Legal
Privacy Policy
April 25, 2026
1. Data Controller
The data controller for your personal data is RR Computing, a company incorporated in the Principality of Andorra, which markets the product under the WPtoCloud brand. You can contact us through the form at /contact.
2. Data We Collect
We collect only the data strictly necessary to provide the service: (a) Account and billing data: name or company name, email address, tax number (VAT/NRT), and postal address for invoicing. (b) Plugin technical data: the WordPress site domain where the license is activated and the associated license key. (c) Usage and error logs: anonymous or pseudonymised technical logs necessary for support and service security. (d) Communication data: content of messages sent through the contact form or support email. We do not collect or store AWS credentials, WordPress site passwords, or credit card data (the latter are handled directly by the payment processor Redsys).
3. Purposes and Legal Bases for Processing
We process your data for the following purposes and legal bases: (a) Contract management and service delivery — legal basis: performance of a contract (Art. 7(b) LQPD / Art. 6(1)(b) GDPR). (b) Invoicing and accounting/tax obligations — legal basis: compliance with legal obligations (Art. 7(c) LQPD / Art. 6(1)(c) GDPR). (c) Technical support communications and query responses — legal basis: performance of a contract or legitimate interest. (d) Commercial communications about the product (only with your consent or as an existing customer for similar products) — legal basis: consent or legitimate interest as applicable. (e) System security and fraud prevention — legal basis: legitimate interest (Art. 7(f) LQPD / Art. 6(1)(f) GDPR).
4. Data Retention
We retain your data for as long as necessary to fulfil the stated purposes and while an active contractual relationship exists. Once the relationship ends, data is blocked and retained for the applicable legal periods (generally 5 years for accounting and tax documents under Andorran law, or longer periods required by the applicable law in your country). After these periods, data is deleted or irreversibly anonymised.
5. Disclosure and International Transfers
We do not sell or transfer your personal data to third parties for their own commercial purposes. We may share data with the following recipients to the extent necessary to deliver the service: (a) Payment processor (Redsys): for transaction management, governed by their own privacy policies. (b) Transactional email provider: for sending activation, billing, and support emails. (c) Public authorities and courts: when required by law or court order. RR Computing is based in Andorra, which holds a European Commission Adequacy Decision (Decision 2010/625/EU), meaning data transfers from the EU/EEA to Andorra are lawful without additional safeguards.
6. Your Rights
In accordance with the LQPD and, for EU/EEA users, the GDPR, you have the right to: (a) Access your personal data. (b) Rectify inaccurate or incomplete data. (c) Erase your data ("right to be forgotten") when it is no longer necessary or you withdraw consent. (d) Restrict or object to processing in certain circumstances. (e) Data portability in a structured, machine-readable format. (f) Not be subject to automated decisions with significant effects. To exercise any of these rights, contact us at /contact enclosing a copy of your identity document. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Agència Andorrana de Protecció de Dades (APDA) or, if you reside in the EU, with the supervisory authority in your country of residence.
7. Data Security
RR Computing implements appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or accidental disclosure, including: TLS encryption in transit, role-based access control, access audit logs, and periodic security reviews. No internet transmission system is completely secure. In the event of a data breach affecting your data, we will notify you within the timeframes required by applicable law.
8. Cookies and Tracking Technologies
This website may use strictly necessary cookies for authenticated session management and language/currency preferences. We do not use advertising tracking cookies or share browsing data with advertising networks. If we incorporate analytics or third-party cookies in the future, we will update this policy and request your consent where required.
9. Minors
WPtoCloud services are intended exclusively for professionals and businesses. We do not knowingly collect data from individuals under 16 years of age. If you become aware that a minor has provided personal data through this service, please notify us via /contact so we can delete it.
10. Changes to This Policy
We may update this Privacy Policy periodically. When changes are material, we will notify you by email or via a notice in the Plugin administration panel at least 15 days in advance. The current version will always be available on this page with its update date.
11. Contact and Supervisory Authority
Controller: RR Computing, Principality of Andorra. Brand: WPtoCloud. Contact: /contact. Andorran supervisory authority: Agència Andorrana de Protecció de Dades (APDA) — https://www.apda.ad. EU/EEA users may also contact the data protection authority in their country of residence. Last updated: April 25, 2026.