Legal, Use and Disclosures
AEGISIFY PRIVACY POLICY AND NOTICE AT COLLECTION
Last Updated and Effective: Jan 1, 2026
IMPORTANT: This Privacy Policy applies to Aegisify, Inc., its applicable affiliates, and any Aegisify legal entity identified in an order form, subscription, invoice, or written agreement with you. Collectively, these entities are referred to as “Aegisify,” “we,” “us,” or “our.” The exact legal entity name and registered mailing address should be confirmed before this Policy is published.
1. PURPOSE AND SCOPE
Aegisify provides WordPress security, security-audit, site-intelligence, SEO, backup, firewall, spam-protection, sitemap, link-management, support, licensing, and related software and services.
This Privacy Policy explains how Aegisify collects, receives, uses, stores, analyzes, discloses, retains, and protects information when you:
- Visit aegisify.com, an affiliated Aegisify website, dashboard, portal, blog, documentation page, or public scanning page;
- Create an account, start a trial, purchase a subscription, register or connect a domain, activate a license, join a partner program, or communicate with Aegisify;
- Use Aegisify Audit, the Aegisify WordPress Agent, Aegisify Core, Aegisify Shield, Aegisify WAF, Aegisify Backup, Aegisify SEO, Aegisify SiteMap, Aegisify Links, Aegisify Spam or Spam Guard, Aegisify Ticket, Aegisify SMTP, Licensing, related APIs, integrations, or future Aegisify products;
- Run or request a public external security scan;
- Connect a WordPress website, Google service, search platform, storage provider, email service, payment provider, or other third-party integration;
- Submit support tickets, diagnostic information, logs, code, screenshots, reports, backup files, or other materials to Aegisify; or
- Subscribe to product updates, newsletters, blogs, security notices, educational content, or marketing communications.
This Policy is a privacy notice. It is not, by itself, a request for consent to every form of processing described below. Where consent is legally required, Aegisify will request it separately. By accessing or using the Services, you acknowledge that you have reviewed this Policy.
The Aegisify Terms of Use, End User License Agreement, subscription terms, order forms, Data Processing Addenda, and other written agreements may also apply to your use of the Services.
2. AEGISIFY’S ROLE AND THE CUSTOMER’S ROLE
2.1 Information Aegisify Controls
Aegisify generally acts as a data controller or “business” when it determines why and how Personal Information is processed for purposes such as:
- Operating the Aegisify website and SaaS platform;
- Creating and managing accounts;
- Processing subscriptions and transactions;
- Administering licenses and registered domains;
- Providing support;
- Securing the Services;
- Preventing fraud and abuse;
- Sending requested or permitted communications; and
- Meeting legal, accounting, and regulatory obligations.
2.2 Customer-Controlled Information
When Aegisify processes information from a customer’s WordPress website, security environment, users, visitors, customers, employees, or systems solely to provide a requested service, Aegisify may act as a processor, service provider, or contractor on behalf of that customer.
In those circumstances, the customer generally determines:
- Which website may be scanned or connected;
- Which telemetry functions are enabled;
- Whether optional activity or diagnostic logs are made available;
- Which integrations are connected;
- Which users may access reports;
- Which information may be submitted to support or AI-assisted functions; and
- How the customer satisfies its own notice, consent, security, retention, and legal obligations.
2.3 Locally Processed WordPress Data
Many Aegisify plugin functions are designed to operate within the customer’s WordPress environment. Information that remains solely within the customer’s website, server, database, browser, or customer-selected storage location is generally controlled by the customer and is subject to the customer’s own privacy policy and security practices.
Local information may become available to Aegisify when the customer connects a SaaS feature, enables telemetry, uses a remote service, sends a report, requests support, uploads a file, connects an integration, or otherwise authorizes transmission.
3. DEFINITIONS
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an individual or household. It may also be referred to as “personal data” under applicable law.
“Customer Data” means information submitted, transmitted, stored, generated, or made available by or for a customer through the Services.
“Customer Security Data” means domains, WordPress environment details, software inventories, configuration information, vulnerabilities, code or file signals, activity events, logs, exposure evidence, scan results, security findings, reports, and related technical evidence.
“Services” means Aegisify’s websites, SaaS applications, WordPress plugins, Agent, APIs, public scanning features, licensing systems, support systems, integrations, documentation, blogs, communications, and related products or services.
4. INFORMATION WE COLLECT OR PROCESS
The information available to Aegisify depends on which Services you use, which features you enable, which integrations you connect, and which information you choose to provide.
4.1 Account, Identity, and Organization Information
We may collect:
- Name;
- Email address;
- Username and account identifier;
- Company or organization name;
- Job title or business role;
- Billing and shipping contact information;
- Account preferences;
- Authentication information;
- OAuth identifiers or tokens;
- Multi-factor authentication information;
- Subscription, plan, trial, and entitlement information;
- Partner, referral, or commission-account information; and
- Communications and account history.
