While the GDPR is changing how everyone handles and processes your personal information, we value your privacy and have always attempted to limit what information is collected, and how it is used. That said, the GDPR is making us take a fresh look at everything we do, so this document is being updated as necessary. Without further adieu…
The EWWW Image Optimizer (plugin and services) are provided by Exactly WWW LLC, located in the great state of Montana (USA). We do not rent or sell your information to anyone else. However, your information may be stored in systems that we do not own in the course of necessary business. Most information is stored indefinitely, unless you ask us to delete it, except as otherwise noted. The list below is current as of October 6, 2021.
Usage data and the free EWWW Image Optimizer
- The free version of the EWWW Image Optimizer is one of only two WordPress image optimization plugins that does not collect, send, or store any of your information by default.
- All data collected by usage tracking is completely anonymous. No email or personal IP address is collected, no exceptions!
Your credit card information
- If you use PayPal, they send us your name or business name, and your email address, which is no more than you’ve already provided at checkout.
Your physical address
- We don’t need your physical address, other than your country and zip/postal code. This is for validating your credit card information (via Stripe) and applying VAT.
- Our transaction database will store any address information you provide for the purpose of displaying it on your invoices. We have no intention of sending you mail, but if you’d like a t-shirt, let us know, and we’ll see what we can do!
Your email address
- We use MailChimp for all on-boarding emails and for sending you Tips & Updates. The on-boarding subscription is automatic (and non-marketing), but you may unsubscribe if you don’t like free advice. The Tips & Updates mailing list is optional, and can be selected at checkout.
- When you make a purchase, your email will be stored at ewww.io as part of your user account. This allows you to manage your purchased products, license keys, invoices, etc.
- Additionally, your email address is recorded in the license database, so that automated service notifications can be sent to you. There is no opt-out on these short of full account deletion, as it is purely transactional email: license activation, low credit notifications, and subscription reminders. We use Postmark for all transactional email messages, a product of Wildbit.
- If you leave a comment on our site, we collect your IP address, and browser user agent to aid in spam detection.
- Comments and related metadata are stored indefinitely so that we can recognize and automatically approve any follow-up comments instead of holding them for moderation.
- An anonymized string created from your email address (also called a hash) will be provided to the Gravatar service to see if you have set a profile picture. After approval of your comment, your profile picture is visible to the public in the context of your comment.
- This website uses Google Fonts. As such, Google logs requests for related CSS and font files.
- If you submit a question via the contact form or the help button, it will capture information about your browser, your IP address, and the page you are viewing. This helps so that we don’t tell you to go read something you already saw. The IP address and browser information allows us to assist you more quickly with purchase and login issues. This information, along with your message and email address will be stored in our Help Scout mailbox.
- This site retains security logs of every log-in attempt made. This information, including the public IP address, username and the status of your attempt, is used to help prevent unauthorized system access and maintain a high quality of service for everyone. For additional security, this web-site participates in a community-sourced attack traffic monitoring and mitigation program. In other words, if you enter your password incorrectly too many times, we send your IP address to the Blobfolio server(s) so they can see if you are a hacker or not. If you do this on multiple sites that use the community blacklist, your IP address will be published to a publicly available blacklist. This data is only retained while relevant for security purposes and is automatically removed after 30 days.
- All our Compress API servers are hosted in the United States. That means the files you submit for optimization will travel to the US, be optimized, sent back to you, and then deleted from our servers. The only time they are stored is if you enable the backup option. Then the files are stored for 30 days, and deleted. Files compressed on Premium Plus will be processed via our agreement with TinyPNG.
- Currently, we use servers hosted by DigitalOcean and WP Engine. We aggregate our logs with Logz.
Please see our DPA which addresses the specific requirements and rights of EU residents under the GDPR.
- Special note about Easy IO CDN: if you host your website in the EU, then we process your images via Easy IO servers in Frankfurt, Germany. The access logs on these servers do not contain the IP addresses of your visitors, and the application logs have only anonymized IP addresses forwarded to our log aggregator. In order to prevent blockage by security services like Cloudflare, the visitor IP addresses are further randomized so that they will not match the original, but will be accepted as valid IP addresses.
In rare circumstances, log anonymity is disabled to investigate a suspected attack. Once the threat is dispersed or mitigated, anonymity will be reinstated.
We employ various security measures to ensure that no one gains unauthorized access to your information. If someone ever does hack our servers, we will contact you via email as fast as humanly possible.
This site does not specifically target or market to children under the age of 13 years old.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obligated to keep for administrative, legal, or security purposes. Data erasure requests should also be sent via the contact form.
If you have other questions about information not covered here, send us an email and we’ll be glad to clarify.