Last updated: April 29, 2026
This Privacy Policy explains how WordPress for Cowork (“we,” “us,” or “our”), operated at wordpressforcowork.com, collects, uses, and protects your personal information when you visit our website or make a purchase.
1. Information We Collect
We collect information you provide directly when you place an order or contact us, including your name, email address, billing address, and payment details. Payment card data is processed entirely by Stripe and is never stored on our servers. We also automatically collect standard web traffic data (IP address, browser type, pages visited) via our hosting provider and any analytics tools we use.
1a. License-Holder IP Logging (Anti-Sharing)
To detect unauthorised license sharing, our license server records, for each active license, the source IP subnet (specifically, the /24 prefix for IPv4 or the /64 prefix for IPv6) and a timestamp each time the licensed plugin contacts the server. We count the number of distinct IP subnets observed for a given license per rolling 24-hour window.
If a license is observed from an unusually high number of distinct subnets within a 24-hour window, we may notify the license owner. On repeated occurrences we may restrict updates and support eligibility for that license. Plugin core function is not affected by this enforcement.
Lawful basis (UK GDPR / EU GDPR Art. 6): legitimate interest (Art. 6(1)(f)) — preventing unauthorised license sharing and protecting our commercial product. We use subnets rather than full IP addresses to minimise the precision of personal data we hold.
Retention: raw IP-subnet logs are retained for no longer than 90 days for active anti-fraud purposes. Aggregate counts may persist longer in anonymised form.
This logging applies only to active license holders for our plugin products. It does not apply to general visitors to wordpressforcowork.com.
1b. WordPress Application Passwords (We Never See Them)
The WordPress for Cowork plugin authenticates to your WordPress site using a WordPress Application Password that you generate yourself in your own wp-admin. We do not transmit, store, copy, log, or have any visibility into these passwords. They are stored exclusively on your local machine, in the plugin’s local configuration, and are used only by your own copy of Claude Cowork running on your own device, to talk to your own WordPress site.
This applies to multi-site setups: if you connect three or five WordPress sites to the plugin (Agency or Enterprise tier), each site’s Application Password is stored locally and independently. None of them are mirrored to our servers, even in encrypted form. We could not produce them if asked, lose them if breached, or surrender them under legal compulsion.
You can revoke any Application Password at any time from your own wp-admin (Users → Profile → Application Passwords). The plugin will simply stop working on that site until you generate a new one.
2. How We Use Your Information
We use your information to process and fulfil your orders, send purchase confirmations and download links, respond to support requests, and improve our website and products. We do not sell, rent, or share your personal information with third parties for their marketing purposes.
3. Third-Party Services
We use the following third-party services that may process your data:
- Stripe — payment processing (stripe.com/privacy)
- WooCommerce / WordPress — order management and store functionality
- Hostinger — web hosting and server infrastructure
Each of these providers has their own privacy policy governing how they handle your data.
3a. Plugin Integrations & Authentication Credentials
Our plugins may connect to third-party services on your behalf, such as your WordPress site, Google services, or other platforms. To enable these connections, you may provide authentication credentials including API keys, application passwords, or OAuth authorisation tokens.
Any such credentials are encrypted using AES-256 encryption before being used to facilitate the requested connection. They are used solely for the purpose of performing the actions you request through the plugin, and are never shared with third parties, used for any purpose beyond delivering the service, or transmitted without encryption. You may revoke any connected credential at any time by disconnecting the integration or contacting us.
4. Cookies
Our website uses cookies to maintain your shopping cart session and for basic site functionality. WooCommerce sets cookies to track cart contents and session state. We do not use advertising or cross-site tracking cookies. You can disable cookies in your browser settings, but this may affect checkout functionality.
5. Data Retention
We retain order records (name, email, purchase history) for accounting and legal compliance purposes, typically for 7 years. Download access logs may be retained for fraud prevention. Authentication credentials associated with active plugin integrations are retained only for as long as the integration remains active. Upon cancellation or disconnection, credentials are invalidated and access is revoked. You may request deletion of your personal data at any time (subject to legal retention obligations) by contacting us.
6. Your Rights
Depending on your location, you may have rights regarding your personal data, including the right to access, correct, or delete your data, and to object to or restrict certain processing. To exercise any of these rights, please contact us at [email protected].
7. Data Security
We implement industry-standard security measures to protect your data. All pages are served over SSL/TLS encryption. Authentication credentials and tokens provided through our plugin integrations are encrypted at rest using AES-256 encryption and in transit using TLS. Access to credential data is restricted and logged. However, no method of internet transmission is 100% secure, and we cannot guarantee absolute security of your data.
8. Children’s Privacy
Our services are not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.
10. Contact Us
For any privacy-related questions or requests, contact us at: [email protected]