Privacy Policy

1. Who we are

WP Alerts is a service operated by Kyzoe Hosting BV, Vlaanderenstraat 23/0401, 8400 Oostende, Belgium. Contact: privacy@wp-alerts.com · Tel: 059 53 00 00.

We are the Data Controller for personal data processed through this service.

2. What data we collect

We collect and process the following categories of personal data:

• Email address — to send newsletters and security alerts you have subscribed to.
• Name (optional) — to personalise emails if you register an account.
• IP address — recorded at subscription time as required by GDPR for consent proof; used for rate limiting.
• Consent timestamp and text — stored as evidence of your opt-in consent.
• WordPress site URLs — if you use the site scanner or monitoring feature.
• Plugin / theme data — if you install our WordPress plugin, the list of plugins/themes on your site is sent to our servers to enable vulnerability alerts.
• Session cookies — functional cookies only, used to keep you logged in.

3. Legal basis for processing (GDPR Art. 6)

• Consent (Art. 6(1)(a)) — newsletter subscriptions. You can withdraw consent at any time via the unsubscribe link in every email.
• Contract (Art. 6(1)(b)) — account registration and site monitoring features.
• Legitimate interest (Art. 6(1)(f)) — rate limiting and security logging to protect our service.

4. How we use your data

• Sending the WP Alerts newsletter (WordPress vulnerability digest).
• Sending personalized security alerts about your specific WordPress sites.
• Operating your account and the site monitoring service.
• Fraud prevention and service security.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Email delivery

Emails are sent via Amazon SES (Amazon Web Services EMEA SARL, Luxembourg). Amazon processes your email address as a data processor under our instructions, with appropriate data processing agreements in place. Emails are delivered from no-reply@wp-alerts.com.

6. Data storage and retention

• Your data is stored on servers within the European Economic Area (EEA).
• Newsletter subscriber data is retained until you unsubscribe + 30 days.
• Account data is retained until you delete your account.
• Email send logs are retained for 90 days for legal compliance.

7. Your rights (GDPR)

Under GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Erase your data ("right to be forgotten").
• Restrict processing in certain circumstances.
• Data portability — receive your data in a structured format.
• Object to processing based on legitimate interests.
• Withdraw consent at any time (without affecting lawfulness of prior processing).

To exercise any of these rights, contact us at privacy@wp-alerts.com. We respond within 30 days.

You have the right to lodge a complaint with the Belgian Data Protection Authority (GBA/APD): dataprotectionauthority.be.

8. Cookies

We use only functional cookies (session cookie: wpa_sess) strictly necessary for login functionality. We do not use tracking, analytics, or advertising cookies. The session cookie is deleted when you close your browser.

9. Double opt-in

Newsletter subscriptions require double opt-in: after entering your email, you receive a confirmation email with a unique link. Your subscription is only activated after clicking that link. This ensures consent is freely given, specific, informed and unambiguous as required by GDPR.

10. Changes to this policy

We may update this policy. Material changes will be notified by email to active subscribers. The date at the top of this page reflects the latest revision.