Last updated: May 15, 2026
Afflyr ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website at afflyr.com ("Site") or use the Afflyr WordPress plugin ("Plugin"). It also describes our compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other applicable privacy laws.
1.1 Through the Site (afflyr.com)
When you visit our Site or make a purchase, we may collect:
1.2 Through the Plugin
The Afflyr plugin operates entirely within your own WordPress installation. We do not have access to, collect, or store any data from your website or your affiliates. Specifically:
The Plugin includes the Freemius SDK, which may collect limited technical data for license validation and update delivery:
This data is sent to Freemius, not to Afflyr. See the Freemius Privacy Policy for details. You can opt out of non-essential data collection during plugin activation.
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Email, name | Deliver your license key, provide support, send important product updates | Contract performance |
| Payment details | Process your purchase (via Freemius) | Contract performance |
| Usage data | Improve the Site, understand visitor behavior, diagnose technical issues | Legitimate interest |
| Support messages | Respond to your inquiries and resolve issues | Contract performance |
| Plugin technical data | License validation, deliver updates, compatibility tracking (via Freemius SDK) | Legitimate interest / Consent |
| Marketing emails (product announcements, tips) | Send occasional product news to existing customers; unsubscribe anytime via the link in every email | Legitimate interest / Consent |
| Refer & Earn data | Attribute referrals, calculate credits/payouts, prevent fraud | Contract performance |
We do not sell, rent, or trade your personal information. We share data only with the following sub-processors, each of which is contractually bound to protect your data:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Freemius, Inc. | Licensing, billing, customer accounts, plugin distribution, affiliate program management | United States |
| Stripe, Inc. | Payment processing (via Freemius) | United States |
| PayPal, Inc. | Payment processing and payouts (via Freemius) | United States |
| Bluehost / EIG | Web hosting for afflyr.com | United States |
| Cloudflare, Inc. | Content delivery network, DDoS protection, edge security | United States (global edge) |
We may also disclose information to law enforcement, regulators, or in response to valid legal process (subpoena, court order, etc.) where we believe in good faith that disclosure is required by law.
4.1 On the Site (afflyr.com) — we use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
fp_ref | Records the slug of the affiliate who referred you so we can credit them if you subscribe (Refer & Earn program) | 60 days |
afflyr_purchased | Granted after a successful purchase to unlock the post-purchase download & setup page (/welcome/) | 24 hours |
| WordPress session cookies | Login session, comment forms, security tokens | Session — 14 days |
| Analytics cookies (if enabled) | Aggregate visitor counts and page popularity | Up to 26 months |
No third-party advertising or cross-site tracking cookies are used. We do not participate in advertising networks.
4.2 In the Plugin — the Plugin sets a first-party cookie (afflyr_ref) on your customers' browsers to track affiliate referrals on your store:
Note for Plugin Customers: You are responsible for disclosing the use of this cookie in your own site's cookie/privacy policy if required by applicable law (e.g., GDPR, ePrivacy Directive, UK PECR).
We implement reasonable technical and organizational measures to protect your information, including:
No method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify affected users and supervisory authorities of a personal-data breach within 72 hours of discovery where required by law.
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, you have the right to:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or 45 days where permitted with notice).
If you are a California resident, you have the right to:
To exercise these rights, email [email protected] with the subject line "California Privacy Request." We will verify your identity before responding. Authorized agents may submit requests on your behalf with written authorization.
California "Shine the Light" Law: California residents may request information about disclosures of personal information to third parties for direct-marketing purposes. We do not disclose personal information to third parties for their direct-marketing purposes.
For Site visitors and Refer & Earn affiliates: Afflyr is the data controller of personal information you provide to us directly.
For Plugin customers: When you use the Plugin on your WordPress site, you are the data controller for the personal information you collect about your own affiliates, customers, and visitors. Afflyr is not a processor of that data — we never receive, see, or store it. You are solely responsible for compliance with applicable law regarding personal data on your site, including providing a privacy policy, securing consent for cookies where required, honoring data-subject rights, and disclosing data sharing with your affiliates.
Your data may be processed in the United States or other countries where our service providers operate. Where data is transferred from the EEA, UK, or Switzerland to the United States, we and our sub-processors rely on Standard Contractual Clauses (SCCs), the EU-U.S. Data Privacy Framework where applicable, or other lawful transfer mechanisms. By using the Service, you understand that your information may be transferred to and processed in jurisdictions with different data-protection laws than your country of residence.
If you are an Afflyr customer, we may send you occasional product news, feature announcements, and educational content based on legitimate interest. Every marketing email contains a one-click unsubscribe link. You can also unsubscribe at any time by emailing [email protected]. Transactional emails (license keys, billing, support replies, security notices) are not subject to opt-out as long as you have an active account or subscription with us.
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you. License validation and payment fraud screening involve automated systems but always include human review when a decision adversely affects your account.
Some browsers send a "Do Not Track" (DNT) signal. There is no industry consensus on how DNT signals should be honored, and we do not currently respond to them. We do not engage in cross-site tracking regardless of DNT signal status.
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. Parents or guardians may contact us at [email protected] to request deletion of a child's data.
The Site may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any third-party sites you visit.
We may update this Privacy Policy from time to time. Material changes will be communicated via email to active customers or a prominent notice on the Site, with at least 30 days' advance notice where required. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
For privacy-related questions, data-subject requests, or to exercise any of the rights described above, contact us at: