A green shield icon with a checkmark inside sits to the left of the words “WP Smart Consent” in light gray text on a white background. The overall design appears clean and modern, suggesting trust and security.
Nahnu Plugins A product by Nahnu Plugins
Legal

Privacy Policy

Last updated April 14, 2026-Effective April 14, 2026

This policy explains what data we collect, why we collect it, and what we do with it when you visit wpsmartconsent.com or use the WP Smart Consent plugin. Plain English first, legal language where required.

A Note Before You Read

The WP Smart Consent plugin is fully self-hosted. It runs entirely on your own WordPress server. We do not receive, store, route, intercept, or otherwise process any data collected by the Plugin on your Site — including opt-in records, visitor information, email addresses, or any data the Plugin forwards to your third-party CRMs.

This Privacy Policy describes only the data we collect from you, the customer, in connection with your purchase and use of our Website and Services. It does not apply to data your visitors submit to your WordPress site through the Plugin. For that, you are the data controller, and your own Privacy Policy governs.

1. Who We Are

This Privacy Policy (“Policy“) is issued by Nahnu Fitness LLC, a Washington State limited liability company (“Company,” “we,” “us,” or “our“), the operator of the WP Smart Consent plugin (the “Plugin“), the website located at wpsmartconsent.com (the “Website“), and the related support, licensing, and update services (collectively with the Website and Plugin, the “Services“).

This Policy explains what personal information we collect from you when you visit the Website, purchase or use a Plugin license, contact our support team, or subscribe to our newsletter; how we use that information; with whom we share it; and the rights you have over it.

For purposes of the European General Data Protection Regulation (“GDPR“) and the United Kingdom Data Protection Act, Nahnu Fitness LLC is the data controller of the personal information described in this Policy.

2. The Plugin Is Self-Hosted  (What That Means for Your Data)

When you install WP Smart Consent on your WordPress site and a visitor opts in to your mailing list or completes a checkout with the consent checkbox:

  • The opt-in is recorded in a database table on your WordPress server;
  • The subscriber’s email is forwarded directly from your server to your chosen CRM (e.g., Mailchimp, FluentCRM, your webhook) using that CRM’s official API;
  • No data passes through any server controlled by Nahnu Fitness LLC.

We have no technical ability to see, access, intercept, or export the data your Plugin collects. We do not operate a proxy, a relay, a cloud database, or any intermediary service between your WordPress site and your CRMs.

For this reason:

  • We are not a data processor within the meaning of GDPR Article 4(8), CCPA, or equivalent privacy regulations with respect to the data your Plugin handles;
  • No Data Processing Agreement (DPA) is necessary or applicable between you and us regarding Plugin data;
  • You are the sole data controller for data collected through your Plugin installation, and you alone are responsible for complying with privacy laws applicable to that data.

3. Information We Collect About You

We collect the following categories of personal information about you, the customer:

3.1. Information You Provide Directly

Account and licensing information:

  • Full name
  • Email address
  • Billing address (street, city, state, ZIP, country)
  • Company or organization name (if provided)
  • License activation data — the domain names of Sites where you activate the Plugin, the WordPress version, and the Plugin version (collected automatically by the license validation system)

Purchase information:

  • Products purchased (Single, Plus, Studio, Agency, or Lifetime License)
  • Purchase date, amount, and currency
  • Order history and license renewal history

Full payment card details are not stored by us. They are handled entirely by SureCart and Stripe — see Section 6.

Support and communication information:

  • Your name and email when you submit a contact form at wpsmartconsent.com/support
  • The content of support tickets, including any message, screenshots, site URL, and plugin version you voluntarily include
  • Any email correspondence between you and our support or billing team

Newsletter subscription information:

  • Your email address if you voluntarily subscribe to our newsletter
  • Any subscription preferences you set
  • Your opt-in timestamp and IP address at the time of subscription (for CAN-SPAM and GDPR compliance record-keeping)

3.2. Information Collected Automatically

Plugin license validation: When the Plugin is activated on your Site, it contacts our licensing system (operated through SureCart) to validate that your License is active. The license check transmits:

  • The domain name of the activating Site
  • The Plugin version
  • The WordPress version

The Plugin does not transmit any visitor data, subscriber data, opt-in logs, or site content. The license check is limited to the fields listed above and is used solely to enforce your License terms (active status, site allowance, support entitlement).

Website visit information: We use privacy-friendly, cookie-less analytics on wpsmartconsent.com (Plausible, Fathom, or an equivalent tool). These analytics collect aggregate, anonymous statistics about visits, such as:

  • Pages viewed
  • Referring website
  • Country (derived from IP but not stored in identifiable form)
  • Browser and device type
  • Visit duration

We do not use Google Analytics, Facebook Pixel, or any advertising-tracker on the Website. We do not set tracking cookies in your browser to follow you across websites. See our Cookie Policy for full details.

