AAdvanced Subscriptions for WooCommerce
ENES Sign in Buy plugin
AAdvanced Subscriptions
Features Pricing Docs Changelog Contact — Español
Sign in Buy the plugin →
Legal

Data Processing Agreement

Where the plugin and your store sit in the GDPR processor chain.

Last reviewed: 2026-05-27

The short version

Advanced Subscriptions for WooCommerce is a self-hosted plugin. It runs entirely on the WordPress installation you control. We — José Conti as the publisher — do not receive, store or process your customers' personal data through the plugin. Your hosting provider does; we don't.

That means in GDPR terms, you are the controller of your customers' data. The plugin is a tool you use as part of that processing. There is no third-party data flow to us as a result of installing or running the plugin on your site.

What we do collect — and only here

The only personal data we (the publisher) handle is what you provide when you buy the licence or contact us:

  • Order data — name, billing address, email, VAT ID where applicable. Processed to issue the invoice and fulfil the licence contract.
  • Licence activations — your licence key plus the domain(s) where it's activated, to enforce the per-site limit and serve plugin updates.
  • Support correspondence — emails you send to support, plus any context you choose to share.

Full details of how this data is handled, the legal basis, retention period and your rights are in the Privacy policy.

Sub-processors used by the publisher

For the data above (orders, licences, support):

Sub-processorPurposeRegion
StripePayment processing for plugin purchasesEU / US (SCCs)
PayPalPayment processing for plugin purchasesEU / US (SCCs)
Email serviceTransactional email (receipts, licence renewal reminders, support)EU
Hosting providerWebsite & licence-server hostingEU

No data collected by the plugin running on your store is ever sent to any of the above. The plugin only contacts the licence server with your licence key and site URL to validate updates — that contact is between your server and ours, and contains no customer data.

What the plugin processes on your servers

When customers use a subscription on your store, the plugin reads and writes the following kinds of data, all of it inside your own WordPress database:

  • Customer profile (name, email, address) that already exists in WooCommerce.
  • Subscription state (active, paused, cancelled, expiry date, next renewal).
  • Order & renewal-order history for that customer.
  • Tokenised payment-method references (the actual card data is held by the gateway — Stripe, PayPal, WooPayments, Redsys — not by the plugin).
  • Plugin-specific meta keys documented in /includes/meta/ (see Developer API).

For this layer, you remain the controller; your hosting provider, your email provider and your payment gateway are your sub-processors. You are responsible for executing DPAs with them and disclosing them in your own privacy notice.

Signed DPA on request

If your compliance team needs a signed Data Processing Agreement covering our role as a publisher (orders, licences, support data), write to j.conti@joseconti.com. We respond within 5 business days with our standard DPA template — GDPR-aligned, with Standard Contractual Clauses for any non-EU sub-processors.

International transfers

Any transfer of personal data outside the EEA is covered by the European Commission's Standard Contractual Clauses (SCCs). We do not transfer your customers' data anywhere because we never receive it.

Changes

Updates to this agreement are listed on this page with the "Last reviewed" date above. Material changes are also announced in the changelog.

Contact

DPA / privacy questions: j.conti@joseconti.com.