Passwords should be stored using protective one-way methods where applicable. Aegisify does not need to know your plaintext WordPress password to perform normal Agent operations.
4.2 Payment and Transaction Information
Payments may be processed by third-party payment providers. Aegisify may receive limited transaction information such as:
- Transaction identifier;
- Subscription status;
- Purchase amount;
- Billing date;
- Payment status;
- Refund or chargeback status;
- Payment-method type;
- Card brand and limited card digits; and
- Billing country or postal information.
Aegisify does not intend to store full payment-card numbers, card verification values, or complete banking credentials on its application servers. Payment providers process payment information under their own terms and privacy notices.
4.3 Website, Device, and Usage Information
When you access an Aegisify website, dashboard, portal, API, or hosted service, we may automatically receive:
- IP address;
- Approximate geographic location derived from IP address;
- Browser type and version;
- Device type and operating system;
- Language and time-zone settings;
- Referring and destination URLs;
- Pages, features, and documentation viewed;
- Date and time of requests;
- Session identifiers;
- Cookie or similar technology identifiers;
- Authentication and login events;
- Error, performance, and diagnostic events;
- API activity;
- Download activity;
- Click, navigation, and feature-use information; and
- Security, fraud, rate-limit, and abuse-prevention signals.
4.4 Licensing, Domain, and Product Information
Aegisify’s licensing and product-management systems may process:
- License key or license identifier;
- License status and expiration;
- Registered, activated, or authorized domain;
- Domain-change history;
- Product and plugin identifiers;
- Installed product version;
- Available update version;
- Free, trial, paid, bundle, or enterprise entitlement;
- Activation, deactivation, installation, and update events;
- Feature-access and entitlement checks;
- WordPress and PHP versions;
- Server or hosting-environment characteristics;
- Usage and anti-abuse signals;
- IP address associated with activation or validation; and
- Information needed to prevent license sharing, circumvention, fraud, or unauthorized use.
4.5 Aegisify Audit and WordPress Agent Data
When an authorized administrator installs, configures, and connects the Aegisify Agent to Aegisify Audit, the Agent may make structured technical information available to the SaaS platform. Depending on enabled capabilities and customer-selected telemetry controls, this information may include:
- Domain, site URL, site identity, and target identifier;
- WordPress core version, configuration, and security-posture information;
- PHP, server, database, hosting, and compatibility information;
- Installed plugin and theme names, slugs, files, versions, activation status, network status, update status, repository identity, automatic-update status, and related software metadata;
- Dependency and package information;
- Known vulnerability identifiers, vulnerability-intelligence matches, severity information, affected-version ranges, and remediation status;
- Code, file, and static-analysis signals;
- Potentially risky functions, suspicious patterns, unexpected files, modified files, integrity information, and malware indicators;
- Externally observed exposure involving routes, APIs, headers, redirects, authentication surfaces, endpoints, and public website behavior;
- DAST-style and SAST-style findings;
- Security configuration, hardening, access-control, and compliance-related observations;
- Supported authentication, user, administrator, plugin, theme, file, configuration, and WordPress activity events;
- Optional PHP, WordPress, application, security, or diagnostic logs;
- Scan status, timestamps, errors, progress, health information, and results;
- Risk scores, summaries, report data, recommendations, accepted risks, remediation notes, and workflow history;
- Agent connection status, security-key status, and telemetry permissions; and
- AI inputs and outputs generated from selected scan evidence.
The Agent is intended to collect technical signals relevant to an authorized WordPress security audit. It is not designed, as part of routine scanning, to create a complete copy of the customer’s business records, private communications, customer-content library, or WordPress database.
4.6 Optional Logs and Incidental Personal Information
Activity logs, debug logs, server logs, WAF logs, security logs, and application logs can contain Personal Information or confidential data that a plugin, theme, user, custom application, or hosting environment wrote into the log.
Depending on the source, logs may contain:
- IP addresses;
- Usernames or user identifiers;
- Email addresses;
- URLs, query parameters, and endpoint names;
- HTTP headers;
- Form or request fragments;
- File paths;
- Plugin or theme names;
- Error messages and stack traces;
- Authentication events;
- Administrative actions;
- Session or request identifiers;
- Customer, order, or transaction references; and
- Tokens, secrets, credentials, or personal information that should not have been written to a log.
Log access is optional unless expressly required by a particular service. Customers should review and redact logs, disable unnecessary debugging, and avoid transmitting secrets, passwords, authentication tokens, payment information, protected health information, or other regulated information.
Aegisify may restrict, quarantine, redact, or delete improperly submitted information when reasonably necessary to protect the Services, customers, or third parties.
4.7 Public External Scan Data
When a user requests a public external scan, Aegisify may process:
- The submitted domain, hostname, URL, or IP address;
- The requesting IP address and browser information;
- Public DNS, certificate, redirect, header, route, API, login, and transport-security information;
- Publicly observable website responses;
- OWASP-style exposure indicators;
- Scan timestamps, status, errors, and results;
- Rate-limiting, security, and anti-abuse information; and
- Contact information when the user asks to save, email, discuss, or convert the scan into an account or subscription.
