Effective date: June 2025 · Last updated: June 2025
WP Canary is a WordPress plugin. All diagnostic data it collects — database health, plugin statuses, 404 counts, debug log content — is processed entirely on your own WordPress server. None of that data is ever sent to us. The only personal data we collect is what you voluntarily provide: your name and email when you contact us, and your payment and email details when you purchase Pro through Freemius.
1. Who we are
WP Canary is a WordPress plugin product operated by Universally Found, LLC, a Virginia limited liability company (‘we’, ‘us’, ‘our’). Our website is getwpcanary.com.
For privacy enquiries, contact us at: getwpcanary.com/contact
2. What data we collect and why
2a. Contact form
When you submit the contact form on getwpcanary.com/contact, we collect your name, email address, the topic you select, and your message. We use this information solely to respond to your enquiry. This data is stored in our WordPress database and is not shared with third parties. We retain it for as long as necessary to resolve your enquiry and for up to 12 months thereafter.
2b. Freemius — payment and licence data
Pro licences for WP Canary are sold and managed through Freemius (freemius.com), a third-party e-commerce and software licensing platform. When you purchase a Pro licence, Freemius collects and processes your name, email address, payment card details, billing address, site URL, and licence information on our behalf.
Freemius acts as a data processor for us and as a controller in their own right for payment processing purposes. Their privacy practices are governed by the Freemius Privacy Policy, available at freemius.com/privacy. We do not store your payment card details on our systems at any point.
2c. Freemius plugin telemetry (optional)
When you activate WP Canary, the Freemius SDK included in the plugin may ask for your permission to share non-sensitive diagnostic data: your site URL, WordPress version, PHP version, active plugin list, and WP Canary version number. This sharing is entirely optional and requires your explicit opt-in. If you decline, the plugin functions normally without any data being shared. If you opt in, this data is sent to Freemius and governed by their privacy policy.
2d. Plugin operation — data stays on your server
WP Canary processes all site diagnostic information — database table health, plugin statuses, 404 error rates, debug log content, ad network script detection, and licence status — entirely on your own WordPress server. This data is never transmitted to Universally Found, LLC or to any third party by the plugin itself. It exists only within your WordPress installation and, if you use the morning digest feature, in emails delivered to the address you configure within your own WordPress settings.
2e. MailerLite email subscriptions
If you subscribe to WP Canary release notifications via the opt-in form on our website, your email address is stored by MailerLite, our email marketing platform. MailerLite acts as a data processor on our behalf. You can unsubscribe at any time using the link in any email we send. MailerLite’s privacy policy is available at mailerlite.com/legal/privacy-policy.
2f. Cookies
getwpcanary.com uses only essential cookies necessary for the WordPress platform to function, including session management for logged-in users. We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent banner is required for essential cookies only, but we disclose their use here for transparency.
3. Legal basis for processing (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal basis for collecting and processing personal data is as follows:
- Contact form data — legitimate interests (responding to your enquiry) and, where applicable, performance of a contract
- Payment and licence data — performance of a contract (your purchase of a Pro licence)
- Freemius telemetry — consent (your explicit opt-in when activating the plugin)
- MailerLite email subscriptions — consent (your explicit opt-in when subscribing)
4. How we share your data
We do not sell, rent, or trade your personal data to third parties for marketing purposes. We share data only as follows:
- Freemius — to process payments and manage licences on our behalf
- MailerLite — to deliver release notification emails you have opted in to receive
- Legal obligations — if required by law, court order, or governmental authority
Both Freemius and MailerLite are contractually bound to process your data only as instructed and in accordance with applicable data protection law.
5. Data retention
We retain personal data for as long as necessary for the purpose for which it was collected, and no longer than the following periods:
- Contact form submissions — 12 months from the date of the enquiry, then deleted
- Payment and licence data — retained by Freemius in accordance with their retention policy and applicable law; we retain licence records for as long as your licence is active plus 3 years for accounting purposes
- MailerLite subscription data — retained until you unsubscribe, after which it is deleted within 30 days
6. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Right to access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data, subject to legal retention requirements
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at getwpcanary.com/contact. We will respond within 30 days. For payment and licence data held by Freemius, please contact Freemius directly at freemius.com/privacy.
7. Data security
We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include SSL/TLS encryption on getwpcanary.com, access controls on our WordPress installation, and use of reputable third-party processors (Freemius, MailerLite) with their own security programmes.
No method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to using industry-standard protections.
8. International transfers
Universally Found, LLC is based in Virginia, United States. If you are located outside the United States, your personal data may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using getwpcanary.com or purchasing a WP Canary licence, you acknowledge this transfer.
For EEA and UK users: Freemius and MailerLite maintain appropriate safeguards for international transfers, including Standard Contractual Clauses where required.
9. Children’s privacy
WP Canary is a professional software product not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the ‘Last updated’ date at the top of this page. For material changes, we will notify active Pro licence holders via the email address associated with their Freemius account. Continued use of getwpcanary.com or the WP Canary plugin after changes are posted constitutes acceptance of the updated policy.
11. Contact
For privacy questions, data access requests, or complaints, contact us at:
Universally Found, LLC
getwpcanary.com/contact
Virginia, United States
If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.