Security & Compliance
WPFlareMail relies on modern edge computing to keep your data secure, stay strictly out of PCI scope, and handle global data privacy laws by default.
verified_user PCI Compliance (Payments) Fully Compliant
We have zero PCI scope. Our databases never touch, process, or store your credit card numbers. We entirely offload checkout, storage, and subscription management to the Stripe Customer Portal.
vpn_key End-User Privacy Compliant by Design
The WPFlareMail plugins communicate strictly between your WordPress site and your Cloudflare account. We don't run a centralized SaaS dashboard that intercepts or stores your email logs. Because we aren't pulling sensitive email data back to our own servers, you maintain total ownership over your end-user data.
cookie GDPR & CCPA Fully Compliant
We use a Cloudflare Worker to check your visitor region on the fly:
- EU Visitors (GDPR): We block Google Analytics entirely. We don't track anything until you click "Accept All".
- Global Visitors (CCPA): Tracking fires normally so we can see how the site performs, but the cookie banner stays up so you can opt out if you change your mind.
folder_managed Data Portability and Erasure (GDPR/CCPA) Fully Compliant
Data Portability
You can download a clean JSON export of everything we have on file for you directly from your dashboard. This includes your ID, connected Cloudflare domains, and active license keys.
Right to Erasure (Soft Deletes)
If you hit "Delete Account", you'll be logged out instantly and your plugin licenses will stop working. Your entire database row is then queued to be permanently wiped within exactly 30 days.
The Fine Print
If you need the exact legal bounds of how we handle data and liability, check out our official policies.