Public scans are intended only for systems that the requesting user owns or is authorized to assess. Aegisify may limit or reject scans that appear unlawful, abusive, disruptive, deceptive, excessive, or unauthorized.
Some public-scan interfaces may provide transient results or state that visible report data is deleted when the user leaves the page. Limited request, security, fraud-prevention, rate-limit, and diagnostic records may still be retained when reasonably necessary to protect the service or comply with law.
4.8 Aegisify Shield, WAF, and Spam-Protection Data
Security, firewall, hardening, administrator-protection, file-integrity, malware, login, bot, API, DDoS, and spam-protection features may process information such as:
- IP addresses and network information;
- Requested URLs, paths, routes, endpoints, and methods;
- Request headers and selected request characteristics;
- User agents and bot indicators;
- Login and authentication events;
- WordPress user, role, capability, and administrator events;
- File names, paths, hashes, signatures, and modification information;
- Rule matches, threat scores, enforcement actions, allow decisions, and block decisions;
- Malware, suspicious-code, or integrity indicators;
- Spam content, submission behavior, form type, and spam-scoring signals;
- Comments, reviews, registration, search, checkout, API, or form-submission metadata;
- Alerts, notifications, reports, exports, and audit history; and
- Configuration, exception, allow-list, block-list, and policy settings.
These products may store information locally in the customer’s WordPress environment. Information is transmitted to Aegisify only when a connected service, remote feature, telemetry function, support request, license function, or customer-authorized integration requires it.
4.9 Aegisify Backup, Restore, Migration, and Disaster-Recovery Data
Backup and recovery functions may process WordPress files, media, plugins, themes, configuration files, databases, database tables, records, fields, and related site information.
Depending on the configuration, backup information may be:
- Created and stored locally;
- Downloaded by the customer;
- Transferred between customer-controlled servers;
- Sent to customer-selected storage;
- Used during migration, restore, rollback, or disaster recovery; or
- Provided to Aegisify support when the customer expressly requests assistance.
Aegisify does not automatically acquire ownership of information contained in a backup. Customers are responsible for determining whether they are authorized to back up, transfer, restore, or migrate the included data.
Backup files can contain highly sensitive information. Customers must protect encryption keys, recovery links, storage credentials, downloaded archives, database exports, and migration packages.
4.10 Aegisify SEO, SiteMap, and Search-Integration Data
SEO, crawling, sitemap, indexing, schema, Search Console, Bing, IndexNow, AI-discovery, and site-improvement features may process:
- Public URLs, page titles, headings, metadata, canonical information, robots directives, sitemap entries, schema, internal links, redirects, and status codes;
- Page or post identifiers, content type, publication status, update date, author metadata, and taxonomy information;
- Publicly accessible page content or selected content signals when required for a requested analysis;
- SEO issues, recommendations, fix history, rollback information, and change annotations;
- Search impressions, clicks, click-through rate, query information, average position, indexing status, and related search-performance information;
- OAuth tokens, property identifiers, account identifiers, and permissions for customer-authorized integrations;
- Submitted URLs and indexing requests;
- AI-analysis inputs and outputs;
- Website-scan progress, errors, reports, and evidence; and
- Customer-selected settings for robots.txt, XML sitemaps, HTML sitemaps, AI-discovery files, schema, and indexing policies.
Search-platform information is processed only within the permissions granted by the customer and is also subject to the applicable third party’s terms and privacy practices.
4.11 Aegisify Links and Campaign Information
Link-management, short-link, redirect, internal-linking, campaign, WooCommerce-sharing, and link-health features may process:
- Source and destination URLs;
- Short-link identifiers and slugs;
- Campaign names and tags;
- Link status, redirect status, and health information;
- Click date and time;
- Referrer information;
- Browser, device, and user-agent information;
- IP address or an IP-derived approximate location;
- WooCommerce product or content identifiers;
- Conversion or engagement events when configured; and
- Aggregated link-performance analytics.
Customers are responsible for providing any required notices or consent when they use tracking, analytics, campaign, or short-link functions on their own websites.
4.12 Ticketing, SMTP, Email, and Support Information
Aegisify Ticket, SMTP, support, contact, and communication functions may process:
- Sender and recipient information;
- Email addresses and display names;
- Subject lines;
- Message content;
- Ticket content and status;
- Attachments;
- Email-server and delivery settings;
- Delivery, bounce, failure, complaint, and diagnostic information;
- Support screenshots, recordings, code, configuration, logs, reports, or files;
- Support-agent notes and resolution history; and
- Customer satisfaction or feedback information.
Do not send passwords, private keys, full payment-card information, protected health information, or other unnecessary secrets through email or support tickets.
