Skip to content
HeadlessWP Pro

Privacy Policy

This page displays the canonical privacy policy text used by HeadlessWP Pro.

## Privacy Policy

**HeadlessWP Pro**
**Effective Date:** January 15, 2026
**Last Updated:** January 16, 2026

### 1) Who we are

**Controller:** HeadlessWP Pro ("HeadlessWP Pro", "we", "us", "our")
**Address:** 30 North Gould Street, Sheridan, Wyoming 82801, USA
**Support:** [support@headlesswppro.io](mailto:support@headlesswppro.io)
**Legal/Privacy:** [legal@headlesswppro.io](mailto:legal@headlesswppro.io)

### 2) What this Privacy Policy covers (and what it does not)

This Privacy Policy explains how we collect, use, and share information:

* when you use our websites and Services on **headlesswppro.io** and **secure.headlesswppro.io** (the "Websites"), and
* when the **HeadlessWP Pro** WordPress plugin (the "Software") communicates with **HeadlessWP Pro systems** for licensing and validation.

**Important boundary:** The Software runs on your (or your client's) WordPress site. Data processed solely inside your WordPress environment (for example, your customers' accounts, orders, subscriptions, memberships, affiliate data, and logs stored in your WordPress database) is controlled by you (the site owner/operator). This policy does not replace your own privacy obligations to your end users.

### 3) Information we collect

#### 3.1 Information you provide to us

We may collect information you provide directly, such as:

* contact information (name, email)
* account and purchase information (for example, order identifiers, subscription status)
* communications you send us (support tickets, emails, attachments, and troubleshooting details)

#### 3.2 Information we collect on our Websites

When you visit or interact with our Websites, we may collect:

* **Device and usage data**: browser type, device identifiers, operating system, referring pages, pages viewed, timestamps, and similar usage signals
* **IP-derived information**: IP address and general location inferred from IP (approximate)
* **Cookies and similar technologies**: cookies or local storage used for site functionality, security, preferences, and measurement

**Analytics and marketing tracking on Websites:** We may use first-party and third-party cookies or tags on our Websites for analytics, performance measurement, and marketing. These are implemented on the Websites (not in the plugin). Where legally required, we present cookie choices and obtain consent before placing non-essential cookies.

#### 3.3 Information the Software sends to HeadlessWP Pro systems (licensing and validation)

When you activate, validate, or deactivate a License Key, the Software may send data to our license service at **secure.headlesswppro.io**, including:

* license key (for activation)
* install identifier (install ID)
* domain used for activation/validation
* product identifier (product slug)
* activation identifier (activation ID) for validation/deactivation
* security metadata used to protect requests (for example, timestamp, nonce, signature headers)

The Software also performs periodic license validation on an interval and may validate on admin page load when overdue.

#### 3.4 Cookies and tracking that may be set by the Software on a customer's WordPress site

Depending on configuration and which third-party plugins are installed on your WordPress site, the Software may set or help set cookies on the customer's site (your domain), including:

* WordPress authentication cookies (to keep users signed in, when cookie-based auth is used)
* affiliate tracking cookies used for referral attribution, including `affwp_ref` and `affwp_campaign`

These cookies are set on the site where the Software is installed (your site), not by us from our domains. You are responsible for presenting appropriate cookie disclosures/consents to your site visitors where required.

#### 3.5 Logs and security event data (stored in your WordPress environment)

The Software includes logging features. Depending on configuration, logs may include technical metadata such as route names, correlation IDs, event context, and IP data stored as hashed by default (with an advanced option for raw IP). These logs are stored in your WordPress environment unless you configure them otherwise. We do not receive your site logs unless you provide them to us (for example, through support).

#### 3.6 Consent and preference metadata (stored on your WordPress site)

If you use Software features that record user consents, the Software may store consent metadata inside your WordPress environment, including hashed IP and hashed user agent for auditability.

### 4) How we use information

We use information to:

* provide and operate the Websites, Services, and Software (including licensing activation, validation, and plan enforcement)
* provide customer support, troubleshooting, and communications
* protect security and prevent fraud, circumvention, and abuse
* maintain, debug, and improve the Websites, Services, and Software
* send operational communications (billing notices, service updates, security notices)
* send marketing communications where permitted and/or where you opt in (product updates and offers)

### 5) Legal bases for processing (EEA/UK users - if applicable)

If you are located in the EEA/UK, we process personal data under one or more of these legal bases, as applicable:

* **Contract**: to provide the Services and Software you request (subscription administration, licensing validation)
* **Legitimate interests**: to secure and improve our Services and prevent fraud/abuse
* **Consent**: for certain cookies/trackers and marketing communications where required
* **Legal obligation**: to comply with applicable laws (for example, tax/accounting recordkeeping)

### 6) How we share information

We share information only as needed to operate our business and provide the Services:

* **Service providers** that help us run the Websites and Services (for example, hosting, email delivery, customer support tooling, and payment processing used at checkout)
* **Customer and marketing relationship management:** We use **Zoho CRM** to manage customer and prospect records, communications, and marketing lists, including suppression lists to honor unsubscribes. (User-confirmed.)
* **Legal and compliance:** if required by law, subpoena, or court order, or to protect rights, safety, and security
* **Business transfers:** if we undergo a merger, acquisition, restructuring, or sale, information may be transferred as part of that transaction subject to appropriate safeguards

We do not sell personal information for money. If we engage in targeted advertising as defined by certain laws, we will provide required notices and choices.

