Privacy Policy
Last updated: 2026-06-30
This Privacy Policy explains how [Legal entity name] ("offloadcms") collects, uses, and protects personal data when you use our website and Service. We act as the data controller for account and billing data, and as a processor for the content you publish.
On this page
01Data we collect
- Account data: your email address (used for magic-link sign-in) and account settings.
- Usage data: logs, device/browser metadata, and product analytics needed to operate and secure the Service.
- Billing data: processed by Polar. We receive subscription status and invoice metadata; we never receive or store full card numbers.
- Content: the WordPress data and media you import and publish.
02How we use data
- To provide, maintain, and secure the Service.
- To process subscriptions and send transactional email.
- To respond to support requests.
- To comply with legal obligations.
03Legal bases (GDPR)
We process data to perform our contract with you, for legitimate interests (security, product improvement), to comply with legal obligations, and with consent where required (e.g. non-essential cookies).
04Who we share with
We share data with processors strictly to run the Service: Cloudflare (hosting, storage), Polar (billing / Merchant of Record), and Resend (transactional email). We do not sell personal data. See our DPA for subprocessor details.
05Cookies
We use essential cookies for authentication and security. See our Cookie Policy.
06Data retention
We retain account and content data while your account is active and for a limited period afterward to allow export, then delete or anonymize it. Soft-deleted content is purged after a stated window. Billing records are kept as required by law.
07Your rights
Depending on your location (GDPR / UK GDPR / CCPA), you may request access, correction, export (portability), deletion/erasure, or restriction, and may object to certain processing. Exercise these by emailing hello@offloadcms.com. Erasure requests trigger a real, logged hard-delete.
08International transfers
Data may be processed in regions where our providers operate. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.
09Security
We use TLS in transit, scoped credentials, hashed session tokens, and least-privilege access. No system is perfectly secure, but we work to protect your data and will notify you of breaches as required by law.
10Children
The Service is not directed to children under 16 and we do not knowingly collect their data.
11Changes
We may update this policy; material changes will be notified. The "last updated" date reflects the current version.
12Contact
Privacy questions or requests: hello@offloadcms.com, [Legal entity name], [registered address]. [Appoint a DPO / EU representative if required.]
Questions about this policy? Email hello@offloadcms.com.