4.13 Blogs, Newsletters, Comments, and Marketing Information
When you subscribe, comment, register for an event, request information, download material, or interact with marketing content, we may collect:
- Name and email address;
- Company and role;
- Subscription preferences;
- Campaign source;
- Pages or articles viewed;
- Email-delivery and engagement information;
- Comments, questions, and feedback; and
- Unsubscribe and suppression information.
4.14 Artificial Intelligence Inputs and Outputs
When you use an AI-assisted feature, Aegisify may process selected information needed to provide the requested function, including:
- Prompts and user instructions;
- Selected scan findings;
- Vulnerability and software information;
- Code or file signals;
- Optional log excerpts;
- URLs or public page information;
- Configuration and environment information;
- Previous AI conversation context;
- Generated summaries, rankings, explanations, recommendations, draft fixes, and reports;
- User edits, approvals, rejections, and feedback; and
- Technical information needed to operate, secure, monitor, and troubleshoot the AI feature.
Aegisify may use third-party AI infrastructure or model providers to perform requested AI functions. The particular data handling may depend on the model, provider, configuration, subscription, contract, and feature selected.
Customers should not submit secrets, passwords, payment-card information, protected health information, CUI, export-controlled data, or other highly regulated information to an AI feature unless the submission is expressly authorized and covered by an appropriate written agreement.
4.15 Information from Third Parties and Public Sources
Aegisify may receive information from:
- Payment providers;
- Authentication and identity providers;
- Google, Bing, search, indexing, and analytics integrations;
- Cloud hosting, storage, email, and support providers;
- Vulnerability databases and software repositories;
- Public DNS, certificate, WHOIS, HTTP, and website sources;
- WordPress and plugin or theme repositories;
- Security and threat-intelligence providers;
- Referral and partner programs;
- Customer-authorized administrators and team members; and
- Publicly available business or professional information.
5. INFORMATION WE DO NOT INTEND TO COLLECT AS PART OF NORMAL OPERATIONS
Unless a feature specifically requires it, a customer affirmatively submits it, or a separate written agreement authorizes it, Aegisify does not intend to collect:
- Plaintext WordPress user passwords;
- Full payment-card information;
- Complete banking credentials;
- Full customer databases through the Audit Agent;
- Complete customer-content libraries through routine security telemetry;
- Private communications unrelated to a support request or authorized security investigation;
- Protected health information subject to HIPAA;
- Payment-card data subject to PCI DSS storage requirements;
- Classified information;
- Controlled Unclassified Information requiring a government-authorized environment;
- Export-controlled technical data;
- Biometric templates;
- Government identification numbers unless required for a lawful transaction; or
- Information about children under 13.
Local Aegisify plugins may operate on websites that contain regulated information. This does not mean Aegisify has agreed to receive that information, entered into a Business Associate Agreement, certified the customer’s compliance, or accepted responsibility for the customer’s legal obligations.
6. HOW WE USE INFORMATION
Aegisify may use information to:
- Provide, operate, maintain, and improve the Services;
- Create and manage accounts, subscriptions, domains, entitlements, and licenses;
- Authenticate users and secure accounts;
- Connect an authorized WordPress Agent to the correct SaaS target;
- Perform public, external, Agent-based, SAST-style, DAST-style, vulnerability, plugin, theme, dependency, code, configuration, log, and other requested analyses;
- Generate dashboards, findings, risk summaries, reports, recommendations, and remediation guidance;
- Provide AI-assisted analysis and human-reviewable decision support;
- Deliver updates, patches, notices, downloads, and product communications;
- Provide backup, restore, migration, recovery, SEO, link, sitemap, spam, WAF, security, email, and support functionality;
- Process transactions, renewals, refunds, and commissions;
- Respond to requests and provide customer support;
- Investigate errors, failures, security events, and customer-reported problems;
- Prevent fraud, unauthorized scanning, license misuse, spam, abuse, attacks, scraping, and service disruption;
- Protect customers, Aegisify, third parties, and the public;
- Enforce agreements and acceptable-use requirements;
- Measure reliability, performance, adoption, and feature effectiveness;
- Create aggregated or deidentified statistics;
- Send marketing communications where permitted;
- Comply with legal, tax, accounting, regulatory, and law-enforcement obligations; and
- Establish, exercise, or defend legal claims.
Aegisify will not use Personal Information for a materially incompatible new purpose without providing an appropriate notice and obtaining consent where required by law.
7. LEGAL BASES FOR PROCESSING
Where the GDPR, UK GDPR, or similar law applies, Aegisify may rely on one or more of the following legal bases:
- Performance of a contract: to provide requested Services, accounts, subscriptions, licenses, scans, reports, integrations, support, and transactions;
- Legitimate interests: to secure and improve the Services, prevent fraud and abuse, understand product use, communicate with business users, and protect legal rights, where those interests are not overridden by individual rights;
- Legal obligation: to comply with tax, accounting, regulatory, court, law-enforcement, and other legal requirements;
- Consent: for optional cookies, marketing, optional integrations, or other processing where consent is required; and
- Protection of vital interests or public interest: in limited circumstances permitted by law.
