Privacy Policy
Review the WSMS (formerly WP SMS) privacy policy to understand how we collect, use, and protect your personal information.
Who We Are
We are VeronaLabs OÜ, a company registered in Estonia.
- Address: Tornimäe 5, 10145 Tallinn, Estonia
- Company No: 16160131
- VAT No: EE102340516
We operate the following services:
- wsms.io — our marketing website for WSMS plugin and add-ons
- my.wsms.io — our customer portal for account management, purchases, and license management
For privacy-related inquiries, contact us at hi@veronalabs.com.
What Data We Collect
Account Registration
When you create an account on my.wsms.io, we collect:
- Full name
- Email address
- Billing address
- Payment information (processed securely by Stripe — we never store your card details on our servers)
Purchases
When you buy a plugin or add-on, we collect:
- Order details (products, pricing, date)
- License keys generated for your purchase
- Billing information required for invoicing
All payment processing is handled by Stripe. We do not store credit card numbers or sensitive payment data on our servers.
Plugin Usage
When you activate a license in the WSMS plugin, the plugin sends periodic license verification requests that include:
- Your site URL
- Plugin version
- License key
If you opt in to Share Anonymous Data in plugin settings, we also collect aggregated, non-personal usage statistics such as WordPress version, PHP version, database type, server software, locale, active theme and plugins, WSMS version, license status, and which plugin settings are enabled or disabled. We never collect API keys, message content, phone numbers, or your actual domain name (only a truncated SHA-256 hash).
For the full list of what is and isn’t collected, see our Share Anonymous Data documentation.
Contact and Support
When you contact us through our website, customer portal (my.wsms.io), or submit a support ticket, we collect:
- Name
- Email address
- Subject and message content
- Any attachments you include
Support tickets are managed through FreeScout, an open-source helpdesk system self-hosted on our own servers — your support data is not shared with any third-party service. If you voluntarily share site credentials for debugging purposes, we use them only to resolve your issue and recommend you change them afterward.
Newsletter
If you subscribe to our newsletter, we collect your email address. Newsletter emails are delivered through EmailOctopus. You can unsubscribe at any time using the link included in each email.
Website Analytics
We use Google Analytics 4 (via Google Tag Manager) and Microsoft Clarity to understand how visitors use our website. These services collect anonymized data including:
- Pages visited and time spent
- Browser type and device information
- Approximate geographic location (country/region level)
- Session recordings and heatmaps (Microsoft Clarity)
This data is collected using cookies and does not identify you personally.
How We Use Your Data
We use the data we collect to:
- Fulfill orders — process purchases, deliver license keys, and provide product updates
- Manage your account — maintain your account on my.wsms.io and verify licenses
- Provide support — respond to your questions and resolve issues
- Send communications — deliver newsletters and product announcements (only with your consent)
- Improve our products — analyze anonymous usage data to prioritize features and fix issues
- Ensure security — detect fraud and protect our services
- Comply with legal obligations — meet tax, accounting, and regulatory requirements
Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation, we process your data based on:
- Contract performance — processing purchases, delivering licenses, managing your account
- Consent — sending newsletters, collecting analytics data, gathering anonymous plugin usage statistics. You can withdraw consent at any time
- Legitimate interest — providing support, maintaining security, improving our products and services
- Legal obligation — retaining billing and tax records as required by Estonian law
Cookies and Tracking
Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Language preference (wsms.io) | Remember dismissed language suggestion | 30 days |
| Session cookies (my.wsms.io) | Keep you logged in to your account | Session / 2 weeks |
| Stripe cookies | Process payments securely | Per Stripe’s policy |
| Google Analytics (GA4) | Website analytics and traffic measurement | Up to 2 years |
| Microsoft Clarity | Session recording and heatmaps | Up to 1 year |
The wsms.io marketing site uses minimal cookies. Analytics cookies (GA4 and Clarity) are loaded only after you provide consent via our cookie banner.
Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| Google Analytics 4 | Website analytics | policies.google.com/privacy |
| Microsoft Clarity | Session recording & heatmaps | privacy.microsoft.com |
| Google Tag Manager | Tag management | policies.google.com/privacy |
| EmailOctopus | Newsletter delivery | emailoctopus.com/legal/privacy |
| Cloudflare | Hosting and CDN | cloudflare.com/privacypolicy |
| YouTube (privacy-enhanced mode) | Embedded video content | policies.google.com/privacy |
| Zapier | Embedded integration templates | zapier.com/privacy |
Data Sharing
We do not sell your personal data to third parties.
We share data only with:
- Stripe — to process your payments
- Google and Microsoft — for anonymized website analytics
- EmailOctopus — to deliver newsletter emails
- Cloudflare — for hosting and content delivery
- YouTube (via privacy-enhanced mode) — to display embedded video content on certain pages. No cookies are set by YouTube until you interact with the video player
- Zapier — to display embedded integration templates on integration pages. Zapier’s Partner SDK may set cookies when loaded
- Law enforcement — only when legally required to comply with valid legal processes
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While your account is active, plus 1 year after deletion |
| Purchase and billing records | As required by Estonian tax law (generally 7 years) |
| Contact form submissions | 1 year after resolution |
| Support tickets | 2 years after resolution |
| Newsletter subscriptions | Until you unsubscribe |
| Analytics data | Per each provider’s default retention settings |
| Anonymous plugin statistics | Aggregated indefinitely (contains no personal data) |
Your Rights Under GDPR
As a data subject, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate or incomplete data
- Erasure — request deletion of your personal data (“right to be forgotten”)
- Restriction — ask us to limit how we process your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — revoke consent at any time for consent-based processing
To exercise any of these rights, email us at hi@veronalabs.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee.
Data Security
We take appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit — all connections to wsms.io and my.wsms.io are encrypted via HTTPS/TLS
- Payment security — payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified. We never store card details on our servers
- Access controls — access to personal data is restricted to authorized personnel on a need-to-know basis
- Self-hosted support — support tickets are managed on our own servers via FreeScout, not shared with third-party helpdesk providers
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.
International Data Transfers
Your data may be processed outside the European Economic Area (EEA) by our third-party service providers (such as Google, Stripe, Cloudflare, and EmailOctopus). These providers operate under Standard Contractual Clauses (SCCs) or adequacy decisions approved by the European Commission to ensure your data is protected.
Children’s Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hi@veronalabs.com so we can delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the date at the top of this page. For material changes, we will notify registered users via email.
We encourage you to review this page periodically to stay informed about how we protect your data.
Contact Us
If you have any questions about this Privacy Policy or our data practices, contact us:
VeronaLabs OÜ Email: hi@veronalabs.com Website: wsms.io