Privacy Policy

WCPOS ("we", "us") operates wcpos.com, the website for the WooCommerce POS plugin and WCPOS Pro. This policy explains what personal data we collect when you use the site, why we collect it, who processes it on our behalf, and what rights you have over it. We aim to collect as little as we need to run the service.

What we collect

• Account information. Your email address and name when you create an account, either directly or by signing in with Google or GitHub. When you use a sign-in provider, we receive only your basic profile (email and name) from that provider.
• Billing details. The billing address and any company details you enter at checkout, stored with your customer record so we can issue receipts and comply with tax rules.
• Order and license history. Records of your purchases, license keys, and plugin downloads, so you can manage your licenses and we can provide support.
• Payment information. Payments are handled by Stripe and PayPal. Your full card number or payment credentials never reach our servers; we receive only a payment confirmation and the details needed for the receipt.
• Usage analytics. We use PostHog to understand how the site is used (pages viewed, buttons clicked). To do this, we set a cookie containing a randomly generated identifier. It does not contain your name or email.
• Error reports. If something breaks, an error report may be sent to Sentry. Reports can include technical details such as your browser and operating system and what the application was doing at the time of the error.
• Server logs. Our servers keep application logs (in Grafana Loki) for debugging and operating the service.

Cookies

We use a small number of first-party cookies. We do not use third-party advertising cookies.

• medusa-token — keeps you signed in to your account. Expires after 1 day.
• wcpos-analytics-consent — remembers your analytics consent choice (accepted or declined). Expires after 182 days.
• wcpos-distinct-id — a random identifier used for analytics. Only set after you accept analytics on the consent banner; removed if you decline. Expires after 1 year.
• NEXT_LOCALE — remembers your language preference.
• Your light/dark theme preference is stored locally in your browser and is never sent to us.

Who processes your data

We use the following service providers to run wcpos.com. Each receives only the data needed for its role:

• Our commerce backend (Medusa) — self-hosted on Hetzner infrastructure in the EU. Stores accounts, customer records, and orders.
• Stripe — card payment processing.
• PayPal — PayPal payment processing.
• Keygen — software license management (license keys and activations).
• PostHog — product analytics.
• Sentry — error monitoring.
• Vercel — website hosting and content delivery.

How long we keep data

• Account and license data is kept while your account is active. If you ask us to delete your account, we delete it, except where we are legally required to keep records.
• Order and invoice records are kept for as long as tax and accounting laws require.
• The analytics identifier cookie expires after 1 year.
• Server logs and error reports are kept for a limited operational window and then deleted.

Your rights

If you are in the EU/EEA or UK, you have rights under the GDPR, including the right to access, correct, delete, and export your personal data, and to object to or restrict certain processing. We extend the same rights to all users regardless of location.

To exercise any of these rights, email us at support@wcpos.com so we can verify your identity privately. EU/EEA residents also have the right to lodge a complaint with their local data protection authority.

Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page. Continued use of the site after a change means the updated policy applies.

Contact

Questions about this policy or your data? Email us at support@wcpos.com or ask general questions in the community chat on the support page.