Where Aegisify acts as a processor for Customer Data, the customer is responsible for identifying its own legal basis and providing required notices or obtaining required consent.
8. CUSTOMER AUTHORIZATION AND RESPONSIBILITIES
By submitting a domain, connecting a website, enabling telemetry, initiating a scan, uploading information, or using the Services on behalf of an organization, you represent and warrant that:
- You own the system or have sufficient authorization to use the requested Service;
- You have authority to act for the relevant organization;
- You have provided required notices and obtained required permissions;
- Your instructions do not violate law, contract, confidentiality duties, intellectual-property rights, or third-party rights;
- You will not use Aegisify to scan, access, monitor, disrupt, or analyze a third-party system without authorization;
- You will limit submitted information to what is reasonably necessary;
- You will protect security keys, recovery links, API keys, OAuth tokens, credentials, and reports;
- You will review logs and support materials for sensitive information before transmission;
- You will configure retention, logging, cookies, analytics, security controls, and integrations lawfully; and
- You will respond appropriately to data-subject requests involving information under your control.
Aegisify may suspend access, refuse a scan, restrict telemetry, remove data, or terminate processing when it reasonably believes an instruction is unauthorized, unlawful, unsafe, abusive, or inconsistent with an applicable agreement.
9. ARTIFICIAL INTELLIGENCE AND AUTOMATED ANALYSIS
Aegisify uses or may use Artificial Intelligence to summarize technical evidence, reduce repetitive noise, identify relationships among findings, prioritize potential risk, explain possible impact, generate draft remediation guidance, analyze public content, and support requested product functions.
AI-generated information:
- May be incomplete, inaccurate, outdated, or inappropriate for a specific environment;
- Does not guarantee that a vulnerability, malware infection, configuration issue, SEO issue, or attack has or has not been identified;
- Does not replace qualified security, legal, privacy, compliance, development, hosting, accounting, or business advice;
- Should be reviewed before changes are made to a production website;
- Should be tested in an appropriate environment;
- May depend on third-party data sources or providers; and
- Does not independently authorize a configuration change, update, code deployment, risk acceptance, or production action.
Final decisions remain with the customer’s authorized administrators, developers, security professionals, business owners, and other responsible personnel.
Aegisify does not intend to use AI to make a decision based solely on automated processing that produces legal or similarly significant effects concerning an individual. If a future feature materially changes this practice, Aegisify will provide additional notice and rights where required.
10. HOW WE DISCLOSE INFORMATION
Aegisify may disclose information to the following categories of recipients when reasonably necessary:
- Cloud hosting, infrastructure, database, content-delivery, monitoring, and security providers;
- Payment processors and transaction providers;
- Email, SMTP, notification, customer-support, and ticketing providers;
- Authentication, identity, OAuth, and account-security providers;
- Analytics, performance, and error-monitoring providers;
- AI model, AI infrastructure, and data-processing providers;
- Cloud storage, backup, migration, and file-transfer providers;
- Search engines, Search Console, Bing, indexing, analytics, and customer-authorized integrations;
- Vulnerability, software-repository, malware, reputation, and threat-intelligence providers;
- Professional advisers such as attorneys, accountants, auditors, insurers, and security consultants;
- Customer-authorized administrators, team members, agencies, developers, and partners;
- Government agencies, regulators, courts, or law-enforcement authorities when legally required;
- Parties involved in protecting rights, preventing harm, enforcing agreements, or investigating suspected misconduct;
- Potential or actual purchasers, investors, lenders, successors, or transaction advisers in connection with a merger, acquisition, financing, restructuring, bankruptcy, or asset transfer; and
- Other parties when the customer directs us or gives valid consent.
Service providers are permitted to process information only for authorized purposes, subject to applicable agreements, provider terms, and law.
Aegisify may disclose aggregated or deidentified information that does not reasonably identify an individual, customer, or specific protected system.
11. SALE, SHARING, AND TARGETED ADVERTISING
Aegisify does not sell Personal Information for monetary consideration.
Aegisify does not knowingly share Personal Information for cross-context behavioral advertising as that term is defined under California law. Disclosures to service providers for hosting, security, analytics, payments, customer support, AI processing, communications, and requested integrations are not intended to constitute a sale when the recipient is contractually or legally restricted to the permitted business purpose.
If Aegisify begins selling Personal Information or sharing it for cross-context behavioral advertising, Aegisify will update this Policy and provide legally required notices and opt-out methods.
Aegisify does not knowingly sell or share Personal Information belonging to individuals under 16 years of age.
