Privacy Policy

Last updated:

This Privacy Policy explains how Pragmio ("we", "us") processes personal data when delivering the WordPress Malware Cleanup service and operating this website.

1. Data controller

Pragmio is the data controller for the processing described here. Contact: marcinp@pragmio.com, phone +48 501 093 775.

2. What we collect

• Contact details: name, email, phone/WhatsApp.
• Site and access data: domain, hosting provider, temporary WordPress admin, SFTP/SSH or cPanel credentials you provide for remediation.
• Operational records: technical notes, logs, file diffs, database queries, screenshots needed to evidence the cleanup.
• Payment information: handled by our payment processor (e.g., Stripe). We receive transaction identifiers and status, not full card details.
• Website telemetry: minimal analytics if enabled (see Cookies & analytics). We do not sell your data.

3. Purposes and legal bases

• Provide the service and support (GDPR Art. 6(1)(b) contract): triage, remediation, reporting, warranty handling.
• Security and abuse prevention (Art. 6(1)(f) legitimate interests): protect accounts and infrastructure, detect fraud/abuse.
• Payments and invoicing (Art. 6(1)(b) and (c) contract/legal obligation): process fees and meet tax/accounting duties.
• Communication (Art. 6(1)(b) contract or (a) consent where required): status updates by email/phone/WhatsApp.
• Analytics (Art. 6(1)(a) consent): optional measurement to improve the site; disabled by default unless you consent.

4. Retention

• Operational artifacts (evidence pack, logs) are retained up to 90 days for warranty/audit, then deleted, unless law requires longer retention.
• Invoices and accounting records are retained per applicable law (typically 5–6 years).
• Backups created during remediation may be deleted after delivery unless you ask us to transfer them.

5. Sharing and processors

We use trusted processors only to the extent necessary, for example: payment processing (e.g., Stripe), hosting/WAF and infrastructure providers, incident tooling/scanners, communications and email providers. Each processor is bound by contract and processes data only on our instructions.

6. International transfers

Where data is transferred outside the EEA/UK (e.g., to the United States), we rely on appropriate safeguards, such as the EU Standard Contractual Clauses or other lawful mechanisms, and apply additional security controls.

7. Security

• Encryption in transit; least‑privilege access; credential rotation recommendations post‑incident.
• Operational access is restricted to personnel who need it to perform the service.
• We request that you provide temporary credentials and revoke them after completion.

8. Your rights

Subject to law, you have rights to access, rectify, erase, restrict or object to processing, and data portability. Where processing is based on consent, you may withdraw it at any time without affecting prior processing. You also have the right to lodge a complaint with your local supervisory authority (for Poland: President of the Personal Data Protection Office – UODO).

9. Cookies & analytics

• Strictly necessary cookies may be used for security and basic site delivery.
• Analytics (e.g., GA4) are used only with your consent. You can change preferences via your browser’s cookie settings or blockers. If consent is off, we do not load analytics scripts.

10. Children

Our services are for business users. We do not knowingly collect data from children under applicable age thresholds.

11. Changes

We may update this Policy from time to time. Material changes will be indicated by updating the date above.

Contact

Email: marcinp@pragmio.com • Phone: +48 501 093 775