Privacy Policy

1. Who We Are

PlannerWP ("we", "us", or "our") is a WordPress booking plugin developed and distributed by PlannerWP. Our plugin is distributed via Freemius, a WordPress software licensing platform.

For the purposes of this Privacy Policy, we act as the data controller for data collected through this website (plannerwp.com) and as a data processor on behalf of plugin users who collect booking data from their clients.

2. Data We Collect

2.1 Data collected on this website (plannerwp.com)

When you visit plannerwp.com, we may collect:

• Contact form data: name, email address, and message content when you use our contact form.
• Purchase data: when purchasing a Premium or Professional license, billing details are processed by Freemius (our payment platform). We receive only your email and license information.
• Technical data: IP address, browser type, operating system, and pages visited, collected through standard server logs for security purposes.

2.2 Data collected by the PlannerWP plugin (on your WordPress site)

The PlannerWP plugin, when installed on a WordPress site operated by a third party ("the plugin user"), collects the following data from their clients:

• Client name and email address (required for booking).
• Booking details: date, time slot, number of seats, chosen service.
• Payment status (paid/unpaid) if WooCommerce is used.
• GDPR consent timestamp.
• Secure booking token (used for booking management, not linked to an account).

This data is stored exclusively on the WordPress server of the plugin user. PlannerWP does not receive, access, or process this data. The WordPress site owner is the sole data controller for their clients' booking data.

2.3 Data collected via Freemius

License activation, updates, and subscription management are handled by Freemius. Their privacy policy applies: freemius.com/privacy.

3. How We Use Your Data

We use data collected through plannerwp.com for the following purposes:

We never sell, rent, or trade your personal data to third parties.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data on the following legal bases:

• Contractual necessity (Art. 6(1)(b)): processing required to fulfil a license purchase or support request.
• Legitimate interests (Art. 6(1)(f)): website security, fraud prevention, and improving our services.
• Consent (Art. 6(1)(a)): when you explicitly consent to receive marketing communications. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): retaining invoices and transaction records as required by tax law.

5. Data Sharing

We share data only with the following trusted third-party service providers, under strict data processing agreements:

• Freemius — license management and payment processing. Privacy policy →
• Hosting provider — server infrastructure for plannerwp.com. Subject to standard server data agreements.
• Email delivery provider — for transactional emails (e.g. SMTP service). Processed under a data processing agreement.

We do not transfer personal data outside the European Economic Area (EEA) unless adequate safeguards are in place (e.g. Standard Contractual Clauses).

6. Data Retention

We retain personal data for the minimum period necessary:

• Contact form messages: up to 12 months after the last interaction, then deleted.
• Purchase and invoice records: 7 years, as required by French/European tax law.
• Server logs: 6 months maximum, then automatically purged.
• License data: retained for the duration of an active license, plus 1 year after expiry.

PlannerWP plugin — booking data retention

By default, the PlannerWP plugin applies the following automatic anonymization rules on the WordPress site where it is installed:

• Booking personal data (name, email) is automatically anonymized after 2 years.
• System logs are purged after 6 months.
• Plugin users can export all data in JSON format at any time via wp-admin.

7. Your Rights Under GDPR

If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:

• Right of access (Art. 15): obtain a copy of your personal data we hold.
• Right to rectification (Art. 16): correct inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten").
• Right to restriction (Art. 18): limit how we process your data.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interests.
• Right to withdraw consent: at any time, without affecting prior processing.

To exercise any of these rights, contact us at contact@plannerwp.com. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In France: CNIL (cnil.fr).

8. Cookies

The plannerwp.com website uses minimal cookies:

• Session cookies: strictly necessary for the website to function. These expire when you close your browser.
• Language preference cookie: stores your selected language (EN/FR) for your next visit. Expires after 30 days.

We do not use tracking cookies, advertising cookies, or third-party analytics (e.g. Google Analytics).

You can manage or delete cookies through your browser settings at any time. Deleting cookies will not affect your access to the site.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, modification, disclosure, or destruction. These include:

• HTTPS encryption for all data in transit.
• Access controls limiting data access to authorised personnel.
• Regular security reviews of our systems.

The PlannerWP plugin uses atomic SQL transactions with pessimistic locking and secure token-based booking management to protect client data on your WordPress site.

Despite our best efforts, no system is completely secure. In the unlikely event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Art. 33.

10. Children's Privacy

Our website and plugin are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at contact@plannerwp.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last updated" date at the top of this page.
• Notify active license holders by email if the changes are material.

We encourage you to review this page periodically. Your continued use of our website or plugin after changes take effect constitutes your acceptance of the updated policy.

12. Contact Us

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact us: