Get Early Access

Data Processing Addendum (DPA)

Last updated: March 19, 2026

This Data Processing Addendum (“DPA”) forms part of the WP SignalStack Terms of Service and applies when personal data is processed in connection with WP SignalStack services.

By using WP SignalStack, you agree to this DPA.

1. Roles of the Parties

Depending on how WP SignalStack is used, the parties may act as either independent controllers or in a controller–processor relationship.

a) Account and Subscription Data

For data related to account creation, licensing, and billing (including email address, purchase records, and subscription status):

  • WP SignalStack acts as a Data Controller
  • You (the Customer) act as an independent Data Controller

This data may be processed via third-party providers (e.g., payment and licensing platforms).

b) Plugin and Integration Data

For data processed through the WP SignalStack plugin and its integrations:

  • You (the Customer) are the Data Controller
  • WP SignalStack acts as a Data Processor, where applicable, or as a provider of tools that enable data transfer

Processing occurs based on your configuration and use of the plugin.

c) Third-Party Platforms

Third-party services (such as Thinkific, HubSpot, or similar platforms):

  • Act as independent Data Controllers
  • Are governed by their own terms and privacy policies

WP SignalStack does not control how third-party platforms process data.

2. Scope of Processing

WP SignalStack processes data for two primary purposes:

  • Providing account, licensing, and subscription services
  • Enabling integrations between WordPress and third-party platforms

Processing related to plugin functionality is:

  • Limited in scope
  • Configuration-driven by the Customer
  • Transient where possible (focused on data transmission rather than storage)

WP SignalStack does not operate as a primary database for customer end-user data.

3. Categories of Data

Depending on usage, WP SignalStack may process:

Account & Subscription Data

  • Name and email address
  • Account credentials
  • Billing and subscription status
  • Site and license information

Integration & Event Data (Customer-controlled)

  • Identifiers (e.g., user ID, email where applicable)
  • Event data (e.g., page views, conversions, actions)
  • Attribution or transaction signals (e.g., revenue-related events)

Customers are responsible for determining what data is collected and transmitted.

Sensitive personal data should not be processed through WP SignalStack unless legally compliant and necessary.

4. Customer Responsibilities

You agree to:

  • Comply with all applicable data protection laws (e.g., GDPR, CCPA)
  • Provide appropriate notices to your users
  • Obtain any required consents for tracking, analytics, and data sharing
  • Configure WP SignalStack in a compliant manner

You are responsible for the legality of the data you collect and transmit.

5. Subprocessors

WP SignalStack may use subprocessors to operate its services, including:

  • Payment and licensing providers
  • Hosting and infrastructure providers
  • Error monitoring and logging services

All subprocessors are required to implement appropriate security and confidentiality measures.

A current list of subprocessors is available upon request.

6. Data Transfers

Where personal data is transferred across jurisdictions:

  • Transfers are performed using appropriate safeguards
  • This may include standard contractual clauses or equivalent mechanisms where required

7. Security Measures

WP SignalStack implements reasonable technical and organizational measures, including:

  • Encrypted data transmission (HTTPS)
  • Access controls and authentication
  • Minimal data collection principles
  • Regular software updates and patching

No system can guarantee absolute security.

8. Data Retention

WP SignalStack retains data only as long as necessary to:

  • Provide services and maintain active subscriptions
  • Support operational functionality
  • Comply with legal, tax, or accounting obligations

Where possible, data is minimized, anonymized, or deleted.

9. Data Subject Rights

WP SignalStack will assist Customers, where reasonably possible, in responding to data subject requests, including:

  • Access
  • Correction
  • Deletion
  • Portability

Requests should be initiated and managed by the Customer as the Data Controller.

10. Data Breach Notification

In the event of a confirmed data breach affecting Customer data, WP SignalStack will:

  • Notify the Customer without undue delay
  • Provide relevant information to support investigation and compliance

11. Data Deletion

WP SignalStack does not operate as a primary system of record for end-user data processed through plugin integrations.

Most such data is stored within:

  • The Customer’s WordPress environment, and/or
  • Third-party platforms connected by the Customer

As a result:

  • Data deletion for this information should be performed by the Customer within those systems

For account, licensing, and subscription data controlled by WP SignalStack:

  • Data will be deleted or anonymized upon request or within a reasonable timeframe after account closure, unless retention is required by law

WP SignalStack will provide reasonable assistance, where applicable, to support Customer data deletion requests.

12. Limitation of Scope

WP SignalStack:

  • Does not determine the purpose or means of processing Customer end-user data
  • Does not control third-party platforms
  • Does not store or manage full user datasets on behalf of Customers

WP SignalStack provides infrastructure and tooling to enable data connectivity.

13. Updates to this DPA

This DPA may be updated as services evolve or legal requirements change.

Updates will be posted on this page.

Continued use of WP SignalStack indicates acceptance of the updated DPA.

14. Contact

For data protection inquiries:

support@wpsignalstack.com
WP SignalStack — Canada