and follow standard WordPress hardening practices. No system is perfectly secure; if a breach affecting your data occurs, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, in line with applicable law.

14. Changes to this Policy

We may update this Privacy Policy as our practices evolve. The “Last updated” date at the top reflects the most recent revision. Material changes (anything that would meaningfully expand the data we collect or how we share it) will be announced by email to the address on file at least 30 days before they take effect.

15. Contact

Questions, requests, or complaints about your data: support@wpaiautoblogger.com. See also our Terms of Service and Refund Policy.