Privacy Policy

This Privacy Policy explains how VerseLabWP by BITSTRUCT SRL (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you visit our websites, purchase a license, or use our WordPress plugins and related services (the “Service”).

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1) Who we are (Controller)

BITSTRUCT SRL
Registered office: 8 Balta Pasărea Street, Tunari, Ilfov, Romania
Postal code: 077180
VAT No.: RO52627984
Email: [email protected]

2) What we do

We develop and sell WordPress plugins (e.g., NeuroPress AI, Duplicate Killer) that customers (“Clients”) use on their own or their clients’ sites for added functionality. Clients may then make those sites available to their end users (“End Users”).

In some cases, when Clients use our plugins on their own websites, they act as data controllers for their end users, while we act as an independent controller or processor only for the data we receive directly.

3) What data we collect

We collect and process the following categories (depending on your interaction with us):

  • Account/Billing data: name, email, company, billing address, country, VAT ID, license key(s), invoices, order history.

  • Support data: emails and attachments you send us, tickets, error logs you choose to provide.

  • Purchase data: payment status, transaction IDs, last 4 digits of card (if provided by the processor). We do not store full card numbers.

  • Usage/Telemetry (optional): anonymized diagnostics (e.g., plugin version, WordPress/PHP versions, site URL hashed or plain), activation events, and error signals—only if you enable telemetry in plugin settings.

  • Website analytics: IP (truncated/anonymized where supported), device/browser, pages viewed, timestamps, referrers (via the analytics tools you use).

  • Cookies: see section 10 and your Cookie Policy.

  • Communications: preferences, unsubscribes, and consent records.

  • Third-party integrations (optional): if a plugin uses external APIs (e.g., OpenAI/YouTube), we may pass minimal data needed to perform the feature (see 8).

  • Facebook Page data (optional): selected Page ID, Page name, encrypted Page access token, connection timestamps, scheduling metadata for queued posts.

4) How we obtain data

  • Directly from you when you buy a license, create an account, contact support, or opt into newsletters.

  • Automatically via our website (cookies, analytics) and license/telemetry endpoints (if enabled).

  • From payment processors after a successful purchase (non-sensitive metadata).

5) Purposes & lawful bases (GDPR Art. 6)

We process data for:

  • Provide and maintain the Service (licenses, downloads, updates, support) – Contract (Art. 6(1)(b)).

  • Account/admin & billing (invoicing, VAT, fraud prevention) – Contract & Legal obligation (Art. 6(1)(b),(c)).

  • Product improvement & debug (diagnostics, crash reports, telemetry if enabled) – Legitimate interests (Art. 6(1)(f)); where required, Consent (Art. 6(1)(a)).

  • Communications (transactional emails: license, expiry, important updates) – Contract & Legitimate interests.

  • Marketing (newsletters, product updates) – Consent; you can opt out anytime.

  • Security & abuse preventionLegitimate interests & Legal obligation.

  • Compliance & legal claimsLegal obligation & Legitimate interests.

  • Facebook publishing (optional integration) – Contract (feature requested by user) / Legitimate interests (maintaining connection and preventing abuse).

6) Retention

We retain personal data only as long as needed for the purposes above:

  • Billing & invoices: minimum statutory period (e.g., 5–10 years under applicable law).

  • Account & license: while active and up to 5-10 years after expiry for record-keeping and fraud prevention.

  • Support tickets: typically [2–3 years] after closure unless we need longer for legal reasons.

  • Telemetry/analytics: [12 months] (aggregate/anonymized may be kept longer).
    When no longer needed, we delete or irreversibly anonymize data.

  • Facebook data deletion
    If you previously connected NeuroContent to Facebook, you can disconnect it from the plugin settings at any time. Upon disconnect, we stop processing Facebook data and delete the stored Page tokens and related connection data from our servers within a reasonable time (or immediately where technically possible). You may also request deletion by contacting [email protected].
  • Detailed Facebook data deletion instructions are available at: [link]

7) Sharing & recipients

We share data with trusted processors solely to run the Service. Typical categories:

  • Payments: Stripe / SureCart 

  • Support/helpdesk: Email-based support (only when initiated by you)

  • Email delivery & newsletters: Not applicable

  • Analytics: Google Analytics

  • Error/telemetry: Not applicable

  • Hosting/CDN: ClausWeb, CDN

We require processors to sign data protection terms and process data only per our instructions. We do not sell personal data.

