Explore Demo
Legal

Privacy Policy

Last updated: April 2026

1. Introduction

We take the protection of your personal data very seriously. This Privacy Policy explains how Flowguard collects, uses, and protects your personal data when you use our website and services.

Personal data comprises all data that can be used to personally identify you. This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Controller Information

The controller responsible for data processing on this website (referred to as the "controller" in the GDPR) is:

Codepa
Daniele De Rosa
Höhenweg 13
66133 Saarbrücken
Germany

Email: support@flowguardwp.io
Website: https://flowguardwp.io

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

3. Data We Collect

We collect data in the following ways:

3.1 Data You Provide to Us

  • Account information: When you create an account, we collect your name, email address, and payment information.
  • Contact information: When you contact us via email or contact forms, we collect the information you provide.
  • Purchase information: When you purchase a license, we collect billing details necessary to process your payment.

3.2 Data Collected Automatically

  • Log data: Our servers automatically record information including your IP address, browser type, referring URL, and date/time of access.
  • Device information: We collect information about the device you use to access our website.
  • Usage data: We collect information about how you use our website and services.

3.3 Data Processed by the Plugin

When you use the Flowguard plugin:

  • License verification: Your license key and site URL are transmitted to verify your license.
  • Test execution: When using remote test execution, HTTP requests are made to your website. Test results are processed on our servers and transmitted back to your WordPress installation.
  • Monitoring data: Uptime monitoring data (response times, status codes) is collected and stored.

Important: We do not collect or store your WordPress admin credentials, database content, or any sensitive user data from your website.

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent to process your personal data for specific purposes.
  • Contract performance (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract with you (e.g., providing the Flowguard service).
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation (e.g., tax records).
  • Legitimate interests (Art. 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, provided these are not overridden by your rights and interests (e.g., fraud prevention, service improvement).

5. How We Use Your Data

We use the collected data for the following purposes:

  • To provide and maintain our services
  • To process your purchases and manage your account
  • To verify and manage software licenses
  • To provide customer support
  • To send important service notifications
  • To improve our website and services
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods:

  • Account and contract data: Duration of the contractual relationship plus 3 years (statutory limitation period under § 195 BGB).
  • Invoices and payment records: 10 years (§ 147 AO, § 257 HGB).
  • Business correspondence: 6 years (§ 257 HGB).
  • Test results and screenshots: Duration of the subscription or as configured by the User. Deleted within 30 days after subscription ends.
  • Monitoring data: Retained according to your configured retention settings. Deleted within 30 days after subscription ends.
  • Newsletter subscriber data: Until consent is withdrawn.
  • Support communications: Up to 3 years to provide context for ongoing support.
  • Server logs: Automatically deleted after 30 days.
  • Cookie consent records: 3 years.

7. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following processors and service providers, each of which has a Data Processing Agreement (Auftragsverarbeitungsvertrag / AVV) with us:

7.1 SureCart (Payment Processing & License Management)

Provider: SureCart LLC, USA
Data processed: Name, email, billing address, payment method, license keys, subscription data
Purpose: Payment processing, subscription management, license verification
Legal basis: Art. 6(1)(b) DSGVO — contract performance
Data transfer: USA — EU-U.S. Data Privacy Framework (adequacy decision)
Privacy Policy: surecart.com/privacy-policy

7.2 Stripe (Payment Processor)

Provider: Stripe, Inc., USA (sub-processor of SureCart)
Data processed: Credit card data, transaction data, billing address
Purpose: Secure payment processing
Legal basis: Art. 6(1)(b) DSGVO — contract performance
Data transfer: USA — EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
Privacy Policy: stripe.com/privacy

7.3 Vultr (Server Hosting)

Provider: The Constant Company, LLC (Vultr)
Data processed: All data processed by Flowguard's API (test results, monitoring data, license verification)
Purpose: Server infrastructure for API and testing services
Legal basis: Art. 6(1)(b) DSGVO — contract performance
Data location: EU (Germany) — no international transfer
Privacy Policy: vultr.com/legal/privacy

7.4 Gumlet (Video Hosting)

Provider: Gumlet, Inc.
Data processed: IP address, browser user agent, video viewing behavior
Purpose: Hosting and delivery of video content on our website
Legal basis: Art. 6(1)(f) DSGVO — legitimate interest in presenting product content
Privacy Policy: gumlet.com/privacy

7.5 Mailerpress (Email Newsletter)

Provider: Self-hosted WordPress plugin on our own server
Data processed: Email address, subscription status, open/click tracking
Purpose: Sending newsletters and product updates
Legal basis: Art. 6(1)(a) DSGVO — consent (double opt-in)
Data location: EU (Germany) — no international transfer

7.6 Legal Requirements

We may disclose your data if required by law, court order, or government request, or to protect our rights, property, or safety.

