WPLinker
Home Features Pricing
Get Started
Return Back Home

Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains how DOWNTIMESCOUT LTD., a company registered in England and Wales with registered office at 128 City Road, London, United Kingdom, EC1V 2NX (WPLinker, we, us, or our) collects, uses, stores, shares, and protects personal data when you visit our website, create an account, use WPLinker, operate storefronts, interact with storefronts, contact support, or communicate with us.

WPLinker is a white-label publishing storefront and WordPress automation platform for sellers of guest posts, backlinks, and related publishing services.

1. Roles under data protection law

For personal data relating to WPLinker account holders, administrators, subscription billing, platform security, product analytics, support, marketing, and our own business operations, DOWNTIMESCOUT LTD. is generally the data controller.

For personal data that sellers collect from their storefront customers through WPLinker-powered storefronts, the seller is generally the data controller and WPLinker acts as a processor or service provider on behalf of that seller, except where we process data for our own legal, security, billing, abuse prevention, or operational purposes.

If you are a storefront customer, the seller operating the storefront is responsible for the commercial relationship with you, including the service you order, publication decisions, payment terms, invoice details, refunds, and seller-specific privacy notices.

2. Personal data we collect

We may collect and process the following categories of personal data depending on how WPLinker is used:

  • Account data: name, email address, password hash, email verification status, role, account settings, two-factor authentication status, onboarding status, and subscription status.
  • Google Sign-In data: if you choose to register or log in with Google, we may receive and store your Google account identifier, name, email address, email verification status, profile image/avatar, OAuth access token, refresh token where provided, token expiry, and the basic profile data returned by Google for authentication.
  • Profile and billing data: first name, last name, company name, VAT number, country, city, postcode, address, phone numbers, billing preferences, and invoice-related information.
  • Subscription and payment data: plan, billing cycle, payment provider references, payment status, transaction history, invoice numbers, renewal dates, cancellation status, and payment event logs. Full card data is handled by payment providers and is not stored by WPLinker.
  • Storefront and seller configuration data: domains, branding, logos, colours, SEO settings, company information, payment method settings, bank transfer details, invoice settings, services, prices, currencies, coupons, websites, WordPress categories, authors, and publishing preferences.
  • Storefront customer data: buyer name, email, phone, private or company billing data, country, address, order details, uploaded content, article titles, article content, keywords, categories, images, backlink details, publish dates, invoices, payments, and customer account activity.
  • Website and WordPress connection data: website URLs, admin URLs, connection tokens, plugin status, health checks, categories, authors, publishing logs, error messages, and API responses needed to provide the service.
  • Support, marketing, and communication data: support ticket content, feature requests, attachments, replies, email logs, template test emails, marketing inquiry data, abuse reports, contact form submissions, and communication preferences.
  • Technical and usage data: IP address, browser, device type, user agent, session identifiers, authentication events, security logs, activity logs, page interactions, diagnostics, error logs, and approximate location derived from IP data.

3. How we collect data

We collect data directly from you when you register, subscribe, complete onboarding, update your profile, create storefronts, configure websites, create services, submit support tickets, contact us, or use forms. We also collect data automatically from your browser, device, connected WordPress websites, payment providers, email systems, CAPTCHA providers, and other integrations necessary to operate WPLinker.

Storefront customer data may be collected through seller storefronts powered by WPLinker and processed on behalf of the seller operating that storefront.

Google user data and Google Sign-In

WPLinker offers Google Sign-In so users can create an account or log in using their Google account. When you choose Google Sign-In, WPLinker requests access only to the Google user data needed for authentication and account management, such as your Google account ID, name, email address, email verification status, profile image/avatar, OAuth token information, and basic profile information returned by Google.

WPLinker uses Google user data only to authenticate you, create or link your WPLinker account, verify your email address where applicable, display basic account identity information, protect account security, prevent duplicate or fraudulent account creation, and maintain login/session records. We do not use Google user data for advertising, surveillance, unrelated analytics, credit decisions, or training artificial intelligence models.

WPLinker does not request access to Gmail, Google Drive, Google Calendar, Google Contacts, Google Photos, YouTube account content, Google Docs, spreadsheets, files, messages, attachments, or other Google Workspace content. If WPLinker ever adds a feature requiring additional Google API scopes, we will update this Privacy Policy and request user consent before accessing that additional Google user data.

Google user data is shared only with service providers that help us operate WPLinker, such as hosting, database, security, logging, authentication, email, and support providers, and only as necessary to provide, secure, troubleshoot, or comply with legal obligations relating to the service. We do not sell Google user data and we do not share it with advertisers or data brokers.

Google user data is stored with account records in systems protected by reasonable technical and organisational safeguards, including encrypted transport, access controls, role-based administration, logging, backups, and credential protection practices. OAuth client secrets are kept confidential, and access to stored authentication data is limited to authorised personnel and systems with a legitimate operational need.

Google user data is retained while your WPLinker account remains active and for a reasonable period afterwards where necessary for security, fraud prevention, legal, accounting, backup, or dispute-resolution purposes. You may request deletion of your WPLinker account or personal data through your account deletion settings or by contacting us through the contact page. Deletion of Google-linked account data may be limited where retention is legally required or necessary for legitimate security, billing, fraud prevention, or dispute-resolution purposes.

