Privacy Policy

Effective Date: February 1, 2026

This Privacy Policy describes how TSSM Pro ("we", "the developer") collects, uses, and protects your personal information when you use the TSSM Pro plugin, the license server at gidsqr.com/tssm, and related services (collectively, "the Service").

1. Information We Collect

Information You Provide

• Email Address: Collected during checkout and used for license delivery, customer portal access (via magic link login), and important service communications.
• Payment Information: Payment details are processed securely by Stripe. We never see, store, or have access to your full credit card numbers. We receive only a Stripe customer ID and subscription ID for license management purposes.

Information Collected Automatically

• WordPress Site URL: Submitted during license activation to associate your license with your website.
• IP Address (Hashed): Your IP address is cryptographically hashed (SHA-256, truncated) before storage. The original IP address is not retained. Hashed IPs are used solely for abuse detection and rate limiting.
• Plugin Version: The version of TSSM Pro installed on your site, collected during activation and update checks.
• PHP Version: Your server's PHP version, collected during license activation for compatibility purposes.
• WordPress Version: Your WordPress version, collected during license activation for compatibility purposes.

2. How We Use Your Information

• License Management: To issue, activate, verify, and manage your software license.
• Email Delivery: To send you your license key, magic link login emails, and important service notifications.
• Abuse Prevention: To detect and prevent license abuse, unauthorized redistribution, and fraudulent activity using hashed IP addresses and activation patterns.
• Plugin Updates: To deliver software updates through our private update channel.

3. Third-Party Services

We use the following third-party services to operate the Service:

• Stripe (payments) — Processes all payment transactions. Stripe's privacy policy: stripe.com/privacy.
• Brevo (email) — Delivers transactional emails including license delivery and magic link login emails. Brevo's privacy policy: brevo.com/legal/privacypolicy.
• Sanity (CMS) — Provides content management for marketing pages. Sanity's privacy policy: sanity.io/legal/privacy.
• Railway (hosting) — Hosts the application infrastructure. Railway's privacy policy: railway.app/legal/privacy.
• PostHog (analytics) — Provides privacy-friendly product analytics to help us understand how visitors use our public marketing pages. PostHog's privacy policy: posthog.com/privacy.

We do not sell, rent, or share your personal information with any other third parties.

4. Cookies

We use strictly necessary cookies required for the Service to function:

• admin.sid — Admin session cookie for authenticated admin access. Session duration.
• portal.sid — Customer portal session cookie for authenticated customer access. Session duration.
• x-csrf-token — CSRF protection cookie to prevent cross-site request forgery attacks. Session duration.

We also use analytics cookies from PostHog on our public marketing pages to understand how visitors interact with the site. Analytics are not loaded on authenticated pages (admin console, customer portal, or checkout). For more information, see our Cookie Policy.

5. Data Retention

• License Records: Retained for the duration of your active service and for a reasonable period afterward for legal and accounting purposes.
• Magic Link Tokens: Expire after 15 minutes and are marked as used upon verification. Expired tokens are periodically purged.
• API Logs: Retained for abuse detection purposes. Logs contain only hashed IP addresses and do not contain personally identifiable information.
• Session Data: Customer portal sessions expire after 24 hours. Admin sessions expire after 8 hours.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data under applicable laws including the GDPR and CCPA:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Correction: You may request correction of any inaccurate personal data.
• Right to Deletion: You may request that we delete your personal data, subject to legal retention requirements.
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to Opt Out of Sale (CCPA): We do not sell your personal information to third parties.

To exercise any of these rights, please contact us at support@gidsqr.com. We will respond to your request within 30 days.

7. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

8. International Data Transfers

Your data may be processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

9. Data Security

We take reasonable technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS)
• Cryptographic hashing of license keys and IP addresses
• CSRF protection on all forms
• Rate limiting and brute-force protection
• Secure, HTTP-only session cookies

However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will make reasonable efforts to notify you via email. Your continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at support@gidsqr.com.