Privacy Policy

IronSpectra, LLC (“IronSpectra,” “we,” “our,” or “us”) provides IronSpectra SiteVault (the “Service”), a WordPress backup and restore platform. This Privacy Policy explains what information we collect when you visit ironspectra.com, register for an IronSpectra account, install the SiteVault plugin, or connect a third-party cloud storage provider through the Service.

By using the Service, you agree to the practices described here. Defined terms not defined in this Policy have the meanings given to them in the Terms of Service.

1. Information We Collect

1.1 Information You Provide

• Account information. Name, email address, password hash, organization name, and billing address when you register for an IronSpectra account.
• Billing information. Payment is processed by Stripe, Inc. We receive the last four digits of the card, the brand, the country, and a Stripe customer identifier. We never receive or store full payment card numbers, CVCs, or bank credentials.
• Support correspondence. Any information you submit in support tickets, email replies, or in-product chat.

1.2 Information Collected Automatically

• Site telemetry. When the SiteVault plugin checks in with the license server, it sends the site URL, WordPress version, PHP version, plugin version, license key, and a backup activity summary (counts, sizes, success/failure status). It does not send the contents of your site, files, or database.
• Web analytics. When you visit ironspectra.com we log standard request metadata (IP address, user agent, referrer, requested URL, timestamp). We use this for security, abuse prevention, and aggregate traffic measurement.
• Cookies. A session cookie keeps you signed in. A consent preference cookie remembers your cookie choices. We do not use third-party advertising or cross-site tracking cookies.

1.3 Information From Cloud Storage Providers

When you connect a cloud storage provider (Google Drive, Microsoft OneDrive, Dropbox, Box, Backblaze B2, or Amazon S3) the provider returns an OAuth access token, refresh token, and the minimum profile information needed to identify the destination account (typically the account email and account ID). Tokens are encrypted at rest with AES-256 and are used solely to upload and retrieve your backup archives at your direction.

2. How We Use Information

• To provide, maintain, and support the Service.
• To process payments and issue, renew, suspend, or revoke licenses.
• To authenticate you, secure your account, and detect or prevent fraud and abuse.
• To send transactional emails (receipts, license keys, security alerts, expiry reminders). These are not promotional.
• To send product announcements only if you have opted in. You may opt out at any time using the unsubscribe link in any such email.
• To comply with legal obligations (tax, accounting, lawful process).

3. Limited Use of Third-Party OAuth Scopes

IronSpectra’s use of information received from third-party OAuth providers, including but not limited to Google APIs, Microsoft Graph, Dropbox, and Box, complies with each provider’s Limited Use and User Data policies, including the Google API Services User Data Policy and its Limited Use requirements.

Specifically, we affirm that data obtained through these APIs:

• Is used only to provide or improve user-facing features that are prominent in the Service (backup upload, restore, and storage management);
• Is never sold to anyone or used for advertising;
• Is never transferred to others except as necessary to provide or improve the Service, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users;
• Is neverread by humans except (a) with your affirmative agreement for specific messages, (b) as necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) in aggregate and anonymized form for internal operations consistent with each provider’s policy.

Backup archives uploaded to your connected provider are encrypted client-side with AES-256 before they leave your WordPress server. The symmetric keys are wrapped with an RSA-4096 keypair you generate; the private half never leaves your site. IronSpectra cannot decrypt the contents of your backups.

4. How We Share Information

We do not sell personal information. We share information only with:

• Service providers acting on our behalf under written data-processing agreements: Stripe (payments), Amazon Web Services (hosting), Cloudflare (CDN and DDoS protection), and Postmark (transactional email).
• Cloud storage providers you choose to connect. Backup data flows directly from your WordPress site to the provider you authorize; IronSpectra is not in the data path for backup contents.
• Legal and safety: when required by subpoena, court order, or applicable law, or to protect the rights, property, or safety of IronSpectra, our users, or the public.
• Business transfers: in connection with a merger, acquisition, or sale of all or substantially all assets, with notice to affected users.

5. Data Retention

• Account data is retained for as long as your account is active and for up to 24 months after closure for accounting, tax, and dispute-resolution purposes.
• Billing records are retained for at least 7 years to satisfy U.S. tax and accounting requirements.
• OAuth tokens are deleted within 30 days after you disconnect a provider or close your account.
• Telemetry logs are retained for 90 days, then aggregated or deleted.
• Backup archives live in storage you control. We do not retain copies. Deletion is governed by your retention settings in the plugin.

6. Security

We use industry-standard safeguards including TLS 1.2+ in transit, AES-256 at rest, scrypt-hashed passwords, scoped service-account keys, and least-privilege access controls. Backup contents are encrypted on your server with a key only you hold. No system is perfectly secure; you are responsible for safeguarding your account credentials, license key, and the RSA private key generated by the plugin.

7. International Transfers

IronSpectra is based in the United States and processes data on infrastructure located in the United States. If you access the Service from outside the U.S., you understand that information will be transferred to and processed in the U.S. Where required, we rely on the European Commission’s Standard Contractual Clauses for cross-border transfers.

8. Your Rights

Depending on where you live, you may have rights to access, correct, port, or delete personal information we hold about you, and to object to or restrict certain processing. To exercise these rights, email privacy@ironspectra.com from the address associated with your account. We will respond within 30 days.

California residentshave additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect, the right to delete, the right to correct, and the right to opt out of “sale” or “sharing” of personal information. We do not sell or share personal information as defined under the CCPA.

EEA, UK, and Swiss residents have rights under the GDPR and UK GDPR. The legal bases on which we rely are contract performance, our legitimate interests in operating and securing the Service, your consent (where applicable), and compliance with legal obligations. You have the right to lodge a complaint with your local supervisory authority.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact privacy@ironspectra.com and we will delete it.

10. Revoking Access & Closing Your Account

You can disconnect any connected cloud storage provider at any time from the SiteVault plugin settings or from your account at app.ironspectra.com. You may additionally revoke IronSpectra’s access from the provider’s own security dashboard:

• Google: myaccount.google.com/permissions
• Microsoft: account.live.com/consent/Manage
• Dropbox: dropbox.com/account/connected_apps
• Box: app.box.com/account → Security → Applications

To close your IronSpectra account entirely, email privacy@ironspectra.com.

11. Changes to This Policy

We may update this Policy from time to time. We will post the revised version here with a new effective date and, for material changes, notify active account holders by email at least 14 days before the change takes effect.

12. Contact

IronSpectra, LLC
Attn: Privacy
Email: privacy@ironspectra.com