Server logs: Our web server and Content Delivery Network automatically log standard HTTP request information, including IP address, user agent, request timestamp, and referring URL. These logs are used for security, abuse prevention, and basic diagnostics, and are typically retained for 30 days.

3.3. Information from Third Parties

Payment processors: SureCart and Stripe provide us with information necessary to fulfill your order and manage your License — for example, your name, email, billing address, the last four digits of your payment card, and payment status. We do not receive your full card number, CVV, or bank account details.

4. How We Use Your Information

We use your personal information for the following purposes:

  1. Fulfill your purchase — issue License keys, activate Licenses, grant access to updates
  2. Provide support — answer your questions, troubleshoot issues, process bug reports
  3. Send transactional communications — receipts, License activation confirmations, renewal reminders, security alerts, changes to these Terms or this Policy
  4. Send marketing communicationsonly if you have subscribed to our newsletter; you can unsubscribe at any time via the link in every email
  5. Validate Licenses — confirm your Plugin activations are within your License tier
  6. Improve our Services — understand aggregate Website usage (never individual customer tracking) and improve the Plugin based on support ticket trends
  7. Prevent fraud and abuse — detect chargeback fraud, license abuse, and prohibited use
  8. Comply with legal obligations — respond to subpoenas, court orders, tax obligations, and regulatory requests
  9. Enforce our Terms — take action against violations of our Terms of Use, Acceptable Use Policy, or applicable law

5. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection laws, we rely on the following legal bases under GDPR Article 6 to process your personal information:

Creating your account, processing your purchase, delivering the Plugin Legal basis: Contract performance — Article 6(1)(b)

License validation, updates, and support Legal basis: Contract performance — Article 6(1)(b)

Transactional emails (receipts, renewals, security notices) Legal basis: Contract performance — Article 6(1)(b)

Marketing emails (newsletter) Legal basis: Consent — Article 6(1)(a); you may withdraw at any time

Website analytics (privacy-friendly, aggregate) Legal basis: Legitimate interests — Article 6(1)(f): improving our Services

Fraud prevention, security, and license abuse detection Legal basis: Legitimate interests — Article 6(1)(f): protecting our business

Tax records, legal compliance, and responding to authorities Legal basis: Legal obligation — Article 6(1)(c)

You have the right to object to processing based on legitimate interests. See Section 9 for how to exercise your rights.

6. How We Share Your Information

We share your personal information only in the limited circumstances described below. We do not sell, rent, or trade your personal information to anyone, ever.

6.1. Service Providers

We share information with the following third-party service providers strictly as necessary to operate our Services. Each provider is contractually bound to protect your information and to use it only for the purposes we specify.

SureCart Purpose: License management, checkout, and subscription billing Data shared: Name, email, billing address, order details, License activation records

Stripe Purpose: Payment processing Data shared: Payment information — card details are handled directly by Stripe. We do not see or store your full payment card details.

Zoho Mail Purpose: Our company email provider for sending and receiving transactional and support email Data shared: Your name, your email address, and the content of any email correspondence you send us or we send you

Postmark Purpose: Transactional email delivery (receipts, License activation confirmations, renewal reminders, password resets, and other account-related emails) Data shared: Your name, your email address, and the content of transactional messages sent to you

MailerPress (self-hosted on our own server) Purpose: Delivering our newsletter if you have subscribed Data shared: Your email address and newsletter subscription preferences. MailerPress runs on our own infrastructure — your newsletter subscription data is not transmitted to any third party.

Plausible and Matomo (both self-hosted on our own servers) Purpose: Privacy-friendly, aggregate Website analytics Data shared: Anonymous visit data (page views, referrer, country, browser type). Both analytics tools are self-hosted on our own infrastructure and do not share your data with any third party.

6.2. Legal Disclosures

We may disclose your personal information when we have a good-faith belief that disclosure is necessary to:

  • Comply with a subpoena, court order, or other lawful legal process;
  • Enforce our Terms of Use or Acceptable Use Policy;
  • Protect the safety, rights, or property of the Company, our users, or the public;
  • Investigate or prevent fraud, abuse, or illegal activity.

6.3. Business Transfers

If Nahnu Fitness LLC is involved in a merger, acquisition, asset sale, reorganization, bankruptcy, or similar transaction, your personal information may be transferred as part of that transaction. We will notify you (by email or a prominent Website notice) of any change in ownership or material change in how your information is used.

6.4. With Your Consent

We may share your information in other circumstances where you have given us explicit consent to do so.

7. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Policy, or as required by law.

Account and License records Retention: For the duration of your active License, plus three (3) years after the last License expiration — to permit renewal, support continuity, and fraud investigation

Purchase and billing records Retention: Seven (7) years, for tax and accounting compliance

Support tickets Retention: Two (2) years from the date the ticket is closed

Newsletter subscription data Retention: Until you unsubscribe, plus a one (1) year record of your unsubscribe for suppression-list compliance

Server logs Retention: 30 days, typically

Analytics data Retention: Aggregate and anonymous; retained indefinitely in aggregate form

After the retention period expires, we either permanently delete or anonymize your personal information.