12. COOKIES AND SIMILAR TECHNOLOGIES
Aegisify websites and hosted Services may use:
- Essential cookies: required for account login, security, payments, sessions, load balancing, fraud prevention, and core functionality;
- Preference cookies: used to remember settings, language, consent, and interface choices;
- Analytics cookies: used to understand traffic, page use, feature use, errors, and performance;
- Integration cookies: used by embedded media, authentication, payment, search, support, or other connected services; and
- Marketing cookies: used only when implemented and permitted by applicable law and the user’s cookie choices.
You may be able to manage non-essential cookies through a cookie-preference tool or browser settings. Blocking cookies may prevent certain Services from operating correctly.
Where legally required and technically supported, Aegisify will process valid browser-based opt-out preference signals, such as Global Privacy Control, for the browser or device that sends the signal.
Because there is not a universally accepted standard for “Do Not Track” signals, Aegisify does not currently respond to every browser Do Not Track setting unless required by law.
13. DATA RETENTION
Aegisify retains each category of information only for as long as reasonably necessary and proportionate for the disclosed purpose, subject to contractual, operational, security, legal, tax, accounting, backup, and dispute-resolution requirements.
Retention considerations include:
- Account information: generally retained while the account is active and for a reasonable period afterward for reactivation, support, fraud prevention, dispute resolution, and legal compliance;
- Billing and transaction records: retained for the period required by tax, accounting, payment, fraud, and legal obligations;
- License and domain records: retained during the license relationship and afterward as reasonably necessary to administer entitlements, enforce limits, prevent abuse, and resolve disputes;
- Scan, report, and Agent telemetry: retained while needed to provide dashboards, historical comparisons, reports, remediation workflows, support, or customer-requested functionality, unless deleted earlier;
- Public scan results: may be transient or retained according to the notice displayed by the applicable scan feature, while limited technical records may remain for security and abuse prevention;
- Security, WAF, spam, authentication, and fraud logs: retained according to operational security needs and customer-selected local retention settings;
- Optional diagnostic logs: retained only as long as reasonably necessary for the requested analysis, investigation, report, or support purpose;
- Support records: retained as needed to resolve requests, maintain service history, improve support, establish facts, and protect legal rights;
- Marketing records: retained until consent is withdrawn, the individual unsubscribes, or the information is no longer needed, while limited suppression records may be retained to honor opt-out requests;
- Backups: retained according to the customer’s configuration, selected storage destination, subscription plan, disaster-recovery requirements, and backup-overwrite schedule; and
- Legal records: retained as required to comply with law or establish, exercise, or defend legal claims.
When information is deleted from active systems, residual copies may remain temporarily in secure backups, disaster-recovery systems, logs, or archives until overwritten or deleted through the ordinary retention cycle. Such copies will remain restricted from ordinary use except for restoration, security, legal compliance, or disaster recovery.
Aegisify may retain deidentified information for longer periods where permitted by law.
14. DATA SECURITY
Aegisify uses reasonable administrative, technical, and organizational safeguards appropriate to the nature of the information and the risks involved. Depending on the Service, safeguards may include:
- Encryption in transit;
- Protected credentials and secrets;
- Authentication and authorization controls;
- Role-based or least-privilege access;
- Security-key validation and rotation;
- Logging, monitoring, alerting, and abuse prevention;
- Secure development and change-management practices;
- Vulnerability review and remediation;
- Backups and recovery controls;
- Access review and account termination procedures;
- Service-provider assessment;
- Incident investigation and response; and
- Responsible-disclosure processes.
No website, plugin, firewall, scanner, AI system, hosting environment, transmission method, or storage system can be guaranteed to be completely secure.
Aegisify does not guarantee:
- Absolute security;
- Detection of every vulnerability, attack, malicious file, configuration issue, spam message, SEO problem, or data exposure;
- Prevention of every compromise;
- Successful recovery in every circumstance;
- Continuous availability;
- Error-free AI output; or
- Protection from risks outside Aegisify’s reasonable control.
If Aegisify becomes aware of a security incident involving Personal Information, Aegisify will investigate and provide legally required notifications to affected parties, customers, regulators, or authorities as applicable.
15. YOUR PRIVACY RIGHTS
Depending on your location and applicable law, you may have the right to:
- Know whether Aegisify processes your Personal Information;
- Request access to Personal Information;
- Request correction of inaccurate Personal Information;
- Request deletion of Personal Information;
- Receive a portable copy of certain Personal Information;
- Restrict or object to certain processing;
- Withdraw consent where processing relies on consent;
- Opt out of certain targeted advertising, sale, sharing, or profiling;
- Limit certain uses of sensitive Personal Information;
- Appeal a denied privacy request where applicable;
- Complain to a regulator or supervisory authority; and
- Exercise rights without unlawful discrimination or retaliation.
These rights are not absolute. Aegisify may retain or continue processing information when permitted or required for security, fraud prevention, contractual performance, legal compliance, freedom of expression, internal uses reasonably aligned with expectations, legal claims, or other lawful exceptions.
To submit a request, contact privacy@aegisify.com. Please use the subject line “Privacy Request” and describe the right you wish to exercise.
