Privacy Policy

While the GDPR is changing how everyone handles and processes your personal information, we value your privacy and have always attempted to limit what information is collected, and how it is used. That said, the GDPR is making us take a fresh look at everything we do, so this document is being updated as necessary. Without further adieu…

We do not rent, sell, or share your information with anyone else. However, your information may be stored in systems that we do not own in the course of necessary business. Most information is stored indefinitely, unless you ask us to delete it, except as otherwise noted. The list below is current as of May 10, 2018.

Usage data and the free EWWW Image Optimizer:

  • The free version of the EWWW Image Optimizer is one of two WordPress plugins that does not collect, send, or store any of your information by default.
  • The only exception to this is if you opt into the Usage Tracking feature, which will collect your WordPress administrator email for the purpose of sending you a free API key. All other data collected by usage tracking is completely anonymous. Your email address and/or Site URL/Address are not attached to the usage data captured by our systems. Free API keys, and the email associated with them, are removed after six months if you use all your credits, or do not use the key at all.

Your credit card information:

  • This is the most sensitive data we handle. In fact, we technically don’t handle it. When you purchase something on our site, card information is sent directly to Stripe, a secure payment processor. This is done using a JavaScript request directly from your browser to Stripe. It is not routed through our server, and thus is never stored on our server. Ever.
  • If you use PayPal, they send us your name or business name, and your email address, which is no more than you’ve already provided at checkout.

Your physical address:

  • We don’t actually need your physical address, other than your country and zip/postal code. However, when you sign up for a subscription, the software we use asks for it anyway. If you refresh the page, it will only require your country and zip/postal code. This is for validating your credit card information.
  • Our back-end database will store any address information you provide for the purpose of displaying it on your invoices. I have no intention of sending you mail, sorry if you were hoping for a letter!

Your email address:

  • We use MailChimp for all on-boarding emails and for sending you Tips & Updates. The on-boarding subscription is automatic, but you may unsubscribe if you don’t like free stuff. The Tips & Updates list is optional, and can be toggled at checkout. You can also signup for the newsletter via the sidebar widget on our site. If you ask us to delete your ewww.io account, we will not alter your mailing list subscriptions. Those are left completely up to your discretion.
  • We make use of an Abandoned Cart email workflow provided by Carthook. If you start the checkout process, enter your email, and then leave the page, you will be automatically subscribed to a series of emails attempting to woo you back over the next week. You may stop this campaign at any time, and if you complete the checkout, the campaign will normally be stopped.
  • When you make a purchase, your email will be stored at ewww.io as part of your user account. This allows you to manage your purchased products, license keys, invoices, etc.
  • Additionally, your email address is recorded in the API system database, so that automated service notifications can be sent to you. There is no opt-out on these short of full account deletion, as it is purely transactional email: license activation, low credit notifications, and subscription reminders.

Cookies and other stuff:

  • We use cookies primarily to prevent fraud, preserve your shopping cart, and to log you into your account at ewww.io. We also use them to track affiliate links, analyze usage patterns during your site visit, and measure website performance. Also…
  • We use Google Analytics, which means that cookies are used to collect non-identifying information. This is transmitted to servers in the United States owned by Google. Your IP address is tokenized, so that it cannot be traced back to you in any way. You may opt-out by installing a browser extension, like Google Analytics Opt-Out for Chrome.
  • If you submit a question via the contact form or the help button, it will capture similar information and the page you are viewing. This helps so that I don’t tell you to go read something you already saw. Help Scout privacy policy.
  • All our servers are hosted in the United States. That means the files you submit for optimization will travel to the US, be optimized, sent back to you, and then deleted from our servers. The only time they are stored is if you enable the backup option. Then the files are stored for 30 days, and deleted. Files compressed on Maximum Lossy will be processed via our arrangement with TinyPNG.
  • ExactDN will store your files (images, JavaScript, style sheets, etc.) on a global network of servers for up to one year. The front-end systems are powered by KeyCDN and usage is subject to their privacy policy. You may purge all your files from our servers anytime you like. None of your personally identifiable information is transferred to KeyCDN, but we occasionally enable more detailed logging for troubleshooting purposes which will log the IP addresses of visitors to your site. These logs are stored for a period of two months and then purged completely.
  • Currently, we use servers hosted by DigitalOcean, RamNodeSpeedyKVM and WP Engine. We aggregate and index our logs with Loggly.

We do everything we can to ensure that no one else sees any of this information. If someone ever does hack our servers, we’ll be in touch…

If you have other questions about information not covered here, send us an email and we’ll be glad to clarify.