Last updated: 18/12/2025

Who we are

WP Fix Free (“we,” “us,” “our”) provides a WordPress plugin that surfaces SEO opportunities using read-only data from Google Search Console. Our website is https://wpfixfree.com and our OAuth proxy is hosted at https://auth.wpfixfree.com.

What data we collect

  • Contact form submissions: name, email, subject, message (if you submit a form on wpfixfree.com).
  • Technical metadata: IP address and browser information for security, spam prevention, and service quality.
  • Plugin (Google Search Console) data: When you connect via Google OAuth, we obtain read-only GSC data for your properties (URLs/pages, impressions, clicks, CTR, average position, and related metrics) to display opportunities inside your WordPress admin. We do not request or perform write actions in GSC.

How we use your data

  • To respond to inquiries and provide support.
  • To operate and improve our services and plugin features.
  • To display SEO opportunity insights from your own GSC data inside your WordPress site.
  • For security, fraud, and abuse prevention.

OAuth, tokens, and storage

  • OAuth scope: openidemailhttps://www.googleapis.com/auth/webmasters.readonly (read-only).
  • Where tokens are stored: Access/refresh tokens are stored in your WordPress site’s database (not on our servers) to make authorized API calls to Google Search Console. Temporary one-time tokens are briefly held on our proxy (auth.wpfixfree.com) for 5–10 minutes to complete the handshake, then expire or are deleted.
  • No sharing: We do not sell or share your Google Search Console data with third parties.

Cookies

  • We may use essential cookies for site functionality and security on wpfixfree.com.
  • If we use analytics on wpfixfree.com, cookies may be used to understand site usage. (If you don’t use analytics, state “We do not use analytics cookies.”)

Third-party services

  • Google (OAuth and Search Console API, read-only).
  • Cloudflare (network/performance and security on auth.wpfixfree.com and/or wpfixfree.com).
  • Email/service desk (e.g., Brevo/Sendinblue or your provider) for contact form delivery and support.
  • Each provider processes data under its own privacy policy.

Data retention

  • Contact form submissions: retained as needed to respond and keep records, then deleted or anonymized.
  • OAuth temp tokens on the proxy: auto-expire within minutes.
  • Access/refresh tokens in WordPress: retained while you stay connected; removed when you disconnect or delete the plugin data.
  • GSC-derived opportunity data stored in your WordPress database remains under your control; you can delete it by disconnecting and/or removing the plugin data.

Your rights

  • You can request access, correction, or deletion of personal data we hold (e.g., contact submissions).
  • You can disconnect the plugin at any time to stop API access and remove stored tokens from your site.
  • To make a privacy request, contact us at: [email protected]

Security

  • OAuth flows use HTTPS; client secrets are kept server-side on our proxy.
  • Temporary tokens are one-time and short-lived; we restrict token/file access on the proxy.
  • We apply reasonable technical and organizational measures to protect data, but no system is 100% secure.

Children

Our services are not directed to children under 16, and we do not knowingly collect their data.

Changes to this policy

We may update this policy from time to time. Changes will be posted at this URL with an updated “Last updated” date.

Contact

If you have questions or requests about this policy or your data, contact us at: [email protected]