Login Start for free
Login Start for free

Privacy Policy

Last updated: 2026-02-24

Introduction

At WP Quick Search (the brand name configured in your platform settings), we keep privacy practical and transparent. We only use data to run your search service, secure your account, and support billing and compliance. We do not sell personal data.

This Privacy Policy explains what we collect, why we collect it, and how you can control it when using wpquicksearch.com (the current site domain configured in WordPress) and related services.

What Data We Collect

We collect the following data because it is required to provide the service:

Account and access data

  • Email address (required for account registration, login-related flows, and account communication).
  • Username/display name.
  • Password hash managed by WordPress authentication (we do not store plaintext passwords).

Billing data

  • Order and payment status data needed to activate subscriptions.
  • Payment processing data handled by PayPal checkout and webhooks.
  • We store payment references (for example, provider order/subscription IDs and order status) for reconciliation and support.

Service usage data

  • Search usage metrics: query keywords, result counts, click rank events, and latency.
  • Feature usage records from the platform console (for quota metering, troubleshooting, and analytics dashboards).

Technical and security data

  • IP address captured when plugin/gateway requests are sent to the platform.
  • Domain, WordPress version, plugin version, tenant ID, site ID, language, and request timestamps.

Customer content and index data

  • Website index payloads sent by your site/plugin to run search, including post title, content, excerpt, permalink, and related metadata.
  • Region-scoped tenant/site mapping and credentials needed to isolate and route your data.
  • Support ticket content you submit through the platform.

Data we do not collect

  • Phone number.
  • Home or mailing address.
  • Government ID data.

How We Use Your Data

We use data only for defined operational purposes:

  • To provide core service functions.

    • Purpose: run indexing, retrieval, region routing, and account-level quotas. How: process account/site identifiers, index payloads, and search analytics.

  • To secure the service.

    • Purpose: prevent abuse, enforce tenant isolation, and investigate incidents. How: use IP, request metadata, API key/domain validation, and audit logs.

  • To manage subscriptions and payments.

    • Purpose: activate plans, verify payment outcomes, and keep billing records. How: process provider callbacks and store billing status references.

  • To provide support.

    • Purpose: resolve technical/account issues. How: process ticket metadata and message history.

  • To meet legal obligations.

    • Purpose: accounting, tax, compliance, and lawful response duties. How: retain required records for statutory periods.

GDPR legal bases (GDPR = EU General Data Protection Regulation)

  • Contract performance: delivering search service, account functions, and billing.
  • Legitimate interests: security monitoring, fraud prevention, service reliability, and internal analytics.
  • Legal obligation: finance/tax retention and lawful compliance.
  • Consent: only where legally required (for example, non-essential cookies if enabled in the future).

Third-Party Services

We name each provider specifically.

Payment processing

  • PayPal. Privacy Policy: https://www.paypal.com/us/legalhub/privacy-full

Analytics

  • We do not use Google Analytics for this SaaS platform.

Email delivery

  • Transactional email is sent through configured SMTP infrastructure for account flows (for example, password reset).
  • We do not use Gmail as a mail delivery provider for this platform.

Cloud/hosting

  • Core search and backend infrastructure is deployed on self-hosted servers (Docker-based stack managed by us).
  • We do not rely on AWS, Linode, or Google Cloud as required infrastructure in this deployment.

AI provider (if AI search/chat is enabled)

  • DeepSeek API endpoint used by backend LLM integration. Privacy Policy: https://api-docs.deepseek.com/

Data Storage and Security

Data location

  • Data is stored in the region selected in the platform region configuration (slug in your region settings).
  • Region selection is available in the platform user console and APIs.
  • EU user data can be stored in EU member-state regions when those regions are configured and selected.

Cross-border transfers

  • If you route or transfer EU personal data to non-EEA regions or non-EEA subprocessors, we apply Standard Contractual Clauses (SCCs) and equivalent safeguards.

Security controls

  • Tenant/site data is logically isolated by tenant and region identifiers.
  • Access controls are enforced through authenticated APIs, role checks, and credential validation.
  • Passwords are stored as WordPress password hashes, not plaintext.
  • Data in transit uses HTTPS/TLS.
  • Operational logs and system maintenance controls are restricted to authorized administrators.

Your Rights

You can exercise the following rights.

GDPR rights

  • Right of access.
  • Right to rectification.
  • Right to erasure.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests.
  • Right to lodge a complaint with your local EU/EEA supervisory authority.

CCPA/CPRA rights (California)

  • Right to know categories and specific pieces of personal information we process.
  • Right to delete personal information (subject to legal exceptions).
  • Right to correct inaccurate personal information.
  • Right to non-discrimination for exercising privacy rights.
  • Right to opt out of sale/share: we do not sell or share personal information for cross-context behavioral advertising.

How to exercise rights

  • Access/delete indexed website data directly from the platform console by removing site/index resources.
  • Use account settings to update account profile data.
  • Send rights requests to [email protected] (or the contact email configured in platform settings).
  • We verify requests before fulfillment and respond within applicable legal timelines.

Required data notice

  • Account and service-identification data is required to provide the service.
  • If you do not provide required data, we cannot create/operate your account or deliver indexing/search services.

Automated decision-making

  • We do not perform solely automated decision-making that produces legal or similarly significant effects on individuals.

Cookies

We currently use:

  • Necessary cookies for authentication/session and security in WordPress and platform login flows.
  • We do not run Google Analytics cookies on this SaaS platform.

See also our Cookie Policy for cookie-level details and updates.

Data Retention

  • During active account period: service data is retained to operate your account.
  • After account deletion: account/service data is deleted within 30 days, except where legal retention applies.
  • Financial and accounting records: retained for 7 years.

We Never

  • We never sell user data.
  • We never use your indexed content for unrelated advertising profiling.
  • We never collect phone numbers or home addresses for this service.
  • We never claim to process data categories that are not part of the actual product workflow.

Changes to This Policy

When this policy changes:

  • We update the "Last updated" date at the top.
  • For material changes, we notify users through site notice, dashboard notice, or account email.
  • Continued use after the effective date means the updated policy applies.

Contact Us

For privacy questions, data requests, or complaints:

If your deployment uses a custom configured contact address, that address is the primary privacy contact.