Legal
Privacy Policy
Last updated: May 9, 2026
Who We Are
WP Scan ("we", "us", "our") operates wp-scan.org, a WordPress security scanning service. Our contact email is support@wp-scan.org.
Information We Collect
Account data: when you register, we collect your name, email address, and chosen plan.
Payment data: payments are processed by PayPal. We receive a transaction ID and payer email from PayPal after a successful payment — we never see or store your card or bank details.
Uploaded files: ZIP files uploaded for scanning are extracted to a secure temporary directory, scanned, then permanently deleted immediately after the scan completes. We do not read, copy, or retain the contents.
Scan results: results are returned to your browser and optionally cached in your browser's localStorage for 2 hours. We do not store scan results on our servers.
Log data: our server automatically records your IP address, browser type, pages visited, and timestamps in standard server logs. These logs are retained for up to 30 days for security and debugging purposes.
Payment data: payments are processed by PayPal. We receive a transaction ID and payer email from PayPal after a successful payment — we never see or store your card or bank details.
Uploaded files: ZIP files uploaded for scanning are extracted to a secure temporary directory, scanned, then permanently deleted immediately after the scan completes. We do not read, copy, or retain the contents.
Scan results: results are returned to your browser and optionally cached in your browser's localStorage for 2 hours. We do not store scan results on our servers.
Log data: our server automatically records your IP address, browser type, pages visited, and timestamps in standard server logs. These logs are retained for up to 30 days for security and debugging purposes.
How We Use Your Information
- To create and manage your account
- To deliver your license key by email after payment
- To provide and improve the scanning service
- To send transactional emails (license delivery, account notices)
- To send occasional product update or upgrade emails — you can opt out at any time by emailing us
- To detect and prevent abuse or fraud
Third-Party Services
PayPal — payment processing. PayPal's privacy policy applies to data you share with PayPal during checkout.
Google Sheets — we use a private Google Sheet (accessible only to us) to log license issuance records for internal bookkeeping. No personal data is shared publicly.
Google Fonts / Tailwind CDN — our pages load Inter font via Google Fonts and a Tailwind CSS CDN. These services may set their own cookies and log your IP; their respective privacy policies apply.
Google Sheets — we use a private Google Sheet (accessible only to us) to log license issuance records for internal bookkeeping. No personal data is shared publicly.
Google Fonts / Tailwind CDN — our pages load Inter font via Google Fonts and a Tailwind CSS CDN. These services may set their own cookies and log your IP; their respective privacy policies apply.
Cookies
We use a single session cookie to keep you logged in. We do not use third-party advertising or tracking cookies. The Google Fonts CDN may set a cache cookie; no analytics or advertising data is collected via our own code.
Data Retention
- Account records: retained while your account is active, deleted within 30 days of a deletion request
- Payment records: retained for 7 years as required by financial record-keeping laws
- Uploaded ZIP files: deleted immediately after scanning (within seconds)
- Scan results: not stored on our servers; your browser cache clears after 2 hours
- Server logs: retained up to 30 days
Your Rights
Depending on your location, you may have the right to access, correct, or delete your personal data, or to restrict or object to its processing. To exercise any of these rights, email us at support@wp-scan.org. We will respond within 30 days.
Data Security
We use HTTPS (TLS) for all data in transit. Database credentials and private keys are stored outside the web root. Passwords are hashed using bcrypt. Despite these measures, no internet transmission is 100% secure; use the Service at your own risk.
Children's Privacy
WP Scan is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the revised policy.
Contact
Questions about this Privacy Policy? Email us at support@wp-scan.org.