We may disclose data:

  • to comply with the law or lawful requests;

  • to protect our rights, users, or the public;

  • in connection with a merger, acquisition, or asset transfer (we’ll notify you if ownership or use of your data changes).

8) Third-party APIs & integrations (if used)

Some plugin features call external APIs to function (e.g., OpenAI, YouTube API Services, vision/transcription providers). Only the minimum necessary data is sent.

  • YouTube API Services (if enabled): By using a feature that replaces YouTube iframes or calls YouTube endpoints, you also agree to the Google Privacy Policy and YouTube Terms of Service.

  • OpenAI or similar: Prompts/content you send through such features are transmitted to the respective provider under their terms.

  • Facebook / Meta integration (NeuroContent)
    If you enable the Facebook integration in NeuroContent, you will be redirected to Meta (Facebook) to authorize our app. After you grant permissions, our service may receive and store:

    • your selected Facebook Page ID and Page name;

    • page access tokens needed to publish posts on your behalf (stored encrypted server-side);

    • basic connection metadata (e.g., connection time, token expiry status).
      We use this data only to provide the requested feature (publishing/scheduling posts to the Facebook Page you select) and to maintain the connection (e.g., refreshing tokens where applicable).
      You can disconnect the integration at any time from the plugin settings, which stops further publishing and revokes/clears stored tokens where applicable.

  • Meta Platform Terms
    This integration is subject to Meta Platform Terms and Policies.
    Meta Platforms Ireland Limited acts as an independent data controller for data it processes directly under its own policies.

Disable these features in plugin settings if you don’t wish to send data to those providers.

9) International transfers

Our processors may store data outside your country. Where data is transferred outside the EEA/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) to protect your data.

10) Cookies & tracking

We use cookies and similar technologies for:

  • Essential (login/session, security, licensing)

  • Preferences (language, UI)

  • Analytics (traffic, performance)

  • Email/Marketing (only if you consent)

For full details, please see our Cookie Policy (types, purposes, providers, retention, and how to manage consent). You can manage preferences via your browser and, where implemented, our cookie banner/consent tool.

Do Not Track: Browser DNT signals aren’t standardized; we do not respond to DNT at this time. This does not affect your statutory rights under GDPR.

Where required by law, non-essential cookies are set only after obtaining your consent.

 

11) Your rights (GDPR/UK GDPR)

Subject to law, you can:

  • Access your data;

  • Rectify inaccurate data;

  • Erase data (where applicable);

  • Restrict or object to processing;

  • Data portability (get a copy in a structured, machine-readable format);

  • Withdraw consent at any time (does not affect prior lawful processing);

  • Lodge a complaint with your local data protection authority (e.g., ANSPDCP in Romania).

To exercise rights, email [email protected]. We may need to verify your identity.

12) Security

We use technical and organizational measures appropriate to the risk (encryption at rest/in transit where applicable, access controls, least-privilege, backups). No system is 100% secure; we cannot guarantee absolute security.

13) Children

Our Service is not intended for children under 13 (or under the age required by local law). We do not knowingly collect data from children. If you believe a child has provided personal data, contact us to remove it.

14) Third-party links

Our sites/plugins may link to external sites. We’re not responsible for their practices. Review their privacy policies.

15) Changes to this Policy

We may update this Policy from time to time. We’ll post the updated version here. If changes are material, we may provide additional notice (e.g., email or banner). Continued use of the Service after the effective date means you accept the changes.

16) Contact

Questions or requests about privacy?
VerseLabWP by BITSTRUCT SRL [email protected]
Postal: 8 Balta Pasărea Street, Tunari, Ilfov, Romania

Go to VerseLabWP homepage
Where WordPress ends, custom development begins.
⭐ Review us on Trustpilot
Products
NeuroContent DuplicateKiller Office Hours Status
Company
Term of Use Privacy Policy Cookie Policy License
© Copyright 2025 BITSTRUCT SRL. All Rights Reserved.