Last updated: June 25, 2026
This Privacy Policy explains how Studio DPE (“we”, “us”, “our”), operating the website wp-polyfields.com, collects, uses, shares and protects your personal data when you visit our site, contact us, create an account, or purchase and use our WordPress plugins. We sell to customers worldwide, so this policy is written to address the GDPR (EU/EEA/UK), the CCPA/CPRA (California) and similar laws elsewhere.
1. Who is responsible for your data (Data Controller)
The data controller is:
Studio DPE (SARL)
21 rue du Bel Horizon, 34980 Saint-Gely-du-Fesc, France
988 711 180 RCS Montpellier
support@wp-polyfields.com
For any privacy request, please use our contact page or the email above.
2. What data we collect and why
Website visitors. When you browse the site, our hosting provider and analytics tools may record technical data such as your IP address, browser type, device information and pages viewed. This is used for security, to keep logs required by law, and to understand and improve how the site is used.
Contact form. We collect your last name, first name and email when you contact us. We use this only to respond to your request. Submissions are checked by Cloudflare Turnstile to prevent spam, stored on our server, and transferred to our email system (Infomaniak) and our Freshdesk support panel.
Comments. If you leave a comment, we collect the comment content, your name, email, website (if provided) and IP address. Comments may be checked through an automated spam detection service.
Account holders. If you register an account, we store the profile information you provide (such as name and email). You can view, edit or delete this information at any time, except your username.
Customers / purchases. When you buy one of our plugins, we collect the information needed to process the order and deliver the product: your name, billing email, billing address, country, the products purchased, license keys, order and invoice history, and any tax-relevant information. We also receive a transaction reference from our payment processor. We do not see or store your full card number — that is handled directly by the payment processor.
Plugin license and usage data. Our plugins, once installed on your website, communicate with our server (see Section 5).
Marketing (optional). If you opt in, we use your email to send updates and offers. You can withdraw consent at any time via the unsubscribe link or by contacting us.
3. Legal bases for processing (GDPR)
We process your data on the following bases:
- Performance of a contract — to process your purchase, deliver plugins and license keys, validate licenses, provide updates and support.
- Legal obligation — to retain invoices and accounting records, and to keep server logs.
- Legitimate interests — to secure our site, prevent fraud, spam and unauthorized use of our software, and to improve our products and services, in a way that does not override your rights.
- Consent — for non-essential cookies, analytics and marketing emails. You may withdraw consent at any time.
4. Our e-commerce platform and payment processing
Our store runs on the SureCart plugin and platform. SureCart uses a “headless” architecture: your order and customer data is processed and stored on SureCart’s secure cloud servers rather than inside our WordPress database. SureCart acts as a data processor on our behalf under a Data Processing Agreement.
Payments are processed through Stripe via SureCart’s payment integration. Card details are entered directly into the payment processor’s secure fields, so sensitive card data does not pass through or get stored on our website.
Because of this, when you make a purchase, your relevant personal data is shared with SureCart and the payment processor in order to complete and support your order.
- SureCart Privacy Policy: https://surecart.com/privacy-policy/
- Stripe Privacy Policy: https://stripe.com/privacy
5. License validation and automatic updates
The plugins we sell connect to our server on a regular, automated basis to verify that your license is valid and active, to enforce license terms (such as the number of sites permitted), and to deliver software updates.
During these checks, the plugin installed on your website sends us information such as: your license key, the website domain (URL) where the plugin is activated, the IP address of the requesting site/server, the plugin name and version, and the date and time of the check. We may also record basic technical environment details where needed to deliver compatible updates.
We process this data to perform our license agreement with you (delivering updates and support to valid license holders) and on the basis of our legitimate interest in preventing unauthorized use and distribution of our software. This data is linked to your customer account and retained for the duration of your license, plus any period required for accounting or legal purposes. If you deactivate the plugin or your license ends, these periodic checks stop.
6. Who we share your data with (recipients / processors)
We share data only with service providers who help us operate the website and store, each under appropriate agreements:
| Provider | Purpose | Privacy policy |
|---|---|---|
| Infomaniak | Hosting and email; server logs (may include IP addresses) | infomaniak.com/en/legal |
| SureCart | E-commerce platform, order and customer data processing | surecart.com/privacy-policy |
| Stripe | Payment processing | stripe.com/privacy |
| Cloudflare (Turnstile) | Spam prevention on forms | cloudflare.com/turnstile-privacy-policy |
| Freshdesk (Freshworks) | Customer support tickets | freshworks.com/privacy |
| Google Analytics | Audience measurement and statistics | policies.google.com/privacy |
We may also disclose data where required to comply with a legal obligation, court order or lawful government request. We do not sell your personal data.
7. International data transfers
Some of our providers (including SureCart, Stripe, Cloudflare, Google and Freshdesk) may process data on servers located outside your country, including outside the EU/EEA. Where personal data is transferred to a country that does not offer an equivalent level of protection, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and equivalent mechanisms, and on adequacy decisions where they apply.
8. Cookies
Cookies are small text files placed on your device when you load the site. We use them to make the site work, secure it, remember your preferences, and understand how it is used. You can change your preferences at any time via the “Manage cookies” link at the bottom of the site. Your consent applies to the entire wp-polyfields.com domain. Non-essential cookies are only set with your consent.
We also use first-party cookies for comments (saving your name, email and website for one year) and for login/screen-display preferences (login cookies last two days, or two weeks with “Remember me”; screen-option cookies last one year). These contain no data beyond what is needed for the stated purpose.
9. Embedded content from other sites
Pages may include embedded content (videos, images, articles, etc.) from other websites. Such content behaves as if you had visited the other site, which may collect data about you, set cookies, embed additional third-party tracking, and monitor your interaction with it.
10. How long we keep your data
- Order and invoice records: retained for the period required by accounting and tax law in our jurisdiction (10 years in France), even after you request deletion.
- Customer account and license data: kept while your account/license is active, then deleted or anonymized on request, subject to the retention above.
- Contact form / support tickets: kept as long as needed to handle and document your request.
- Comments and their metadata: retained to recognize and approve follow-up comments, until you ask us to remove them.
- Server logs: kept for the period required to meet our legal and security obligations.
11. Your rights
Depending on where you live, you have some or all of the following rights: to access your data, to correct it, to erase it, to restrict or object to processing, to data portability, and to withdraw consent at any time. We cannot erase data we are legally required to keep (e.g. invoices). To exercise any right, contact us using the details in Section 1; we will respond within the time limits set by applicable law.
EU/EEA/UK residents also have the right to lodge a complaint with a supervisory authority — for us, the CNIL.
California residents (CCPA/CPRA) have the right to know what personal information we collect and how it is used, to request deletion, to correct inaccurate information, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights.
12. Children’s privacy
Our website and products are not intended for children under 16 (or the age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it.
13. How we protect your data
We and our providers apply appropriate technical and organizational measures to keep your data secure, including encrypted (HTTPS) connections, restricted access, and payment processing handled by PCI-DSS-compliant providers.
14. Data breaches
In the event of a personal data breach likely to affect you, we will notify you and, where required, the relevant supervisory authority within the timeframe set by law (no later than 72 hours after becoming aware of it, where applicable).
15. A note about images you upload
If you are a registered user and upload images, we recommend removing EXIF GPS data first, as visitors could otherwise extract location information from them.
16. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest version. For significant changes, we will notify registered customers by email and/or by a notice on the site.