Privacy Policy

Last Updated: December 2025

Introduction

Cirrusly Commerce ("we", "our", or "the Plugin") is a WordPress/WooCommerce plugin that helps online store owners manage Google Merchant Center compliance, financial auditing, and dynamic pricing. This Privacy Policy explains how we collect, use, and protect information when you use our plugin.

Information We Collect

1. Google Account Information (OAuth Users)

When you connect your Google account using "Connect with Google":

• Email Address: Your Google account email, used to identify your connection
• OAuth Tokens: Encrypted access and refresh tokens stored securely in your WordPress database
• Google Merchant Center ID: Your merchant account identifier

We do NOT access:

• Your Gmail or personal emails
• Google Drive files
• Google Calendar
• Any personal Google data outside of Merchant Center

2. Google Merchant Center Data

With your authorization, we access data via the Google Content API and Merchant API:

• Product Status: Information about your product listings and any policy violations
• Account Status: Your Merchant Center account health and issues
• Promotions: Active promotions linked to your merchant account
• Performance Metrics (Pro Plus): Click and impression data for your products
• Product Sync: We send your product data (titles, prices, inventory) to Google for listing

API Note: We are transitioning from the Content API for Shopping to the newer Merchant API following Google's recommended migration path. Both APIs use the same OAuth scope.

3. WooCommerce Store Data

The plugin accesses data already in your WordPress/WooCommerce installation:

• Product information (titles, prices, descriptions, SKUs)
• Cost of Goods Sold (COGS) data
• Order information for profit calculations
• Inventory levels

4. Technical Data

• WordPress site URL (for OAuth callback)
• Plugin version and configuration settings
• API usage metrics for rate limiting

How We Use Your Information

Google Merchant Center Integration

• Compliance Scanning: Check your products against Google's policies
• Real-Time Sync: Push price and inventory updates to Google (Pro feature)
• Issue Resolution: Display actionable fixes for Merchant Center violations
• Automated Discounts: Validate Google's pricing tokens for promotional pricing (Pro Plus)

Financial Calculations

• Calculate profit margins using your COGS and fee configurations
• Generate loss-maker reports and audit dashboards
• All financial calculations happen locally in your WordPress installation

Data Storage & Security

Local Storage (Your WordPress Database)

• OAuth tokens are encrypted using AES-256-CBC before storage
• All plugin settings stored in WordPress options table
• Financial calculations cached locally for performance

Cloud Service Worker

Our cloud service (api.cirruslyweather.com) acts as a secure proxy for Google API calls:

• What it receives: Your encrypted API credentials, product data for sync operations
• What it does NOT store: We do not permanently store your product data, financial information, or customer data
• Security measures:
  • All connections via HTTPS/TLS
  • Per-request authentication
  • Rate limiting and bot detection
  • No logging of sensitive credentials

Third-Party Services

Service	Purpose	Data Shared
Google APIs	Merchant Center integration	Product data, OAuth tokens
CleanTalk	Bot/spam protection	IP addresses (for security)
Freemius	License management	License key, site URL

Data Retention

• OAuth Tokens: Stored until you disconnect or they expire
• API Logs: Retained for 30 days for troubleshooting
• Plugin Settings: Retained until you uninstall the plugin

Your Rights

Access & Portability

You can export your plugin settings and data at any time from the WordPress admin.

Deletion

• Disconnect Google: Revokes access and deletes stored OAuth tokens
• Uninstall Plugin: Optionally removes all plugin data from your database

Revoke Google Access

You can revoke access at any time:

1. Via the plugin's Settings page ("Disconnect" button)
2. Via Google Account settings: https://myaccount.google.com/permissions

Children's Privacy

Cirrusly Commerce is a business tool for WooCommerce store owners. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be announced via plugin update notes.

Contact Us

For privacy-related questions:

• Email: privacy@cirruslyweather.com
• Website: https://cirruslyweather.com/privacy
• Support: https://cirruslyweather.com/support

Legal Basis for Processing (GDPR)

For users in the European Economic Area:

• Consent: You explicitly authorize Google account connection
• Legitimate Interest: Security logging, rate limiting, fraud prevention
• Contract: Processing necessary to provide the plugin's functionality

---

This privacy policy applies to the Cirrusly Commerce WordPress plugin and related cloud services.