### 7) International transfers

We are US-based. If you access our Websites or Services from outside the United States, your information may be processed in the United States and other jurisdictions where we or our service providers operate. Where required, we use appropriate transfer safeguards.

### 8) Data retention

We keep information only as long as reasonably necessary for:

* licensing, validation, and account administration
* support and troubleshooting
* security and abuse prevention
* legal, tax, and accounting compliance

**Zoho CRM:** We retain CRM records and communication preference status as needed for customer relationship management and to maintain suppression lists (for example, to honor unsubscribes), unless you request deletion where applicable and legally permitted.

Data retained inside your WordPress environment (orders, users, logs, affiliate data) is controlled by you and your site configuration.

### 9) Security

We use reasonable administrative, technical, and organizational measures designed to protect information. No method of transmission or storage is 100% secure.

### 10) Your choices and rights

#### 10.1 Marketing choices

You may opt out of marketing emails via the unsubscribe mechanism in the message or by contacting [legal@headlesswppro.io](mailto:legal@headlesswppro.io). We may still send non-marketing operational emails (for example, billing and security notices).

#### 10.2 Cookies on our Websites

Where required, we provide cookie choices on our Websites. You can also adjust browser settings to block cookies, though some features may not work.

#### 10.3 Access, deletion, correction, portability (region-dependent)

Depending on where you live, you may have rights to request access, correction, deletion, portability, or objection/restriction. Submit requests to [legal@headlesswppro.io](mailto:legal@headlesswppro.io) with enough detail to verify your identity and locate your information.

**Important boundary:** Requests about data on a WordPress site where the Software is installed are generally handled by that site’s controller (the site owner/operator). We can address requests about data we control (for example, Website account data, CRM records we maintain, and license-service records).

### 11) Children’s privacy

The Websites, Services, and Software are not intended for use by children. We do not knowingly collect personal information from children.

### 12) Changes to this Privacy Policy

We may update this Privacy Policy. The "Last Updated" date reflects the most recent version. Material changes will be posted on our Websites or communicated as required by law.

### 13) Contact

* Support: [support@headlesswppro.io](mailto:support@headlesswppro.io)
* Legal/Privacy: [legal@headlesswppro.io](mailto:legal@headlesswppro.io)
* Address: 30 North Gould Street, Sheridan, Wyoming 82801, USA

---

## Evidence appendix (HeadlessWP zip)

Format: ZipName/path/filename - anchor - quote (<= 25 words)

1. HeadlessWP_Pro-main20.zip/HeadlessWP_Pro-main/src/Support/Licensing/PfpLicenseClient.php - DEFAULT_BASE_URL - “private const DEFAULT_BASE_URL = '[https://secure.headlesswppro.io';”](https://secure.headlesswppro.io';”)
2. HeadlessWP_Pro-main20.zip/HeadlessWP_Pro-main/src/Support/Licensing/PfpLicenseClient.php - activate() payload - “'license_key' => $licenseKey, 'install_id' => $installId, 'domain' => $domain”
3. HeadlessWP_Pro-main20.zip/HeadlessWP_Pro-main/src/Support/Licensing/PfpLicenseClient.php - validate() payload - “'activation_id' => $activationId, 'domain' => $domain, 'product_slug' => $productSlug”
4. HeadlessWP_Pro-main20.zip/HeadlessWP_Pro-main/src/Support/Licensing/LicenseManager.php - interval - “private const VALIDATION_INTERVAL = 6 * HOUR_IN_SECONDS;”
5. HeadlessWP_Pro-main20.zip/HeadlessWP_Pro-main/src/Domain/AffiliateWP/AffiliateCookieService.php - cookie names - “emitCookie( 'affwp_ref', … ) … emitCookie( 'affwp_campaign', … )”
6. HeadlessWP_Pro-main20.zip/HeadlessWP_Pro-main/src/Support/Config/ConfigService.php - retention default - “'logging.retentionDays', 180”
7. HeadlessWP_Pro-main20.zip/HeadlessWP_Pro-main/src/Support/Config/ConfigService.php - IP mode default - “'logging.ipStorageMode', 'hash'”

## User-confirmed inputs (not in zips)

* Zoho CRM is used for customer and marketing relationship management.
* Analytics and marketing tracking will be implemented on the Websites, not in the plugin.