Manage GPL
Sign up free
Legal

Privacy Policy

Last updated: April 24, 2026

Manage GPL ("we", "us", "our") respects your privacy. This policy explains what we collect, how we use it, and the choices you have. We try to keep this short and plain-English.

1. What we collect

Account information: name, email address, hashed password, optional 2FA secret. Required to create and secure your account.

Site connection data: the URL of any WordPress site you connect, plus the list of installed plugins and themes and their versions. We read this through the Manage GPL Connect plugin you install on your site. We do not store your WordPress admin passwords — ever.

Billing information: if you upgrade to a paid plan, payment is processed by Stripe. We store the subscription identifier, plan, and invoice metadata. We do not store full card numbers; those live only with the payment processor.

Activity logs: updates you trigger, sites you connect, SSO logins, and similar actions, attached to your account for audit purposes.

Technical data: IP address, browser user agent, request timestamps. Used for security (rate limiting, audit trail) and aggregate analytics.

2. How we use it

  • To provide the service: connect to your sites, keep their plugin & theme lists current, run updates you trigger
  • To bill you (if applicable) and send transactional emails (receipts, password resets, payment notifications)
  • To detect and prevent abuse, fraud, and security incidents
  • To improve the product, in aggregate (we look at usage patterns across all customers, not at your individual data)

3. Who we share it with

We share data only with the third-party processors required to operate the service:

  • Stripe — payment processing
  • Cloudflare — DDoS protection, Turnstile spam protection
  • Transactional email provider — password resets, uptime alerts, contact-form notifications
  • Cloud hosting provider — server infrastructure (EU region)

We do not sell your data to anyone, ever. We do not run advertising trackers.

4. Data retention

We keep your account data for as long as you have an active account. If you delete your account, we delete all personal data within 30 days, except where retention is required for legal/accounting reasons (e.g., paid invoice records — kept 7 years).

Per-site activity logs are pruned after 30 days. Individual uptime-check rows are pruned after 90 days; closed uptime incidents are pruned after 180 days.

5. Your rights

If you are in the EU/UK, GDPR gives you rights to access, rectify, port, and erase your data. We honor those rights for everyone, regardless of location. Email [email protected] with any request.

6. Cookies

We use first-party session cookies to keep you logged in and to protect the registration form (CSRF). We do not use third-party advertising cookies. Cloudflare may set its own cookies for security purposes (we do not control these — see Cloudflare's policy).

7. Children

Manage GPL is not intended for users under 16. We do not knowingly collect data from children.

8. Changes

We will update this page if our practices change and email account holders for material changes. The "last updated" date at the top reflects the latest revision.

9. Contact

Questions? Email [email protected].