Privacy Policy

While the GDPR is changing how everyone handles and processes your personal information, we value your privacy and have always attempted to limit what information is collected, and how it is used. That said, the GDPR is making us take a fresh look at everything we do, so this document is being updated as necessary. Without further adieu…

The EWWW Image Optimizer (plugin and services) are provided by Exactly WWW LLC, located in the great state of Montana (USA). We do not rent or sell your information to anyone else. However, your information may be stored in systems that we do not own in the course of necessary business. Most information is stored indefinitely, unless you ask us to delete it, except as otherwise noted. The list below is current as of October 25, 2018.

Usage data and the free EWWW Image Optimizer

  • The free version of the EWWW Image Optimizer is one of only two WordPress image optimization plugins that does not collect, send, or store any of your information by default.
  • The only exception to this is if you opt into the Usage Tracking feature, which will collect your WordPress administrator email for the purpose of sending you a free API key. All other data collected by usage tracking is completely anonymous. Your email address and/or Site URL/Address are not attached to the usage data captured by our systems. Free API keys, and the email associated with them, are removed after six months if you use all your credits, or do not use the key at all.

Your credit card information

  • This is the most sensitive data we handle. In fact, we technically don’t handle it. When you purchase something on our site, card information is sent directly to Stripe, a secure payment processor. This is done using a JavaScript request directly from your browser to Stripe. It is not routed through our server, and thus is never stored on our server. Ever.
  • If you use PayPal, they send us your name or business name, and your email address, which is no more than you’ve already provided at checkout.

Your physical address

  • We don’t need your physical address, other than your country and zip/postal code. This is for validating your credit card information (via Stripe).
  • Our transaction database will store any address information you provide for the purpose of displaying it on your invoices. I have no intention of sending you mail, sorry if you were hoping for a letter!

Your email address

  • We use MailChimp for all on-boarding emails and for sending you Tips & Updates. The on-boarding subscription is automatic, but you may unsubscribe if you don’t like free stuff. The Tips & Updates mailing list is optional, and can be selected at checkout. You can also signup for the newsletter via the sidebar widget on our site.
  • We make use of an Abandoned Cart email workflow provided by Carthook. If you start the checkout process, enter your email, and then leave the page, you will be automatically subscribed to a series of emails attempting to woo you back over the next week. You may stop this campaign at any time, and if you complete the checkout, the campaign will normally be stopped.
  • When you make a purchase, your email will be stored at ewww.io as part of your user account. This allows you to manage your purchased products, license keys, invoices, etc.
  • We validate all email addresses using a service called BriteVerify. They do not store your email address after verification has been completed.
  • Additionally, your email address is recorded in the license database, so that automated service notifications can be sent to you. There is no opt-out on these short of full account deletion, as it is purely transactional email: license activation, low credit notifications, and subscription reminders. We use Postmark for all transactional email messages, a product of Wildbit.

Comments

  • If you leave a comment on our site, we collect your IP address, and browser user agent to aid in spam detection.
  • Comments and related metadata are stored indefinitely so that we can recognize and automatically approve any follow-up comments instead of holding them for moderation.
  • An anonymized string created from your email address (also called a hash) will be provided to the Gravatar service to see if you have set a profile picture. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies

  • We use cookies primarily to prevent fraud, preserve your shopping cart, and to log you into your account at ewww.io. We also use them to track affiliate links, analyze usage patterns during your site visit, and measure website performance. Also…
  • We use Google Analytics, which means that cookies are used to collect non-identifying information. This is transmitted to servers in the United States owned by Google. Your IP address is tokenized, so that it cannot be traced back to you in any way. You may opt-out by installing a browser extension, like Google Analytics Opt-Out for Chrome.

Other

  • Our website and documentation pages includes embedded content, like videos hosted on YouTube. Embedded content behaves in the exact same way as if you had actually visit that external site. They may collect data about you, use cookies, and monitor your interaction with the content if you have an account and are logged into that external website.
  • This website uses Google Fonts. As such, Google logs requests for related CSS and font files.
  • If you submit a question via the contact form or the help button, it will capture information about your browser, your IP address, and the page you are viewing. This helps so that we don’t tell you to go read something you already saw. The IP address and browser information allows us to assist you more quickly with purchase and login issues. This information, along with your message and email address will be stored in our Help Scout mailbox.
  • This site retains security logs of every log-in attempt made. This information, including the public IP address, username and the status of your attempt, is used to help prevent unauthorized system access and maintain a high quality of service for everyone. For additional security, this web-site participates in a community-sourced attack traffic monitoring and mitigation program. In other words, if you enter your password incorrectly too many times, we send your IP address to the Blobfolio server(s) so they can see if you are a hacker or not. If you do this on multiple sites that use the community blacklist, your IP address will be published to a publicly available blacklist. This data is only retained while relevant for security purposes and is automatically removed after 30 days.
  • All our servers are hosted in the United States. That means the files you submit for optimization will travel to the US, be optimized, sent back to you, and then deleted from our servers. The only time they are stored is if you enable the backup option. Then the files are stored for 30 days, and deleted. Files compressed on Maximum Lossy will be processed via our arrangement with TinyPNG.
  • ExactDN will store your files (images, JavaScript, style sheets, etc.) on a global network of servers for up to one year. The front-end systems are powered by KeyCDN and usage is subject to their privacy policy. You may purge all your files from our servers anytime you like. None of your personally identifiable information is transferred to KeyCDN, and even when we occasionally enable more detailed logging for troubleshooting purposes, all IP addresses are anonymized. These logs are stored for a period of two months and then purged completely.
  • Currently, we use servers hosted by DigitalOcean, RamNodeSpeedyKVM and WP Engine. We aggregate and index our logs with Loggly.

We employ various security measures to ensure that no one gains unauthorized access to your information. If someone ever does hack our servers, we will contact you via email as fast as humanly possible.

This site does not specifically target or market to children under the age of 13 years old.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Data erasure requests should also be sent via the contact form.

If you have other questions about information not covered here, send us an email and we’ll be glad to clarify.