Privacy Policy

At SRWorks LLC ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you visit srworks.co and use our WordPress plugins (ArmorPro, CitedPro, BoostPro). Please read this policy carefully.

1. Information we collect

Information you provide

We collect information you voluntarily provide when you:

• Purchase a license through our payment processor (Polar/Stripe)
• Contact us through our contact form or email
• Request support

This may include your name, email address, and payment information. Payment card details are processed securely by Polar via Stripe. We never see or store your card number.

Information collected automatically on our website

When you visit srworks.co, we collect basic analytics through Umami, a privacy-focused analytics platform we self-host on our own server. Umami is fully cookieless and does not track individual users. This may include:

• Pages visited and time spent
• Referring website
• Country (derived from IP, not stored individually)
• Browser type and device category

We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers.

2. Data collected by our plugins

Our plugins store data locally in your WordPress database on your server. This data is not transmitted to us unless explicitly stated below.

ArmorPro (Security)

ArmorPro collects security-related data to protect your site. All data is stored locally on your WordPress installation:

• IP addresses — Logged during login attempts and firewall blocks to identify threats and enforce lockouts
• Login attempt data — Timestamps, usernames attempted, success/failure status, and session information
• Geolocation data — Country name and code derived from IP addresses using a locally stored MaxMind GeoLite2 database (the database file is downloaded to your server; IP lookups happen locally, not via external API calls)
• User agent strings — Logged when firewall patterns are triggered
• 2FA secrets and passkey credentials — Stored locally in your database, never transmitted externally

ArmorPro does not send any of this security data to SRWorks or any third party. Everything stays on your server.

CitedPro (SEO & AI Visibility)

CitedPro collects bot and referral data to help you understand AI visibility. All data is stored locally:

• Bot visit data — Bot name, category, user agent, page URL, IP address, and visit timestamp for AI and non-AI crawlers that visit your site
• LLM referral data — When a human visitor arrives from an AI platform (ChatGPT, Perplexity, Claude, etc.), the referrer URL and landing page are logged
• Business information — Data you enter in the setup wizard (business name, description, services, products, FAQs, team members) is stored in your WordPress database and used to generate your llms.txt and cited-site-data.json files

Bot tracking is opt-in and disabled by default. Data retention is configurable (30 to 365 days) and automatically cleaned up.

BoostPro (Performance)

BoostPro collects minimal data, primarily for caching and optimization:

• Image metadata — File sizes and conversion status for WebP/AVIF optimization, stored locally in your database
• Cache files — Generated HTML, CSS, and JS cache files stored on your server's filesystem
• No visitor data — BoostPro does not collect or store any information about your site's visitors

3. External connections made by our plugins

Our plugins make the following outbound connections from your server:

• License verification — All three plugins periodically verify license status with our licensing server (api.srworks.co). This transmits only your license key and site URL. Occurs approximately once daily.
• Plugin updates — Plugins check for available updates via api.srworks.co, transmitting only the plugin slug and current version number.
• GeoIP database download (ArmorPro) — The MaxMind GeoLite2 country database is downloaded weekly from our server to yours. No user data is sent during this download.
• Google PageSpeed Insights (BoostPro) — When you use the PageSpeed analysis feature, your site's URL is sent to Google's PageSpeed Insights API via our proxy (api.srworks.co) to retrieve performance scores. This is only triggered manually or by a daily automated check you can disable.
• AI features (BoostPro, CitedPro) — When you use AI-powered features (PageSpeed summary, Smart Generate), your request is sent to our API proxy (api.srworks.co), which routes it to an AI provider (Anthropic, Google, or others). The AI provider receives only the content of your request, not your personal information or license details.
• Plugin telemetry — Our plugins send anonymous telemetry events to our API on activation, deactivation, and via a periodic heartbeat. Each event includes the plugin name and version, WordPress version, PHP version, license status (active or inactive), and a cryptographic hash of your site URL (we never see or store the actual URL). No personal information, site content, or visitor data is included. This helps us understand which WordPress environments our plugins run on and prioritize compatibility.

4. How we use your information

We use the information we collect to:

• Process your purchases and manage your license
• Provide customer support
• Send transactional emails (purchase confirmations, license keys, renewal reminders)
• Verify active licenses and deliver plugin updates
• Improve our products based on aggregated, anonymous usage patterns
• Comply with legal obligations

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Ever.

5. Third party services

We use the following third-party services:

• Polar (merchant of record) — Handles payment processing, license management, subscription billing, and tax compliance. Payments are processed securely via Stripe. Polar's privacy policy governs how they handle your payment data.
• Brevo — We use Brevo for transactional email delivery (contact form submissions, support replies) and email marketing. When you click a link in one of our emails, Brevo may identify you on our website using URL parameters (no cookies are set). Only the message content and your provided email address are transmitted to Brevo.
• Cloudflare — Our website is served through Cloudflare's CDN. Cloudflare may process IP addresses for security and performance purposes per their privacy policy.
• Affonso — Our affiliate tracking platform. If you arrive via an affiliate referral link, Affonso sets a cookie to attribute the referral. See the Cookies section below.
• MaxMind — ArmorPro uses a locally stored MaxMind GeoLite2 database for IP geolocation. No IP addresses are sent to MaxMind. The database file itself is downloaded periodically from our server.
• AI providers (Anthropic, Google) — When you use AI-powered features in our plugins, your request content is processed by third-party AI providers via our API proxy. No personal information or license data is included in these requests.

6. Cookies

Our website uses minimal cookies. We do not use third-party tracking or advertising cookies.

• Affiliate referral cookie — If you arrive via an affiliate link, a cookie (affonso_referral) is set for 60 days to attribute the referral. This contains only a referral identifier, no personal information.
• UTM tracking cookie — If you arrive via a marketing link, the campaign source is stored in a cookie for 30 days so we understand how visitors find us. No personal data is collected.

Our WordPress plugins do not set any cookies on your site's visitors.

7. Data retention

We retain data only as long as necessary:

• Purchase records — Retained for accounting and tax purposes as required by law
• Support correspondence — Retained for the duration of your subscription plus 12 months
• Plugin telemetry — Aggregated and anonymized within 90 days
• Plugin data on your server — Retention is controlled by you. ArmorPro auto-cleans expired sessions daily. CitedPro auto-cleans bot data based on your configured retention period (30 to 365 days). BoostPro cache files can be purged at any time.

8. Data security

We implement appropriate technical and organizational measures to protect your information, including HTTPS encryption on all connections, secure API authentication, and access controls on our servers. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Your rights

Depending on your location (including under GDPR, CCPA, and similar regulations), you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information
• Object to or restrict processing of your information
• Data portability (receive your data in a structured format)
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us. We will respond within 30 days.

For data stored locally by our plugins on your WordPress site (security logs, bot tracking data, cache files), you have full control. You can view, export, and delete this data at any time through each plugin's Tools section.

10. Children's privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

11. International transfers

SRWorks LLC is based in the United States. Our servers are hosted by Hetzner in the United States. If you are accessing our services from outside the United States, your information may be transferred to and processed in a jurisdiction with different data protection laws. By using our services, you consent to this transfer. We ensure appropriate safeguards are in place in accordance with applicable law.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. For significant changes, we may also notify customers by email. We encourage you to review this policy periodically.

13. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us.