/ Legal

Privacy Policy

Last updated: April 25, 2026

1. Data Controller

The data controller for personal data processed through this website and the Webhook Actions licensing service is:

Web Chicken Mateusz Skorupa (operating under the brand “Flow Systems”), Poland

For privacy-related inquiries: [email protected]

2. Data We Collect

Account & billing data

  • Name and email address (provided at checkout)
  • Billing details — processed and tokenized by Stripe; we do not store full card numbers
  • License key, activated site URLs, and activation timestamps

Usage data

  • Website analytics (page views, referrers) — collected via cookies if analytics are enabled
  • The plugin itself does not send any data back to our servers; activation checks communicate only the license key and site URL

3. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)) — processing your name, email, billing data, and license activations is necessary to deliver the service you purchased.
  • Legitimate interest (Art. 6(1)(f)) — fraud prevention, license abuse detection, and improving the service.
  • Consent (Art. 6(1)(a)) — analytics cookies, where applicable. You may withdraw consent at any time via browser settings.
  • Legal obligation (Art. 6(1)(c)) — retention of billing records for tax and accounting purposes under Polish law.

4. How We Use Your Data

  • Deliver and maintain the Pro licensing service
  • Process payments and issue receipts via Stripe
  • Send transactional emails (license keys, renewal notices, support replies)
  • Validate license activations from WordPress sites
  • Provide customer support

We do not use your data for advertising, profiling, or sale to third parties.

5. Payments & Stripe

Payments are processed by Stripe, Inc. (United States). Stripe acts as a data processor under our agreement and independently as a data controller for fraud-prevention purposes. We do not store full payment card details.

See Stripe's privacy policy: stripe.com/privacy

Data transfers to Stripe in the US are governed by Standard Contractual Clauses (SCCs) in accordance with GDPR Chapter V.

6. Cookies

We may use cookies for analytics to understand how visitors use our website. No advertising or tracking cookies are used. You can disable cookies at any time via your browser settings — this will not affect your ability to use the plugin or licensing service.

7. Data Sharing

We do not sell your personal data. Data is shared only with:

  • Stripe — payment processing
  • Email service providers — for transactional emails (license keys, support)

All processors are bound by data processing agreements and are required to protect your data in accordance with GDPR.

8. Data Retention

  • Subscription & license data — retained for the duration of your subscription plus 5 years, as required by Polish accounting and tax regulations.
  • Support correspondence — retained for 2 years after the last contact.
  • Analytics data — aggregated only; no personal identifiers are retained beyond the session.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access — request a copy of personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data ("right to be forgotten"), subject to legal retention obligations
  • Right to restriction — request that we limit how we process your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact: [email protected]. We will respond within 30 days.

10. International Data Transfers

Your data may be processed by Stripe, Inc. in the United States. Such transfers are carried out under Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring an equivalent level of protection to that provided within the EEA.

11. Data Security

We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. However, no transmission over the internet can be guaranteed to be completely secure.

12. No Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

13. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Polish supervisory authority:

Urząd Ochrony Danych Osobowych (UODO)

ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland

uodo.gov.pl

You may also contact the supervisory authority in your country of residence within the EU.

14. Contact

For privacy-related questions or to exercise your rights: [email protected]