Privacy Policy

When you sign up for an account or purchase a plan, we collect the following information:

• Account details — your name, email address, phone number, and company name.
• Website information — domain names and WordPress admin URLs for sites we manage on your behalf.
• WordPress and hosting credentials — login details you provide so our team can access your site to perform maintenance, fixes, and updates.
• Payment information — billing details processed by our payment provider, Razorpay. We do not store your full card number on our servers.
• Support communications — messages, attachments, and files you share through our ticketing system.
• Usage data — pages visited, browser type, device information, and IP address, collected via analytics tools.

We use the information we collect to:

• Deliver our services — access your WordPress site to perform maintenance, updates, security monitoring, speed optimisation, malware removal, and other tasks you request.
• Communicate with you — send task updates, reply to support tickets, and share important account notifications.
• Process payments — manage subscriptions, issue invoices, and send payment receipts.
• Improve our service — analyse usage patterns to make the platform better and fix issues.

We will never sell your personal data to third parties or use your WordPress credentials for any purpose other than delivering the services you have requested.

We rely on trusted third-party providers to operate our platform. Each processes data only as necessary to provide their service:

• Supabase— hosts our database and handles authentication. Your account data, website details, and support tickets are stored in Supabase's PostgreSQL database with Row Level Security ensuring you can only access your own data.
• Razorpay — processes all payments. When you subscribe to a plan or purchase task credits, your payment details are handled directly by Razorpay in compliance with PCI DSS standards. We receive only transaction confirmations, not your full card details.
• Resend — delivers transactional emails including welcome messages, task notifications, reply alerts, and payment receipts. Your email address is shared with Resend solely for email delivery.
• Google Analytics 4 — collects anonymised usage data on our marketing pages to help us understand traffic and improve the site. GA4 does not track activity within the authenticated dashboard.

We take the security of your WordPress and hosting credentials extremely seriously. All credentials you provide are encrypted using Supabase Vault, a dedicated secrets management system that encrypts data at rest using industry-standard encryption.

Credentials are only decrypted when our team needs to access your site to perform requested work. They are never exposed in plaintext in our application interface, logs, or database queries. We strongly recommend changing your WordPress passwords periodically, and you can revoke access at any time by updating or removing your stored credentials from the dashboard.

We use the following cookies:

• Authentication cookies — set by Supabase to keep you signed in to your dashboard. These are essential for the service to function and cannot be disabled.
• Analytics cookies — set by Google Analytics 4 on marketing pages to collect anonymised browsing data. These help us understand how visitors find and use our site.

We do not use advertising cookies or share browsing data with ad networks.

We retain your account data and service history for as long as your account is active. If you cancel your subscription, we keep your data for 90 days in case you decide to return, after which it is permanently deleted.

WordPress credentials are deleted immediately when you remove them from your dashboard or when your account is closed. Support ticket history and attachments are deleted along with your account data.

Payment records may be retained longer where required by tax and accounting regulations.

You have the right to:

• Access your personal data — request a copy of all information we hold about you.
• Correct inaccurate data — update your profile, website details, or credentials at any time through the dashboard.
• Delete your data — request complete deletion of your account and all associated data.
• Export your data — request a machine-readable export of your personal data.

To exercise any of these rights, contact us at the email address below. We will respond to all requests within 30 days.

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email or through a notice on our dashboard. The "last updated" date at the top of this page reflects the most recent revision.

If you have any questions about this privacy policy or how we handle your data, please contact us: