Privacy Policy

ScudoWP provides a security-hardening plugin for WordPress and the related website and support services. References to "we," "us," and "our" mean the ScudoWP team.

If you have any questions about this policy or how your data is handled, you can reach us at support@scudowp.com.

Contact and support data. When you email us at support@scudowp.com or otherwise contact us, we collect your email address, your name (if you provide it), and the contents of your message. We use this solely to respond to and resolve your request.

Basic site and environment information. To deliver its security features, the Plugin reads and processes technical information about your WordPress installation and hosting environment, such as the WordPress and PHP version, active server modules and capabilities, plugin and theme details, file and configuration state, and similar technical signals. This information is used to detect risks, decide which hardening controls your environment can safely support, and apply and verify those controls. The Plugin operates primarily on your own server; we do not collect this information unless it is needed to provide a feature you have enabled or support you have requested.

Server logs. Our Site and supporting services automatically record standard server log data, which may include IP addresses, browser and device type, requested pages, referring URLs, and timestamps. We use server logs to operate, secure, and troubleshoot our services and to detect and prevent abuse.

Cookies. The Site uses cookies that are strictly necessary for essential functions, such as maintaining your session, security, and remembering basic preferences. These essential cookies are required for the Site to work and are not used for advertising or cross-site tracking.

We use the data described above to provide and maintain the Plugin and Site, to deliver the security features you enable, to respond to support requests, to keep our services secure and reliable, to meet legal obligations, and to improve our products.

We do not sell your personal data. We rely on the legal bases of performing our contract with you (providing the Plugin and support), our legitimate interests (securing and improving our services), consent where required (for example, optional features), and compliance with legal obligations.

The PRO version of ScudoWP is sold and distributed through Freemius, a third-party e-commerce platform. Freemius acts as the merchant of record / reseller for PRO licenses and handles checkout, payment processing, billing, invoicing, tax handling, and license management.

When you purchase or manage a PRO license, your personal and payment information (such as name, email, billing address, and payment details) is collected and processed by Freemius as part of completing the transaction. We do not receive or store your full payment card details. Freemius processes this data under its own terms and privacy practices.

Please review the Freemius Privacy Policy to understand how Freemius handles your personal and payment data when you buy or renew a PRO license.

ScudoWP's deterministic security core does not depend on any AI service. Any AI-assisted features are optional, are turned off by default, and require you to provide and configure your own AI provider API key ("bring your own key").

If you choose to enable an optional AI feature, the relevant data needed for that feature is sent directly to the AI provider you have configured, using your own key. That provider processes your data under its own terms and privacy policy. We are not responsible for, and do not control, how your chosen AI provider uses or retains data. If you do not enable these features or do not configure a key, no data is sent to any AI provider.

We share personal data only as needed to operate our services: with Freemius for purchases, licensing, and billing; with the AI provider you configure, if you enable optional AI features; with service providers that host or support our Site and services, acting on our behalf; and where required by law or to protect our rights and the security of our users.

We do not sell personal data or share it for third-party advertising.

We keep personal data only for as long as necessary for the purposes described in this policy. Support correspondence is retained for as long as needed to provide support and for a reasonable period afterward for reference and quality purposes. Server logs are retained for a limited period for security and troubleshooting, then deleted or anonymized.

Billing, transaction, and license records related to PRO purchases are retained by Freemius according to its policies and applicable legal and accounting requirements. When data is no longer needed, we delete it or anonymize it.

Depending on your location, you may have rights under data protection laws such as the GDPR, including the right to access the personal data we hold about you, to request correction of inaccurate data, to request erasure, to restrict or object to certain processing, and to data portability. Where processing is based on consent, you may withdraw your consent at any time.

To exercise these rights, contact us at support@scudowp.com. We will respond within the time required by applicable law and may need to verify your identity before acting on a request. For data handled by Freemius in connection with your purchase (such as billing and payment data), you may also need to contact Freemius directly, as described in the Freemius Privacy Policy. You also have the right to lodge a complaint with your local data protection authority.

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure, but we work to safeguard the limited data we handle and to apply security best practices consistent with the purpose of our products.

ScudoWP is intended for use by website owners and administrators and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

We may update this Privacy Policy from time to time to reflect changes in our practices, features, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice. Your continued use of the Site or Plugin after changes take effect means you accept the updated policy.

For any privacy questions, requests, or concerns, including requests to access or delete your personal data, contact us at support@scudowp.com.