Privacy Policy

Effective Date: February 17, 2026

This Privacy Policy describes how AOS Foundation, a division of Salvatore Systems ("we," "us," or "our"), collects, uses, and shares information in connection with your use of the AOS WP Governance website (wp-governance.com) and related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

• Contact Information: Name, email address, company name when you contact us or submit a form.
• Account Information: Email and billing details when you purchase a Pro or Agency license.
• Communications: Any messages you send us through email or contact forms.

1.2 Information Collected Automatically

• Usage Data: Pages visited, time on site, referring URL, browser type, and device information.
• Cookies: We use cookies and similar technologies for site functionality, analytics, and preferences. See Section 5 for cookie details.
• Log Data: IP address, access times, and pages viewed, collected by our web server.

1.3 Information We Do NOT Collect

• The AOS WP Governance plugin itself makes zero external API calls. No governance data, audit logs, policy configurations, or site content is ever transmitted from your WordPress site to our servers.
• We do not collect data about your WordPress site's content, users, or AI agent activity.

2. How We Use Your Information

• To provide, maintain, and improve the Service
• To process transactions and send related information
• To respond to your inquiries and support requests
• To send important updates about the Service (e.g., security patches, license changes)
• To analyze usage patterns to improve the website experience
• To comply with legal obligations

We never sell your personal information to third parties.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

• Consent: When you opt in to cookies or submit a contact form.
• Contract: When processing is necessary to fulfill a license purchase or support request.
• Legitimate Interests: For analytics and improving our Service, where these interests do not override your data protection rights.
• Legal Obligation: When required to comply with applicable law.

4. Your Rights (GDPR & CCPA)

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Delete your personal data ("right to be forgotten")
• Restrict processing of your data
• Data Portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interests
• Withdraw Consent at any time for consent-based processing
• Opt-Out of Sale (CCPA) — though we do not sell personal information

To exercise any of these rights, contact us at privacy@salvatoresystems.com.

5. Cookies & Tracking

We use the following categories of cookies:

5.1 Essential Cookies

Required for the website to function. These cannot be disabled. They include session management and cookie consent preferences.

5.2 Analytics Cookies

Help us understand how visitors interact with the site. We use privacy-focused analytics (self-hosted Matomo) that does not share data with third parties. You can opt out of analytics cookies via the cookie consent banner.

5.3 Preference Cookies

Remember your settings and choices (e.g., cookie consent selections). These expire after 12 months.

We do not use advertising or retargeting cookies. We do not use Google Analytics or any third-party tracking service that profiles users across sites.

6. Data Sharing

We may share your information with:

• Payment Processors: Stripe or Square for processing purchases. They have their own privacy policies.
• Hosting Providers: Netlify (website hosting) and infrastructure providers necessary to operate the Service.
• Legal Requirements: If required by law, regulation, or legal process.

We never share your data with advertisers, data brokers, or other marketing companies.

7. Data Retention

• Contact form submissions: Retained for 24 months, then deleted.
• Purchase records: Retained as required by tax/accounting regulations (typically 7 years).
• Analytics data: Aggregated and anonymized after 26 months.
• Cookie consent records: Retained for 12 months.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• TLS/HTTPS encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Access controls limiting data access to authorized personnel
• Regular security reviews and updates

9. International Transfers

Your data may be transferred to and processed in the United States. If you are in the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.

10. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries:

• Email: privacy@salvatoresystems.com
• Web: Contact Form
• Organization: AOS Foundation, a division of Salvatore Systems