Privacy Policy

XtremePlugins LLC builds performance-focused plugins for WooCommerce, Shopify, and WordPress. We sell software subscriptions — not your personal information. This page spells out exactly what data we collect, why we collect it, and what control you have over it. No legal fog, no buried surprises.

What We Collect

We only gather information that directly supports your account, your purchases, or our ability to help you when something goes wrong.

• Account basics — your name, email address, and a hashed password when you create an account. We never store passwords in readable form.
• Billing details — payment processing runs entirely through Stripe. We receive a truncated card reference (last four digits and expiry) so you can identify your payment method in your dashboard, but we never see or store your full card number.
• Usage analytics — anonymous, aggregate-level data about which pages are visited, which plugin versions are active, and how features are used. This helps us decide what to build next and where to squash bugs.
• Support tickets — when you reach out through our support portal, we keep the conversation history, any attachments you share, and basic metadata like timestamps and ticket status.

How We Use It

Everything we collect maps to a concrete purpose:

• Delivering the service — authenticating your account, generating license keys, pushing plugin updates, and verifying active subscriptions.
• Processing payments — charging your subscription, issuing refunds, sending invoices, and handling failed-payment notifications.
• Providing support — responding to your tickets, diagnosing plugin issues, and following up until problems are resolved. Check our FAQ for quick answers before opening a ticket.
• Improving our products — spotting patterns in anonymous usage data so we can prioritize roadmap items, optimize performance bottlenecks, and ship better documentation.

What We Never Do

Some lines we simply do not cross. These are non-negotiable, not “subject to change.”

• We do not sell, rent, or trade your personal data to anyone, period.
• We do not share your information with advertising networks or data brokers.
• We do not track your browsing activity across other websites. Our analytics stay within the boundaries of xtremeplugins.com.
• We do not build behavioral profiles for ad targeting. We are a plugin company, not an ad company.

Cookies & Analytics

We keep cookie usage minimal and intentional:

• Essential cookies — session tokens and CSRF protection. These are strictly necessary for the site to function and cannot be disabled.
• Analytics (optional) — we use privacy-respecting, cookieless analytics tools that do not fingerprint visitors or collect personally identifiable information. You can opt out at any time through the cookie banner.

We do not use tracking pixels, social-media widgets that phone home, or any third-party scripts whose primary job is surveillance.

Third-Party Services

A handful of external services touch your data in tightly scoped ways:

• Stripe — handles all payment processing. Stripe operates under its own PCI-DSS-compliant privacy policy. We send Stripe only what it needs to charge your subscription.
• Ghost — powers our blog. If you subscribe to blog updates, Ghost stores your email address for that mailing list and nothing else.
• Transactional email provider — sends purchase receipts, password resets, and subscription renewal reminders. These emails are purely functional; we do not send promotional blasts through this channel without your explicit opt-in.

We vet every third party before integration and limit data sharing to the minimum each service requires to do its job.

Data Storage & Security

Keeping your data safe is not a marketing bullet point for us — it is an operational baseline.

• All data is encrypted at rest using AES-256.
• Every connection to our servers is encrypted in transit via HTTPS/TLS. There are no plaintext fallbacks.
• Internal access to customer data is restricted by role-based controls. Engineers cannot casually browse account records.
• We maintain regular, encrypted backups stored in a geographically separate location from primary infrastructure.
• Passwords are hashed with bcrypt using per-user salts. Even if our database were somehow compromised, your password would remain unreadable.

Your Rights

You own your data. We hold it on your behalf while you use our service. Here is what you can do at any point:

• Access — request a full copy of the personal data we hold about you.
• Correction — update or fix inaccurate information directly in your dashboard or by contacting support.
• Deletion — ask us to permanently erase your account and all associated data.
• Export — download your data in a standard, machine-readable format.
• Opt out of marketing — unsubscribe from promotional emails with a single click. Transactional emails (receipts, security alerts) will still arrive as long as your account exists.

To exercise any of these rights, email privacy@xtremeplugins.com or open a ticket through support. We respond within 10 business days.

Data Retention

While your subscription is active, we retain the data needed to operate your account and deliver plugin updates. If you cancel your subscription and close your account, we initiate a 90-day wind-down period during which your data is marked for deletion but can still be recovered if you change your mind. After those 90 days, your personal data is permanently purged from all primary systems and backups. Anonymized, aggregate analytics data (which cannot be tied back to any individual) may be retained indefinitely for long-term product analysis.

Children’s Privacy

XtremePlugins is a business tool for store owners and developers. Our services are not designed for, marketed to, or intended to be used by anyone under 16 years of age. We do not knowingly collect data from minors. If you believe a child under 16 has created an account, please contact us at privacy@xtremeplugins.com and we will remove the account promptly.

International Transfers

XtremePlugins LLC is based in the United States. If you access our services from outside the U.S., your data crosses international borders when it reaches our servers. We apply the same security standards regardless of where you are located. For customers in the European Economic Area or the United Kingdom, we rely on Standard Contractual Clauses where applicable to ensure your data receives adequate protection during transfer.

Updates to This Policy

When we make meaningful changes to this policy, we will update the effective date at the top and notify active subscribers by email at least 14 days before the changes take effect. Minor clarifications or formatting tweaks that do not alter your rights may be made without notice. You can always find the latest version right here on this page.