Effective Date: 20 February 2026 | Last Updated: 20 February 2026
Contents
- Who We Are
- What Information We Collect
- How We Use Your Information
- Legal Basis for Processing (GDPR)
- Cookies and Tracking Technologies
- Who We Share Your Data With
- International Data Transfers
- Data Retention
- Your Rights
- GDPR-Specific Rights (EEA/UK Residents)
- California Privacy Rights (CCPA/CPRA)
- Data Security
- Children’s Privacy
- Third-Party Links
- Easy Social Proof Plugin – Data Handling
- Changes to This Policy
- Contact Us
1. Who We Are
Easy Social Proof (“we”, “us”, “our”) operates the website easysocialproof.io and develops the Easy Social Proof Pro WordPress plugin. We are a UK-based business.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), we are the data controller for personal data collected through this website. For personal data processed by the Easy Social Proof plugin on our customers’ WordPress sites, the site owner is the data controller and we act as a data processor.
Data Controller Contact:
Easy Social Proof
Email: privacy@easysocialproof.io
2. What Information We Collect
2.1 Information You Provide Directly
- Account and purchase information: Name, email address, billing address, and payment details when you purchase Easy Social Proof Pro or create an account.
- Support and communication: Name, email address, and any information you include in support requests, contact forms, or correspondence.
- Licence management: Email address and site URL(s) associated with your plugin licence.
2.2 Information Collected Automatically
- Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution.
- Usage data: Pages visited, time spent on pages, referring URL, click patterns, and navigation paths.
- Cookie and similar data: See Section 5 (Cookies) for full details.
2.3 Information from Third Parties
- Payment processors: We receive confirmation of payment, transaction IDs, and partial payment details (e.g. last four digits of a card) from our payment provider. We do not store full credit card numbers.
- Analytics providers: Aggregated and anonymised usage statistics.
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Processing purchases and managing licences | Name, email, billing address, payment data, site URL |
| Providing customer support | Name, email, support correspondence |
| Delivering plugin updates and security patches | Email, licence key, site URL |
| Sending transactional emails (receipts, licence info, renewal notices) | Name, email |
| Sending marketing communications (with your consent) | Name, email |
| Improving our website and products | Usage data, device data |
| Preventing fraud and ensuring security | IP address, device data, payment data |
| Complying with legal obligations | As required by applicable law |
4. Legal Basis for Processing (GDPR)
Under the UK GDPR and EU GDPR, we rely on the following lawful bases to process your personal data:
| Lawful Basis | When It Applies |
|---|---|
| Contract performance (Art. 6(1)(b)) | Processing purchases, delivering the plugin, managing licences, providing support, and sending transactional communications. |
| Legitimate interests (Art. 6(1)(f)) | Improving our website and products, analytics, fraud prevention, and business administration. Our legitimate interests do not override your fundamental rights and freedoms. |
| Consent (Art. 6(1)(a)) | Sending marketing emails, setting non-essential cookies. You may withdraw consent at any time. |
| Legal obligation (Art. 6(1)(c)) | Tax record-keeping, responding to lawful requests from authorities, and compliance with applicable regulations. |
5. Cookies and Tracking Technologies
5.1 What Are Cookies
Cookies are small text files placed on your device when you visit our website. They help us recognise your browser, remember your preferences, and understand how you use our site.
5.2 Types of Cookies We Use
| Category | Purpose | Consent Required |
|---|---|---|
| Strictly necessary | Essential for the website to function (e.g. session management, shopping cart, security tokens). | No |
| Functional | Remember your preferences and settings to enhance your experience. | Yes |
| Analytics | Help us understand how visitors interact with our website (e.g. page views, traffic sources). | Yes |
| Marketing | Used to deliver relevant advertisements and measure campaign effectiveness. | Yes |
5.3 Managing Cookies
When you first visit our website, we will present a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your preferences at any time by clicking the cookie settings link in our website footer. You can also control cookies through your browser settings.
6. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share your information only with the following categories of recipients, and only to the extent necessary:
- Payment processors (e.g. Stripe) – to process transactions securely. These providers are PCI DSS compliant.
- Email service providers – to deliver transactional and, where consented to, marketing emails.
- Analytics providers – to help us understand website usage (data is anonymised or pseudonymised where possible).
- Hosting providers – to serve our website and store data securely.
- Professional advisers – accountants, lawyers, or auditors where necessary for business operations.
- Law enforcement or regulators – only where we are legally required to do so.
All third-party service providers are bound by data processing agreements and are required to process your data only on our instructions and in accordance with applicable data protection laws.
7. International Data Transfers
As we serve customers globally, your data may be transferred to and processed in countries outside the UK and the European Economic Area (EEA), including the United States.
Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Adequacy decisions – transferring to countries the UK or EU has deemed to provide adequate data protection.
