Privacy Policy

Last updated: May 5, 2026

1. Data Controller

2. Overview

MyFeeds is a WordPress plugin that imports affiliate product feeds and stores them locally in the user's own WordPress database. This privacy policy covers the website myfeeds.site and the MyFeeds WordPress plugin.

3. Website (myfeeds.site)

3.1 Hosting

This website is hosted on GitHub Pages, a service provided by GitHub, Inc. (a subsidiary of Microsoft Corporation). When you visit this website, GitHub may collect and process your IP address and other technical data in server log files. This is necessary for the delivery of the website and constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. For more information, see GitHub's Privacy Statement.

3.2 Web Fonts (Google Fonts)

This website loads the "Outfit" font family from Google Fonts, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). When you visit a page on this website, your browser establishes a connection to Google's servers (fonts.googleapis.com and fonts.gstatic.com) to download the font files. As part of that request, your IP address, browser User-Agent string, and the URL of the page you visited are transmitted to Google. Google may log this request.

Google may transfer this data to servers located outside the European Economic Area, including the United States. Google is certified under the EU-U.S. Data Privacy Framework, which provides a basis for such transfers under Art. 45 GDPR.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a coherent visual presentation across browsers and devices). For more information, see Google's Privacy Policy and the Google Fonts privacy FAQ.

3.3 No Cookies, No Analytics

This website does not set first-party cookies, does not use Google Analytics or any other analytics tool, and does not run any advertising or remarketing pixels. We do not track your behaviour across pages or sessions.

4. MyFeeds WordPress Plugin

4.1 Local Data Storage

The MyFeeds plugin stores all imported product data locally in your WordPress database on your own server. No product data is transmitted to us or any third party. You are the sole data controller for all data stored in your WordPress installation.

4.2 Freemius SDK

The MyFeeds plugin uses Freemius, a third-party service, for license management, in-plugin checkout, and optional usage analytics. When you install and activate the plugin, Freemius may collect:

• Your site URL and WordPress version
• Plugin version and activation status
• Your email address (if you opt in or purchase a plan)
• Payment information (processed by Freemius via their payment provider, not stored by us)

You can opt out of usage tracking during plugin activation. For more information, see Freemius Privacy Policy.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) for license management, and Art. 6(1)(a) GDPR (consent) for optional usage analytics.

4.3 External Feed Downloads

The plugin downloads product feeds from affiliate network URLs that the user configures. These downloads are server-to-server requests from the user's WordPress server to the affiliate network (e.g., AWIN). No user or visitor data from the WordPress site is transmitted to affiliate networks through the plugin.

4.4 Click Analytics (Pro & Business plans)

Paid customers can enable a server-side click tracker that records which affiliate cards visitors click. When enabled by the WordPress site owner, the plugin stores the following row per click in the site's own database (no external transfer):

• Post ID, product ID, feed ID, network slug, brand
• Timestamp of the click
• An HMAC-SHA-256 hash of the visitor's IP address (the raw IP is never stored)
• An HMAC-SHA-256 hash of the visitor's browser User-Agent (the raw User-Agent is never stored)
• The host portion of the referring URL (e.g., example.com) — never the full URL or query parameters
• A flag marking whether the click came from a logged-in editor (so the site owner can exclude their own clicks from reports)

Detailed click rows are deleted automatically after the retention window the site owner configures (default: 365 days, minimum 30 days). Aggregated daily totals are kept indefinitely for historical reporting.

If you operate a WordPress site with this plugin and enable click analytics, you are the data controller for these rows. You must disclose this processing in your own privacy policy. The plugin ships with a ready-to-paste snippet at Tools → Privacy → Policy guide in your WordPress admin.

Legal basis (for the WordPress site owner toward their visitors): Art. 6(1)(f) GDPR (legitimate interest in measuring affiliate-link performance) or Art. 6(1)(a) GDPR (consent), depending on jurisdiction and any cookie banner in use.

4.5 Optional Google Analytics 4 Bridge (Pro & Business)

Paid customers can optionally route the same click events to Google Analytics 4 by entering their own GA4 Measurement ID in the plugin settings. This feature is OFF by default and is only activated by the site owner pasting an ID. When activated, the plugin:

• Loads Google's gtag.js tracking library from https://www.googletagmanager.com/gtag/js on the front-end of the site
• Sends a "select_item" e-commerce event to the GA4 property each time a visitor clicks an affiliate card
• Includes the post title, product title, brand, and affiliate network slug in the event payload (no IP, no User-Agent, no email, no name)
• Skips the event entirely for logged-in editors and devices marked as internal

Google Analytics 4 is operated by Google Ireland Limited; data may be transferred to Google LLC in the United States. Google is certified under the EU-U.S. Data Privacy Framework. Refer to Google's Privacy Policy for details on Google's processing.

If you operate a WordPress site and enable this bridge, you are responsible for obtaining valid consent from your visitors before gtag.js loads (typically via a cookie/consent banner). The plugin exposes a filter (myfeeds_ga4_should_emit) so a developer can gate the bridge behind any consent management platform. Legal basis (for the WordPress site owner toward their visitors): Art. 6(1)(a) GDPR (consent), to be obtained before activation on a per-visitor basis.

The MyFeeds website itself (myfeeds.site) does not use Google Analytics 4.

5. Contact Form

If you contact us via email at support@myfeeds.site, we process your email address, name (if provided), and message content to respond to your inquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). We delete your inquiry data after your request has been fully processed, unless legal retention obligations apply.

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — You can request information about whether and which personal data we process about you.
• Right to rectification (Art. 16 GDPR) — You can request correction of inaccurate personal data.
• Right to erasure (Art. 17 GDPR) — You can request deletion of your personal data, provided there is no legal obligation to retain it.
• Right to restriction of processing (Art. 18 GDPR) — You can request that we restrict the processing of your personal data under certain conditions.
• Right to data portability (Art. 20 GDPR) — You can request your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21 GDPR) — You can object to the processing of your personal data based on legitimate interests at any time.
• Right to withdraw consent (Art. 7(3) GDPR) — You can withdraw any previously given consent at any time with effect for the future.

To exercise any of these rights, contact us at support@myfeeds.site.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our business is:

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this privacy policy, or as required by law. Support email correspondence is deleted after 12 months unless a longer retention period is required for legal or contractual reasons.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.