WPCommand

Privacy Policy

Last Updated: February 20, 2026

WPCommand (“we,” “us,” or “our”), a sole trader business based in Ukraine (Kyiv, pr. Svobody, 04215), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal information when you use our browser extension, WPCommand (“Service”), and our website (https://wpcommand.io). By using the Service or website, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following information to provide and improve the Service:

  • Trial Data: When you start a 14-day free trial, we collect your email address, a device/install identifier (auto-generated by your browser), device and environment information (e.g., operating system, browser type), and trial timestamps (e.g., start date, verification status, and expiration date).
  • Subscription Data: When you purchase a subscription, we collect your email address, license key, order/subscription identifiers, subscription status (e.g., active, canceled), plan type (Individual or Agency), billing interval (monthly or yearly), activation limit (e.g., 2, 3, or 10 device activations depending on your plan), number of activated devices, and relevant timestamps (e.g., creation date, renewal date, cancellation date).
  • Device Activation Data: To enforce activation limits, we store device activation records linked to your license (e.g., browser profile identifier and basic device metadata such as browser type/OS). This helps us count activations and allow self-serve deactivation/reset flows.
  • Usage Data: When you use the command palette, we collect aggregated usage statistics (e.g., how many commands were run and command categories such as main/sub/tab/front-end actions) to calculate time saved and display usage trends. This data is stored in our command_stats database.
  • Important note about WordPress content: We do not intentionally collect or store the contents of your WordPress pages, posts, orders, customers, or site data. WPCommand runs in your browser and the usage data we store is limited to aggregated command statistics and the metadata required to operate the Service (e.g., license status and device activations).
  • Website Data: Our website uses Google Analytics, which may collect anonymized data via cookies (such as IP address, browser type, device type, and pages visited) to analyze traffic and improve SEO and user experience.

2. How We Use Your Information

We use your information to:

  • Provide and operate the Service (e.g., manage licenses, track device activations, display usage statistics).
  • Analyze usage patterns via PostHog to understand popular commands and improve the Service.
  • Process payments and subscriptions through Paddle, our payment processor.
  • Communicate with you about updates, issues, or changes to the Service (via Resend).
  • Optimize our website through Google Analytics for better user experience and SEO.

3. How We Share Your Information

We share your information only with trusted third parties to operate the Service:

  • Paddle: Our payment processor (Merchant of Record) processes subscription payments and may collect payment-related data (e.g., email, payment details). See Paddle’s Privacy Policy at https://www.paddle.com/legal/privacy.
  • Supabase: Stores trial, subscription, and usage data in a secure database (West US, North California). See Supabase’s Privacy Policy at https://supabase.com/privacy.
  • Ably: Sends real-time notifications for changes in subscription or license status. See Ably’s Privacy Policy at https://ably.com/privacy.
  • PostHog: Analyzes anonymized command usage to improve the Service. See PostHog’s Privacy Policy at https://posthog.com/privacy.
  • GitHub: Hosts our API endpoints. See GitHub’s Privacy Policy at https://docs.github.com/en/site-policy/privacy-policies.
  • Chrome Web Store / Firefox Add-ons: Distributes the extension and may collect data for account management. See their respective privacy policies.
    We do not sell or share your personal information for marketing purposes.

4. Data Storage and Security

  • Your data is stored in Supabase’s secure database in West US (North California).
  • We implement the following security measures:
    • HTTPS for all API requests.
    • Row Level Security (RLS) in Supabase to control data access.
    • CSRF protection and rate limiting to prevent abuse.
    • Data validation and JWT tokens for secure WebSocket connections.
    • Secure storage in browser’s local storage API.
    • Error boundaries to prevent data leaks.
      While we take reasonable measures to protect your data, no system is completely secure, and we cannot guarantee absolute security.

5. Cookies and Tracking

  • Our website uses Google Analytics, which may set cookies to collect anonymized data about your browsing behavior (e.g., pages visited, device type).
  • You can manage cookie preferences through our cookie consent tool (displayed on your first visit). You may disable cookies, but this may affect website functionality.
  • The WPCommand extension does not use cookies but collects usage statistics via Supabase and PostHog, as described above.

6. Your Data Protection Rights

Depending on your location (e.g., EU under GDPR), you may have the following rights:

  • Access: Request a copy of your personal data (e.g., as a CSV file).
  • Deletion: Request removal of your personal data.
  • Correction: Request correction of inaccurate data.
    To exercise these rights, contact us at support@wpcommand.io. We will respond within 30 days and verify your identity (e.g., matching your email to our records) before processing your request.

7. Data Retention

  • Trial data is retained until the trial ends or you request deletion.
  • Subscription and usage data is retained for the duration of your subscription and up to 30 days after cancellation, unless you request deletion.
  • Anonymized usage statistics may be retained indefinitely for product improvement.

8. Third-Party Links

Our website or Service may contain links to third-party sites (e.g., Paddle, Supabase). We are not responsible for their privacy practices. Please review their policies.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email (using Resend) at least 30 days in advance. Continued use of the Service or website after changes constitutes acceptance of the updated policy.

10. Contact Us

For questions about this Privacy Policy or your data, contact us at: By using WPCommand or visiting our website, you acknowledge that you have read, understood, and agree to this Privacy Policy.