offloadcms

Privacy Policy

Last updated: 2026-06-30

Template notice. This is a starting-point policy for the offloadcms storefront. Review and adapt it with qualified counsel before publishing or onboarding with Polar. Bracketed values must be completed.

This Privacy Policy explains how [Legal entity name] ("offloadcms") collects, uses, and protects personal data when you use our website and Service. We act as the data controller for account and billing data, and as a processor for the content you publish.

01Data we collect

  • Account data: your email address (used for magic-link sign-in) and account settings.
  • Usage data: logs, device/browser metadata, and product analytics needed to operate and secure the Service.
  • Billing data: processed by Polar. We receive subscription status and invoice metadata; we never receive or store full card numbers.
  • Content: the WordPress data and media you import and publish.

02How we use data

  • To provide, maintain, and secure the Service.
  • To process subscriptions and send transactional email.
  • To respond to support requests.
  • To comply with legal obligations.

03Legal bases (GDPR)

We process data to perform our contract with you, for legitimate interests (security, product improvement), to comply with legal obligations, and with consent where required (e.g. non-essential cookies).

04Who we share with

We share data with processors strictly to run the Service: Cloudflare (hosting, storage), Polar (billing / Merchant of Record), and Resend (transactional email). We do not sell personal data. See our DPA for subprocessor details.

05Cookies

We use essential cookies for authentication and security. See our Cookie Policy.

06Data retention

We retain account and content data while your account is active and for a limited period afterward to allow export, then delete or anonymize it. Soft-deleted content is purged after a stated window. Billing records are kept as required by law.

07Your rights

Depending on your location (GDPR / UK GDPR / CCPA), you may request access, correction, export (portability), deletion/erasure, or restriction, and may object to certain processing. Exercise these by emailing hello@offloadcms.com. Erasure requests trigger a real, logged hard-delete.

08International transfers

Data may be processed in regions where our providers operate. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.

09Security

We use TLS in transit, scoped credentials, hashed session tokens, and least-privilege access. No system is perfectly secure, but we work to protect your data and will notify you of breaches as required by law.

10Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

11Changes

We may update this policy; material changes will be notified. The "last updated" date reflects the current version.

12Contact

Privacy questions or requests: hello@offloadcms.com, [Legal entity name], [registered address]. [Appoint a DPO / EU representative if required.]

Questions about this policy? Email hello@offloadcms.com.