WPLinker's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Purposes for processing

We process personal data for the following purposes:

  • to create, secure, verify, and manage user accounts;
  • to provide subscriptions, billing, invoices, renewals, and payment confirmations;
  • to operate white-label storefronts, checkout flows, buyer accounts, orders, coupons, and invoices;
  • to connect WordPress websites, sync categories and authors, process publishing queues, and manage backlink placements;
  • to send transactional emails, including verification, password reset, subscription, order, payment, invoice, and publishing notifications;
  • to provide support, investigate issues, respond to feature requests, and manage abuse reports;
  • to provide marketing integrations requested by sellers, including contact list synchronisation;
  • to monitor performance, diagnose errors, prevent fraud, protect security, and enforce our Terms;
  • to comply with legal, accounting, tax, regulatory, and dispute-resolution obligations;
  • to improve WPLinker, develop features, and understand product usage.

5. Legal bases for processing

Where UK GDPR, EU GDPR, or similar laws apply, we rely on one or more of the following legal bases: performance of a contract, legitimate interests, consent, compliance with legal obligations, and, where applicable, establishment, exercise, or defence of legal claims.

Our legitimate interests include operating and improving WPLinker, securing accounts, preventing abuse, supporting customers, maintaining accurate business records, communicating about service matters, and protecting our platform and users.

6. Payments and financial information

WPLinker uses third-party payment providers such as Stripe and PayPal to process subscription payments and may enable sellers to configure payment methods for their storefronts. Payment providers process payment details according to their own terms and privacy policies. WPLinker stores payment references, statuses, invoices, transaction records, and event logs needed to operate subscriptions, storefronts, and accounting workflows.

We do not intentionally store full credit card numbers or complete card security codes on our servers.

7. Storefront customer data

When a buyer orders through a WPLinker-powered storefront, WPLinker processes that buyer's data to provide the checkout, order, invoice, payment, customer portal, and publishing workflow requested by the seller. The seller determines the services offered, the storefront configuration, the purpose of processing buyer data, and the legal basis for seller communications.

Sellers must ensure they have appropriate notices, consents, lawful bases, and contractual rights to process storefront customer data through WPLinker.

8. Marketing integrations

If a seller activates marketing integrations, such as GiantCampaign, WPLinker may transmit storefront customer contact details to the selected marketing list at the seller's direction. Sellers are responsible for ensuring they have the right to send marketing communications, import existing contacts, and comply with unsubscribe, consent, and anti-spam rules.

WPLinker may maintain import history and logs to help sellers understand which contacts were synced and to reduce duplicate imports.

9. Cookies, CAPTCHA, analytics, and similar technologies

We may use cookies, session storage, local storage, CAPTCHA services, security tools, analytics, and similar technologies to operate login sessions, remember preferences, protect forms from abuse, measure product usage, improve performance, and secure the platform.

Public WPLinker forms may use Cloudflare Turnstile. Storefront forms on customer domains may use hCaptcha or another suitable anti-abuse provider. These providers may process technical data such as IP address, browser information, device data, and challenge results according to their own privacy terms.

10. Sharing personal data

We may share personal data with:

  • hosting, infrastructure, database, storage, backup, and monitoring providers;
  • payment processors and financial service providers;
  • email, notification, and communication providers;
  • CAPTCHA, security, fraud prevention, and abuse monitoring providers;
  • analytics, logging, and diagnostics providers;
  • marketing platforms activated by sellers;
  • WordPress websites and plugins connected by sellers;
  • professional advisers, insurers, auditors, accountants, and legal advisers;
  • law enforcement, regulators, courts, public authorities, or third parties where required by law or necessary to protect rights, safety, or security;
  • successors or potential successors in connection with a merger, acquisition, financing, restructuring, or sale of business assets.

We do not sell personal data in the ordinary sense of exchanging it for money.

11. International transfers

WPLinker may process and store data in countries outside your country of residence, including countries that may not provide the same level of data protection. Where required, we use appropriate safeguards such as contractual protections, data processing agreements, and transfer mechanisms recognised by applicable law.

12. Data retention

We retain personal data for as long as reasonably necessary to provide WPLinker, maintain accounts, comply with legal and accounting obligations, resolve disputes, enforce agreements, protect security, and maintain legitimate business records.

Typical retention periods vary by data type. Account and subscription records may be retained while the account is active and for a reasonable period afterwards. Invoices, transactions, tax, and accounting records may be retained for legally required periods. Security, activity, diagnostic, and email logs may be retained for a limited period unless needed for investigation or compliance. Backups may persist for a limited period before rotation or deletion.

13. Security

We use reasonable technical and organisational measures designed to protect personal data, including access controls, authentication mechanisms, encrypted transport, role-based administration, logging, backups, and security monitoring. No system can be guaranteed completely secure, and you are responsible for using strong passwords, protecting credentials, enabling security features where appropriate, and securing connected WordPress websites.

14. Your rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to processing, request portability of your personal data, withdraw consent, or complain to a supervisory authority.

If you are a WPLinker account holder, many account and billing details can be reviewed or updated inside your settings. If you are a storefront customer, you may need to contact the seller operating the storefront for requests relating to your buyer order, invoice, or publication relationship. We will assist sellers with reasonable data protection requests where required.

15. Account deletion and export

WPLinker may provide account export and deletion request tools. Deletion may be delayed or limited where retention is necessary for legal, tax, accounting, security, fraud prevention, dispute-resolution, backup, or legitimate business reasons. Deleting an account may affect storefronts, websites, services, customer records, orders, invoices, publishing logs, and other related platform data.

16. Children's privacy

WPLinker is intended for business users and is not directed to children. You must not use WPLinker if you are under 18 years old. We do not knowingly collect personal data from children.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our platform, legal requirements, business operations, or data practices. If changes are material, we will take reasonable steps to notify users, for example by email, dashboard notice, or website notice.

18. Contact

Questions, requests, or concerns about this Privacy Policy or personal data may be sent through our contact page or by writing to DOWNTIMESCOUT LTD., 128 City Road, London, United Kingdom, EC1V 2NX.