Aegisify may need to verify your identity and authority before completing a request. Verification information will be used only to process and protect the request.
You may use an authorized agent where applicable. Aegisify may require proof of the agent’s authority and may directly verify the request with you.
When Aegisify holds information solely as a processor for a customer, Aegisify may direct the request to that customer or assist the customer as required by law or contract.
16. CALIFORNIA PRIVACY DISCLOSURES
This section applies to California residents to the extent Aegisify is subject to the California Consumer Privacy Act, as amended.
16.1 Categories Collected
During the preceding 12 months, Aegisify may have collected the following categories of Personal Information:
- Identifiers, such as names, email addresses, account identifiers, IP addresses, usernames, and online identifiers;
- Customer-record information, such as contact, billing, subscription, and transaction information;
- Commercial information, such as purchases, subscriptions, licenses, trials, refunds, partner records, and product usage;
- Internet or electronic-network activity, such as browsing, login, API, click, scan, security, device, cookie, and product-use information;
- Approximate geolocation derived from IP address;
- Professional or employment-related information voluntarily provided by business users;
- Audio, visual, or electronic information provided through support, screenshots, recordings, or attachments;
- Sensitive Personal Information, such as account authentication information, passwords in protected form, security keys, OAuth tokens, or message content when submitted;
- Customer-provided content and security information, including logs, reports, support materials, and WordPress activity events that may incidentally contain Personal Information; and
- Inferences derived from product, security, or usage information, such as suspected threat, fraud, abuse, risk, or feature-interest indicators.
Aegisify does not intentionally collect protected-classification, biometric, precise-geolocation, health, financial-account credential, or education information unless the individual or customer submits it or a specific lawful function requires it.
16.2 Sources
Sources include individuals, customers, authorized administrators, connected WordPress websites, devices and browsers, integrations, payment providers, authentication providers, support systems, public websites, software repositories, security intelligence, and service providers.
16.3 Business and Commercial Purposes
Aegisify uses the categories described above to provide and secure the Services, administer accounts and licenses, process payments, perform scans and analysis, provide support, prevent fraud and abuse, improve products, communicate with customers, meet legal obligations, and protect legal rights.
16.4 Categories of Recipients
Aegisify may disclose these categories to service providers and contractors providing infrastructure, security, payment, communications, analytics, support, authentication, AI, storage, search integrations, professional advice, or other functions described in this Policy.
16.5 Sale and Sharing
Aegisify does not sell Personal Information for monetary consideration and does not knowingly share Personal Information for cross-context behavioral advertising.
16.6 Sensitive Personal Information
Aegisify uses sensitive Personal Information only as reasonably necessary to provide requested Services, authenticate accounts, protect security and integrity, prevent fraud, process transactions, provide support, and perform other legally permitted purposes. Aegisify does not use sensitive Personal Information to infer characteristics about individuals.
16.7 California Rights
Subject to applicable exceptions, California residents may request:
- The categories and specific pieces of Personal Information collected;
- The categories of sources;
- The business or commercial purposes;
- The categories of third parties receiving the information;
- Correction of inaccurate information;
- Deletion of eligible information;
- Opt-out of sale or sharing, if such practices occur;
- Limitation of certain sensitive-information uses, if such practices occur; and
- Equal service and pricing when exercising privacy rights.
16.8 Financial Incentives
Aegisify does not currently offer a program intended to provide financial incentives in exchange for Personal Information. Referral commissions, product discounts, free trials, and customer promotions are not offered in exchange for the right to sell Personal Information. If Aegisify introduces a qualifying financial-incentive program, it will provide the required notice and obtain opt-in consent.
17. EEA, UNITED KINGDOM, AND SWITZERLAND
Individuals in the European Economic Area, United Kingdom, or Switzerland may have rights of access, correction, erasure, restriction, objection, portability, and withdrawal of consent.
You may also have the right to lodge a complaint with the data-protection authority in the country where you live, work, or believe a violation occurred.
Aegisify will not discriminate against you for exercising applicable rights. Where Aegisify relies on legitimate interests, you may request information about the relevant balancing considerations.
Where required, Aegisify will identify an applicable European or United Kingdom representative through an additional notice, Data Processing Addendum, order form, or service documentation.
18. INTERNATIONAL DATA TRANSFERS
Aegisify and its providers may process information in the United States and other countries where Aegisify, its customers, integrations, or service providers operate.
These countries may have data-protection laws that differ from those in your country.
Where required, Aegisify relies on legally recognized transfer mechanisms that may include:
- Adequacy decisions;
- Standard Contractual Clauses;
- The United Kingdom International Data Transfer Addendum or equivalent mechanisms;
- Contractual safeguards;
- Consent where legally valid; or
- Other transfer mechanisms permitted by applicable law.
19. CHILDREN’S PRIVACY
The Services are designed for businesses, professionals, website administrators, developers, agencies, and other authorized adult users. They are not directed to children.