8. International Data Transfers

Our API servers and primary infrastructure are located in the European Union (Germany). However, some of our service providers are based in the United States:

  • SureCart and Stripe: Certified under the EU-U.S. Data Privacy Framework (DPF), based on the adequacy decision of the European Commission dated July 10, 2023. Additionally secured by Standard Contractual Clauses (SCCs) as a supplementary safeguard.
  • Gumlet: Data transfers are covered by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) DSGVO.

You can verify DPF certification status at dataprivacyframework.gov.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation of whether we process your personal data and to access that data.
  • Right to rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You have the right to request deletion of your personal data under certain circumstances ("right to be forgotten").
  • Right to restriction (Art. 18 GDPR): You have the right to request restriction of processing under certain circumstances.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise any of these rights, please contact us at support@flowguardwp.io.

10. Right to Object

You have the right to object to the processing of your personal data based on grounds arising from your unique situation when data is processed on the basis of Art. 6(1)(e) or (f) GDPR (public interest or legitimate interests).

If you log an objection, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time. If you object, your data will no longer be processed for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).

11. Right to Lodge a Complaint (Art. 77 DSGVO)

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

The supervisory authority responsible for our business is:

Unabhängiges Datenschutzzentrum Saarland
Fritz-Dobisch-Straße 12
66111 Saarbrücken
Germany
Website: datenschutz.saarland.de

12. Obligation to Provide Data

Providing your email address and payment data is necessary for the conclusion and performance of the contract (Art. 13(2)(e) DSGVO). Without this data, we cannot provide the Flowguard service or process your purchase.

Providing data for the newsletter is voluntary and based on your consent. You are not obligated to subscribe, and your refusal has no consequences for your use of Flowguard.

13. Automated Decision-Making

We do not use automated decision-making or profiling as defined in Art. 22 DSGVO that produces legal effects or similarly significantly affects you.

Automated test results (pass/fail) are technical outcomes of the test flows you configure and do not constitute automated decision-making concerning your person.

14. Cookies and Local Storage (§ 25 TDDDG)

Our website uses cookies and similar technologies. The legal basis for technically necessary cookies is § 25(2) TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz). All other cookies require your consent under § 25(1) TDDDG in conjunction with Art. 6(1)(a) DSGVO.

14.1 Technically Necessary Cookies

These cookies are essential for the website to function. They do not require consent. They include:

  • Session cookies for maintaining your login state
  • CSRF protection tokens
  • Cookie consent preferences
  • SureCart session and cart cookies

14.2 Third-Party Cookies

With your consent, the following third-party services may set cookies:

  • Gumlet: Video player cookies for video delivery and quality optimization
  • Stripe (via SureCart): Fraud prevention cookies during checkout

14.3 Managing Cookies

You can manage your cookie preferences at any time through our cookie consent banner. You can also configure your browser to block cookies, though this may affect website functionality. Withdrawing consent is as easy as giving it.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • All data transmissions are encrypted using SSL/TLS (HTTPS)
  • Access to personal data is restricted to authorized personnel only
  • Regular security assessments and updates
  • Secure data storage with appropriate access controls

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

15. Plugin-Specific Privacy Information

The Flowguard WordPress plugin processes data as follows:

14.1 What the Plugin Does NOT Collect

  • WordPress admin passwords or credentials
  • Database contents or user data from your website
  • Personal data of your website visitors
  • Content of emails sent through your website

14.2 What the Plugin DOES Process

  • License key and site URL for license verification
  • Test flow configurations (stored locally in your WordPress database)
  • Test results and monitoring data
  • HTTP responses from your website during test execution

14.3 Test Mode Privacy

When Test Mode is enabled, the plugin prevents real actions (emails, orders, user registrations) from occurring during tests. This ensures that test data does not mix with real user data on your website.

16. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will delete such information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically. Changes are effective when posted on this page.

18. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@flowguardwp.io
Website: https://flowguardwp.io

For data protection inquiries, please email us with the subject line "Data Protection Inquiry".