Privacy policy

Free tier (wordpress.org plugin)

The free tier of the ChurnStop plugin runs entirely inside the merchant's WordPress install and makes no outbound HTTP calls to any ChurnStop domain. Cancellation events, customer identities, and flow configurations all stay in the merchant's own WooCommerce database.

The free tier does use WordPress's standard plugin-update mechanism, which reaches wordpress.org to check for new versions. That traffic is governed by WordPress's own privacy policy, not this one.

Paid tiers

Paid tiers (Starter, Growth, Agency) transmit the following to ChurnStop's backend at api.churnstop.org:

License verification

• License key (issued at checkout; bound to the merchant's account)
• Site URL (so we can enforce the tier's site cap)
• Plugin version and WordPress version (so we can warn about incompatibilities)
• Platform identifier (currently always woocommerce)

Aggregated benchmark data (Growth and Agency only)

• Cancellation reason bucket (e.g. too_expensive, too_busy)
• Offer type shown and whether it was accepted
• Monthly subscription value in cents, rounded to the nearest $5 bucket
• A random, per-site event identifier (never the customer's email or WooCommerce user ID)

This data is used to generate cross-store benchmarks that Growth and Agency customers see in their dashboard ("stores like yours save 32% of cancellation attempts"). It is never sold, licensed to third parties, or used for marketing. Individual subscriber identities (email addresses, names, WordPress user IDs) are not transmitted. The free tier does not send any of this.

Winback email automation (Growth and Agency only)

When the merchant enables winback, ChurnStop does not send email directly. The plugin hands off to the merchant's own transactional email provider (Postmark, SES, SendGrid, whatever WordPress is configured to use) via a standard WordPress filter. Subscriber email addresses stay between the merchant's WordPress install and their own email provider; ChurnStop never sees the addresses.

GDPR, CCPA, and data subject rights

Because the free tier transmits no personal data and the paid tiers transmit only anonymized aggregates, neither tier produces a meaningful data subject record at ChurnStop. A paid-tier merchant whose subscriber invokes erasure (GDPR Article 17) or deletion (CCPA) has nothing to request from ChurnStop - the anonymized benchmark entry cannot be linked back to an identifiable person by design.

The plugin also ships a churnstop_data_export and churnstop_data_erase hook that integrate with WordPress core's personal-data exporter and eraser (Tools > Export Personal Data / Erase Personal Data). Data subject rights handled via WordPress core work with ChurnStop out of the box.

Cookies

The plugin sets no cookies on the merchant's customer-facing site. The customer portal at churnstop.org uses a single session cookie for authenticated account pages; no analytics or marketing cookies are set.

Analytics on this marketing site

We do not currently run any analytics on churnstop.org. When we do, it will be a privacy-respecting service (Plausible or Fathom) that does not set cookies, does not track across sites, and does not transmit IP addresses. Google Analytics and similar are not used.

Contact

Privacy questions or data subject requests: privacy@churnstop.org. We respond within 30 days for GDPR requests and within 45 days for CCPA requests.