8. International Data Transfers

Nahnu Fitness LLC is based in Washington State, United States. Our service providers are located in various countries, including the United States and the European Union.

If you are located outside the United States, your personal information will be transferred to and processed in the United States and in the countries where our service providers operate. The privacy and data protection laws of these countries may differ from those of your country.

Where we transfer personal information of individuals in the European Economic Area, the United Kingdom, or Switzerland to countries that do not have adequacy decisions, we rely on Standard Contractual Clauses (as approved by the European Commission) or other legally recognized transfer mechanisms to protect your information.

9. Your Privacy Rights

Depending on your location, you may have the following rights over your personal information. We honor all valid rights requests regardless of which jurisdiction you’re in, subject to verification of your identity.

9.1. Rights Available Under the GDPR (EEA, UK, Switzerland)

  • Right of access — request a copy of the personal information we hold about you
  • Right to rectification — request correction of inaccurate or incomplete information
  • Right to erasure (“right to be forgotten”) — request deletion of your information, subject to legal retention obligations
  • Right to restriction of processing — request that we limit how we use your information
  • Right to data portability — request a machine-readable copy of information you provided to us
  • Right to object — object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — withdraw your consent to processing at any time (e.g., unsubscribe from newsletter)
  • Right to lodge a complaint with your local data protection authority

9.2. Rights Available Under the CCPA/CPRA (California)

If you are a California resident:

  • Right to know what personal information we collect, use, disclose, or sell
  • Right to delete personal information we have collected from you
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information — we do not sell or share personal information for cross-context behavioral advertising, so this right is already honored by default
  • Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CPRA
  • Right to non-discrimination for exercising any of these rights

9.3. Rights Available Under Other U.S. State Laws

Residents of Washington, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, and Delaware (among other states with active comprehensive privacy laws) have similar rights to access, correct, delete, port, and opt out of certain processing of their personal information.

Washington residents also have specific rights under the My Health My Data Act for health-related data; however, we do not collect any consumer health data, so that Act does not apply to our Services.

9.4. How to Exercise Your Rights

To exercise any of the rights above, email us at:

contact@wpsmartconsent.com

Please include:

  • Your full name
  • The email address associated with your account
  • A clear description of the right you are exercising
  • Any additional information that will help us verify your identity

We will respond to your request within 30 days (or within the timeline required by the law applicable to you, whichever is shorter). We may request additional information to verify your identity before fulfilling the request.

You may also designate an authorized agent to make a request on your behalf; the agent must provide written proof of authorization.

10. Cookies and Tracking Technologies

We use minimal cookies on the Website, and we do not use tracking cookies that follow you across other websites.

In summary:

  • No Google Analytics, no Facebook Pixel, no ad-tracker cookies on wpsmartconsent.com
  • A small number of functional cookies may be set by SureCart to manage your checkout session
  • Our analytics provider (Plausible, Fathom, or equivalent) is cookie-less

For a detailed breakdown of every cookie set by the Website and by the Plugin (including the wpsc_geo cookie the Plugin creates on your Site), see our separate Cookie Policy.

11. Security

We implement reasonable administrative, technical, and physical measures to protect your personal information against unauthorized access, loss, or misuse. These measures include:

  • HTTPS encryption for all Website traffic
  • Secure password hashing for account credentials
  • Payment information handled exclusively by PCI-DSS-compliant providers (SureCart and Stripe)
  • Access controls limiting employee and contractor access to personal information on a need-to-know basis
  • Reasonable logging and monitoring for unauthorized access attempts

No system is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security, and we cannot be liable for unauthorized access beyond what applicable law requires.

If we become aware of a breach that affects your personal information and where notification is legally required, we will notify you and the relevant authorities within the timelines required by law (for example, within 72 hours for GDPR-covered breaches).

12. Children’s Privacy

Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe we have collected personal information from a child under 16, please contact us immediately at contact@wpsmartconsent.com and we will delete it.

13. Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. Because there is no consistent industry standard for responding to DNT signals, our Website does not currently respond to them. However, as noted throughout this Policy, we do not engage in cross-site tracking regardless of any DNT signal.

14. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, the Services, or the law. The “Last Updated” date at the top of this Policy will always reflect the most recent revision.

For material changes, we will provide reasonable notice by:

  • Emailing registered account holders; or
  • Posting a prominent notice on the Website for at least 30 days.

Your continued use of the Services after a material change constitutes acceptance of the revised Policy. If you do not agree to a revised Policy, you should stop using the Services and may request deletion of your account under Section 9.

15. Contact Us

For any privacy-related question, complaint, or request, please email us:

Nahnu Fitness LLC Email: contact@wpsmartconsent.com

If you are located in the European Union and wish to contact us regarding the GDPR, please use the email address above. We do not currently have a designated EU representative under Article 27 of the GDPR, as our EU-directed activities fall below the threshold requiring one. If this changes, we will update this Policy to identify our representative.

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only