Legal

Privacy Policy

Last updated: April 1, 2026

Your privacy matters to us. This policy explains what data we collect, why we collect it, how we use it, and the controls you have over your information. We do not sell your personal data to third parties.

1. Who This Policy Applies To

This Privacy Policy applies to all users of the WO Security Shield website (wosecurityshield.com), cloud dashboard, and WordPress plugin (collectively the "Service"). It explains how WO Security Shield ("we", "us", or "our") collects, uses, and shares information about you when you use our Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information — your name, email address, and password when you register for an account.
  • Billing information — payment details (processed and stored securely by our payment processor; we do not store full card numbers).
  • Support communications — messages and attachments you send us when requesting support or emergency recovery assistance.

2.2 Information Collected Automatically from Your WordPress Sites

When the WO Security Shield plugin is installed and connected to your account, the plugin sends the following data to our servers:

  • File integrity data — cryptographic checksums (SHA-256 hashes) of WordPress core, plugin, theme, and root files. We never transmit the raw contents of your files.
  • Scan findings — details of flagged files, malware signatures matched, and event log entries (plugin activations, user registrations, login events with IP address).
  • Plugin and theme inventory — names, versions, and slugs of installed plugins and themes, used for vulnerability matching.
  • Traffic data — summarised request logs including IP addresses, user agents, and request paths, used to populate the traffic monitor dashboard.
  • Site metadata — your WordPress version, site URL, and plugin connection token.

2.3 Information Collected Through the Website

  • Usage data — pages visited, time on page, referring URL, and browser/device type, collected through standard server logs and analytics tools.
  • Cookies — see Section 7 for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process and display scan results, file integrity findings, and security events in your dashboard.
  • Send security alerts and notifications (Slack, email, push) based on your configured preferences.
  • Process payments and manage your subscription.
  • Respond to support requests and provide emergency recovery assistance.
  • Improve malware detection by analysing aggregated, anonymised scan findings across all connected sites.
  • Detect and prevent fraud, abuse, and violations of our Terms of Use.
  • Send you product updates, security advisories, and marketing communications (you may opt out at any time).
  • Comply with applicable legal obligations.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

  • Service providers — trusted third-party vendors who process data on our behalf (e.g. payment processing, email delivery, cloud infrastructure). These providers are contractually bound to use data only for the purpose of providing services to us.
  • Legal requirements — we may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of WO Security Shield, our users, or the public.
  • Business transfers — if WO Security Shield is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.
  • With your consent — we may share information for any other purpose with your explicit consent.

5. Data Retention

We retain your account information and Site Data for as long as your account is active. Security event logs and scan findings are retained for a rolling period (typically 90 days) and then automatically purged. When you close your account we delete or anonymise your personal data within 60 days, unless we are required by law to retain it longer.

6. Your Rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate or incomplete data.
  • Deletion — request that we delete your personal data (subject to legal retention requirements).
  • Portability — receive your data in a structured, machine-readable format.
  • Objection / Opt-out — object to certain processing activities, including direct marketing.
  • Do Not Sell — California residents have the right to opt out of the sale of personal information. See our Do Not Sell My Personal Information page.

To exercise any of these rights, email us at hello@wosecurity.com. We will respond within 30 days.

7. Cookies

We use the following categories of cookies:

  • Strictly necessary — session cookies required to keep you logged in and to secure your account. These cannot be disabled.
  • Functional — cookies that remember your preferences (e.g. dashboard layout, notification settings).
  • Analytics — anonymised usage data that helps us understand how the Service is used. You may opt out of analytics cookies at any time via our cookie banner.

We do not use advertising or cross-site tracking cookies.

8. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS), encrypted storage for sensitive credentials, and access controls limiting who can view your data. No method of transmission over the internet is 100% secure, but we are committed to protecting your data to the best of our ability.

9. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) to ensure your data is protected in accordance with this policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the dashboard at least 14 days before changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at hello@wosecurity.com.