Rotozoom Plugins — Privacy Policy

Last updated: 2026-06-05

This Privacy Policy explains what data the Rotozoom family of WordPress / WooCommerce plugins (each, a "Plugin") transmits to external services, why, and how it is handled. It is published by LEDLIGHTINGS LTD. ("Rotozoom", "we", "us"), str. Stefan Stambolov 1, Zlatograd, Bulgaria, VAT No. BG204173724, contact support@rotozoom.com.

Short version: most Rotozoom plugins run entirely on your own server and send nothing externally. Only the optional cloud features (AI assistant, AI support chat, self-hosted licensing/updates and billing) transmit data — and even then only an anonymous installation ID, your site URL, and the specific content a feature needs. No customer names, emails or order records are sent unless someone types them into a chat themselves.

1. Scope & roles

This policy covers every Plugin distributed under the Rotozoom program. Many of them (for example Rotozoom Product Filter and Rotozoom Woo Conditions in their public builds) operate fully locally and make no external requests at all — for those Plugins this policy is informational only. Where a Plugin offers a cloud feature:

  • You, the site owner, are the data controller for any personal data your visitors enter.
  • Rotozoom acts as a data processor on your behalf and engages the sub-processors in Section 4.

If you operate in the EU/EEA or serve EU/EEA visitors, reference the relevant Plugin in your own privacy policy and, where required, conclude a Data Processing Agreement (DPA) with us — see Section 8.

2. What data is sent, by feature

Data leaves your site only for the features listed below. A Plugin that does not include one of these features sends the corresponding data never.

| Feature | Data sent | Destination | When

| AI Sales Assistant (Rotozoom Sales Assistant) | Chat message text (may contain personal data only if a visitor types it); your product catalogue per item — name, categories, attributes, price, stock status, image URL, derived search text; optional store-profile text you author. | Rotozoom API → Anthropic (reply) & Voyage AI (search index) | On each chat message and during product indexing

| AI Support Chat (Rotozoom Dashboard / utilities) | The support question text you or your staff type, plus plugin documentation context. | Rotozoom API → Anthropic | On each support question

| Licensing & updates (self-hosted builds only) | Installation ID and site URL; your Rotozoom account/licence identifier. Not present in the wordpress.org builds, which use the WordPress.org update system. | Rotozoom API | Periodic heartbeat / update checks

| Billing (PRO plans & credit packs) | Your payment details, handled directly by the payment processor. The Plugin never stores card data. | Stripe | At checkout

The installation ID is a randomly generated UUID (or, for licensed installs, an identifier derived from your Rotozoom licence). It is not tied to a named individual.

What is NOT sent: no Plugin transmits your customers' account details, email addresses, billing/shipping addresses, or order history. Those are only ever sent if a person voluntarily types them into a chat message.

3. Where data is processed

  • The Rotozoom API runs on Supabase infrastructure in the EU (West / Ireland) region.
  • Sub-processors (Section 4) may process data in the United States. Such transfers rely on the relevant provider's Standard Contractual Clauses and Data Processing Addendum.

4. Sub-processors

We share the minimum necessary data with the following providers, each only for the features that use them:

  • Supabase (Rotozoom API host) — stores chat history, usage counters, the product search index, credit balances and settings. supabase.com/privacy
  • Anthropic, PBC (Claude AI) — receives chat / support text and the relevant retrieved snippet to generate replies. Anthropic does not train its models on data submitted through its API. anthropic.com/legal/privacy
  • Voyage AI — receives product text to compute the numerical embeddings used for semantic product search. voyageai.com/privacy
  • Stripe — processes payments if you buy a PRO subscription or credit pack. stripe.com/privacy

5. What is stored, and for how long

  • On your own WordPress site: chat projects/messages, the local product index and plugin settings. You control these and can delete them at any time.
  • On the Rotozoom API: usage records, the product embedding index, credit/usage counters and settings, kept while the installation is active, to provide the service, enforce limits and prevent abuse.
  • Deletion: request deletion of all data tied to your installation ID at support@rotozoom.com. We delete within 30 days, except limited records we must retain by law (e.g. payment records).

6. Why we process data (purposes & legal basis)

  • To provide the cloud feature you chose to use (performance of the service).
  • To enforce free/PRO limits and the credit system, and to detect and prevent abuse (our legitimate interest in operating securely).
  • To process payments, where applicable (performance of a contract).

7. Your visitors' rights

Because you are the controller, requests from your visitors (access, deletion, objection, etc.) should be directed to you. We will assist you for any data held on the Rotozoom API in our role as processor.

8. Data Processing Agreement (DPA)

A DPA is available on request for site owners who require one under the GDPR. Contact support@rotozoom.com.

9. Children

The Plugins are business tools and are not directed at children. Do not use them to knowingly collect data from children under the age applicable in your jurisdiction.

10. Changes

We may update this policy as the service evolves. Material changes are reflected by the "Last updated" date above and, where appropriate, announced in the Plugin or on our website.

11. Contact

Questions about this policy or your data: support@rotozoom.com, LEDLIGHTINGS LTD., str. Stefan Stambolov 1, Zlatograd, Bulgaria.