Aegisify does not knowingly collect Personal Information online from a child under 13. Individuals under 18 should not create an Aegisify business account or submit Personal Information without the involvement of a parent, guardian, school, employer, or other legally authorized adult.
If you believe a child has provided Personal Information to Aegisify, contact privacy@aegisify.com so the matter can be reviewed and eligible information can be deleted.
20. MARKETING COMMUNICATIONS
Aegisify may send product news, security information, blog updates, trial messages, onboarding communications, feature announcements, and promotional information where permitted by law.
You may unsubscribe from marketing email using the unsubscribe link or by contacting Aegisify. Unsubscribing from marketing does not prevent Aegisify from sending transactional, account, billing, license, security, service, legal, or support communications.
Aegisify may retain a limited suppression record to ensure that an unsubscribe request continues to be honored.
21. THIRD-PARTY SERVICES AND INTEGRATIONS
The Services may contain links to or integrate with third-party websites, payment processors, Google services, search platforms, storage providers, authentication providers, email systems, repositories, vulnerability sources, AI providers, videos, social media, or other services.
Aegisify does not control the independent privacy or security practices of third parties. Information transmitted directly to a third party is governed by that party’s terms and privacy notice.
Customers should review third-party permissions before connecting an integration and should revoke access when the integration is no longer required.
22. LEGAL REQUESTS, SAFETY, AND BUSINESS TRANSACTIONS
Aegisify may preserve, access, or disclose information when it reasonably believes doing so is necessary to:
- Comply with law, regulation, subpoena, warrant, court order, or lawful government request;
- Protect the rights, property, security, availability, or safety of Aegisify, customers, users, or the public;
- Investigate fraud, abuse, unauthorized scanning, security incidents, or violations of agreements;
- Prevent death, serious injury, unlawful activity, or material harm;
- Establish, exercise, or defend legal claims; or
- Complete a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction.
Where legally permitted and appropriate, Aegisify may notify an affected customer before disclosing Customer Data in response to a legal request.
23. AGGREGATED AND DEIDENTIFIED INFORMATION
Aegisify may create and use aggregated or deidentified information for security research, product improvement, reliability measurement, statistical analysis, vulnerability trends, abuse prevention, reporting, and business planning.
Aegisify will not attempt to reidentify deidentified information except when reasonably necessary to test whether deidentification methods comply with law or to protect security and integrity.
Published research, examples, screenshots, reports, or case studies should be sanitized or used only with appropriate authorization.
24. BLOGS, REPORTS, RECOMMENDATIONS, AND EDUCATIONAL CONTENT
Aegisify blogs, documentation, scan results, risk scores, security reports, AI output, remediation suggestions, SEO recommendations, backup guidance, and other educational materials are provided for general informational and operational decision-support purposes.
They do not constitute:
- Legal advice;
- Privacy advice;
- Regulatory or compliance certification;
- Professional penetration-testing certification;
- A guarantee of security;
- A guarantee of successful backup or recovery;
- A guarantee of SEO ranking, indexing, traffic, revenue, or AI-engine inclusion; or
- A substitute for an appropriately qualified professional.
Customers remain responsible for reviewing recommendations, maintaining independent backups, testing changes, approving production actions, validating compliance requirements, and deciding whether to accept or remediate risk.
25. RELATIONSHIP TO TERMS, WARRANTIES, AND LIABILITY
This Privacy Policy explains Aegisify’s information practices. Contractual provisions concerning permitted use, license restrictions, warranties, indemnification, limitation of liability, dispute resolution, governing law, refunds, and termination are contained in the applicable Terms of Use, End User License Agreement, subscription agreement, order form, or other contract.
If this Policy conflicts with a signed Data Processing Addendum or other signed agreement concerning Customer Data, the signed agreement will control to the extent of the conflict.
Nothing in this Policy limits non-waivable rights or obligations imposed by applicable privacy law.
26. CHANGES TO THIS PRIVACY POLICY
Aegisify may update this Policy to reflect:
- New products or features;
- Changes to Agent telemetry or scan capabilities;
- New AI, integration, analytics, or service-provider practices;
- Changes to applicable law;
- Security, retention, or operational improvements;
- Corporate transactions; or
- Clarifications to existing practices.
The updated Policy will display a revised “Last Updated” date. When a change is material, Aegisify may provide additional notice through the website, dashboard, account email, product interface, or another reasonable method.
Where applicable law requires consent for a new processing activity, continued use alone will not replace legally required consent.
27. CONTACT INFORMATION
Questions, complaints, requests, or concerns concerning this Policy may be directed to:
Aegisify, LLC
Attn: Privacy
Privacy Email: privacy@aegisify.com
Support Email: support@aegisify.com
Website: https://aegisify.com
To report a suspected security vulnerability, use the responsible-disclosure process or send an appropriately redacted report to support@aegisify.com with “Security Report” in the subject line.
Aegisify will provide this Policy in an alternative reasonably accessible format upon request where required by law.






