Back to home

Privacy Policy

Last updated: March 13, 2026

1. Introduction

WP Sentinel ("we", "us", or "our") operates the wpsentinel.io website and the WP Sentinel platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our service.

By using WP Sentinel, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

2. Data we collect

Account information

  • Name and email address (required for account creation)
  • Password (stored as a one-way bcrypt hash — we never store or can read your password)
  • Organization name
  • Billing information (company name, address, VAT number) if applicable

Site data

  • WordPress site URLs you add to the platform
  • WordPress core, plugin, and theme version information
  • Site connection status and health metrics
  • SMTP configuration (if you configure email settings)

Usage data

  • Pages visited and features used (via Google Analytics)
  • Browser type, device type, and operating system
  • IP address (anonymized)
  • Referring website

3. How we use your data

We use the collected data for the following purposes:

  • To provide and maintain the WP Sentinel service
  • To manage your account and subscription
  • To monitor and manage your connected WordPress sites
  • To process payments and generate invoices
  • To send service-related communications (e.g., security alerts, update notifications)
  • To analyze usage patterns and improve the platform (via Google Analytics)
  • To detect and prevent fraud or abuse

4. Analytics and tracking

We use Google Analytics and Google Tag Manager to understand how visitors interact with our website and platform. These services may collect:

  • Pages visited and time spent on each page
  • Click behavior and navigation patterns
  • Device and browser information
  • Approximate geographic location (based on anonymized IP)

Google Analytics uses cookies to identify unique visitors across sessions. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

For more details on the cookies we use, please see our Cookie Policy.

5. Legal basis for processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the service you signed up for (account management, site monitoring, billing)
  • Legitimate interest: Analytics to improve our platform, fraud detection, and service security
  • Consent: For non-essential cookies (Google Analytics). You can withdraw consent at any time
  • Legal obligation: Retaining invoices and billing records as required by Dutch tax law

6. Data sharing and third parties

We do not sell your personal data. We share data only with the following third-party services necessary to operate the platform:

  • Supabase (EU) — Database hosting and storage
  • Google Analytics / Google Tag Manager (US) — Website analytics, covered by Google's EU-US Data Privacy Framework
  • Mollie (Netherlands) — Payment processing
  • Vercel (US) — Application hosting, covered by DPF

Each provider processes data under their own privacy policy and applicable data processing agreements.

7. Data retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Site monitoring data: Scan logs and historical data retained for 12 months.
  • Billing records: Retained for 7 years as required by Dutch fiscal regulations.
  • Analytics data: Google Analytics data is retained for 14 months (configured in our GA account).

8. Your rights

Under the GDPR, you have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Restriction — Request that we restrict processing of your data
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interests

To exercise any of these rights, email us at privacy@wpsentinel.io. We will respond within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Passwords stored using bcrypt hashing
  • Row-level security in our database
  • Role-based access control
  • Server-side only access to database credentials

10. International transfers

Some of our service providers (Google, Vercel) are based in the United States. These transfers are protected by the EU-US Data Privacy Framework or Standard Contractual Clauses as applicable.

11. Children

WP Sentinel is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice on our platform or sending an email. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

WP Sentinel
Email: privacy@wpsentinel.io
Website: wpsentinel.io

You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.