- Standard Contractual Clauses (SCCs) – approved by the European Commission and/or the UK Information Commissioner’s Office (ICO).
- UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, where applicable.
You may request a copy of the relevant safeguards by contacting us at privacy@easysocialproof.io.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- Account and licence data: For the duration of your account/licence and up to 12 months after expiry or cancellation, unless you request earlier deletion.
- Purchase and transaction records: Up to 7 years to comply with UK tax and accounting obligations.
- Support correspondence: Up to 24 months after the last interaction.
- Marketing consent records: For as long as consent is active, plus 12 months after withdrawal for record-keeping purposes.
- Analytics data: Anonymised data may be retained indefinitely. Identifiable analytics data is retained for no longer than 26 months.
When data is no longer needed, it is securely deleted or anonymised.
9. Your Rights
Regardless of where you are located, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Withdraw consent at any time where we rely on consent as a lawful basis.
- Unsubscribe from marketing emails via the link in any email or by contacting us.
10. GDPR-Specific Rights (EEA and UK Residents)
If you are located in the European Economic Area or the United Kingdom, you have additional rights under the GDPR:
- Right of access (Art. 15) – Obtain a copy of your personal data and information about how it is processed.
- Right to rectification (Art. 16) – Have inaccurate personal data corrected without undue delay.
- Right to erasure (“right to be forgotten”) (Art. 17) – Request deletion of your personal data where there is no compelling reason for continued processing.
- Right to restriction of processing (Art. 18) – Request that we limit how we use your data in certain circumstances.
- Right to data portability (Art. 20) – Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Right to object (Art. 21) – Object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds.
- Rights relating to automated decision-making (Art. 22) – We do not currently make decisions based solely on automated processing that produce legal effects concerning you.
To exercise any of these rights, please email privacy@easysocialproof.io. We will respond within one calendar month of receiving your request, as required by law. We may request verification of your identity before processing your request.
Right to complain: If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with your local supervisory authority. For UK residents, this is the Information Commissioner’s Office (ICO).
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information:
- Right to know what personal information we collect, use, disclose, and sell or share.
- Right to delete personal information we hold about you, subject to certain exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA/CPRA.
- Right to non-discrimination for exercising your privacy rights.
- Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes beyond what is necessary to provide our services.
To exercise your California privacy rights, please email privacy@easysocialproof.io. We will verify your identity before processing any request and respond within 45 days.
12. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:
- Encryption of data in transit using TLS/SSL (HTTPS).
- Encryption of sensitive data at rest.
- Regular security updates and vulnerability monitoring.
- Access controls limiting who within our organisation can access personal data.
- Secure payment processing through PCI DSS-compliant providers (we never store full card details).
- Regular backups with secure, encrypted storage.
While we strive to protect your data, no method of transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.
13. Children’s Privacy
Our website and products are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@easysocialproof.io and we will promptly delete it.
14. Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policy of any website you visit.
15. Easy Social Proof Plugin – Data Handling
This section explains how data is handled by the Easy Social Proof Pro WordPress plugin installed on our customers’ websites.
15.1 Role Distinction
When the Easy Social Proof Pro plugin is installed on a customer’s WordPress website, the website owner is the data controller for any data collected through the plugin on their site. We (Easy Social Proof) act as a data processor only to the extent that any data is transmitted to our servers (e.g. for licence validation or analytics).
15.2 Data Collected by the Plugin
- Licence validation: The plugin communicates with our servers to validate licence keys. This transmits the site URL and licence key only.
- Social proof notifications: The plugin displays social proof notifications (e.g. recent purchases, sign-ups) on the customer’s website. The data used to generate these notifications is sourced from the customer’s own WordPress database (e.g. WooCommerce orders) and is not transmitted to our servers.
- Plugin analytics (optional): If enabled by the site owner, the plugin may collect anonymised usage statistics (e.g. notification impressions, clicks) to help optimise performance. This data contains no personally identifiable information.
15.3 Recommendations for Plugin Users
If you are a website owner using Easy Social Proof Pro, we recommend that you:
- Update your own website’s privacy policy to disclose the use of social proof notifications.
- Ensure that any personal data displayed in notifications (e.g. customer first names, locations) complies with your own privacy obligations and lawful basis for processing.
- Configure the plugin’s anonymisation settings to minimise the display of personal data where appropriate.
16. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page.
- Notify you by email (if you have an account) or by a prominent notice on our website.
We encourage you to review this policy periodically. Your continued use of our website or products after changes are posted constitutes your acceptance of the revised policy.
17. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we handle your data, please contact us:
Easy Social Proof
Email: privacy@easysocialproof.io
Website: easysocialproof.io
We aim to respond to all enquiries within 48 hours, and to all formal data protection requests within one calendar month.
© 2026 Easy Social Proof. All rights reserved. This privacy policy was last reviewed on 20 February 2026.