Privacy Policy

Effective: 15 March 2026 Version 1.0

Contents

  1. Who we are
  2. Data we collect
  3. How we use your data
  4. Legal bases
  5. Data sharing
  6. International transfers
  7. Retention
  8. Your rights
  9. Cookies
  10. Children
  11. Changes
  12. Contact
We built Guardian Hub to help you manage WordPress sites. Your data belongs to you — we process only what is necessary to deliver the service and we never sell it to third parties.

01Who we are

Guardian Hub is operated by Bluix Group Ltd, a company registered in England and Wales (the "Company", "we", "us", "our").

For the purposes of UK GDPR and EU GDPR, Bluix Group Ltd is the data controller of personal data collected through guardianplug.com and all associated services.

Contact: privacy@guardianplug.com

02Data we collect

Account & identity data

  • Name, email address, and password (hashed)
  • Company name and billing address
  • VAT number (where applicable)

Payment data

Payment processing is handled entirely by Stripe, Inc. We do not store full card numbers. We receive and store tokenised payment identifiers and transaction records for billing purposes.

WordPress site data

  • Site URLs you register within the platform
  • Plugin and theme version data, update status, security scan results
  • Uptime and performance metrics
  • Backups you configure (stored in your chosen destination)

Usage & technical data

  • IP address, browser type and version, operating system
  • Pages visited, features used, actions performed within the dashboard
  • Error logs and diagnostic data

Communications

  • Support tickets and messages you send us
  • Email correspondence

03How we use your data

Purpose Data used
Providing and operating the service Account data, site data, usage data
Processing payments & invoicing Account data, payment data
Security monitoring & fraud prevention IP address, usage data, payment data
Customer support Account data, communications, site data
Product improvement & analytics Usage data (aggregated / anonymised)
Transactional emails (invoices, alerts) Email address, account data
Marketing emails (with consent) Email address, name
Legal & regulatory compliance All categories as required

04Legal bases (GDPR)

  • Contract performance – processing necessary to deliver the Guardian Hub service you subscribed to.
  • Legitimate interests – security, fraud prevention, product analytics, and direct marketing to existing customers (you may opt out at any time).
  • Legal obligation – VAT records, accounting obligations under UK/EU law.
  • Consent – marketing emails to prospects; optional cookies. You may withdraw consent at any time.

05Data sharing

We do not sell or rent your personal data. We share data only with trusted processors strictly necessary to operate the service:

Processor Purpose Location
Stripe, Inc. Payment processing USA (SCCs in place)
Netcup GmbH Server infrastructure Germany (EU)
Cloudflare, Inc. DNS, CDN, DDoS protection EU nodes used where possible
Mailcow / self-hosted Transactional email EU (Netcup servers)
Anthropic, PBC AI-powered features (Autopilot WP) USA (SCCs in place)

We may disclose data to law enforcement or regulatory authorities when required by applicable law.

06International transfers

Where we transfer personal data outside the UK or EEA, we rely on approved transfer mechanisms including Standard Contractual Clauses (SCCs) and adequacy decisions. A full list of transfer safeguards is available on request at privacy@guardianplug.com.

07Retention

  • Account data: retained for the duration of your subscription plus 3 years thereafter.
  • Payment & billing records: 7 years (UK legal requirement).
  • Support communications: 2 years from last interaction.
  • Usage logs: 12 months rolling.
  • Backups: as configured by you; you are responsible for your backup retention settings.

08Your rights

Under UK GDPR and EU GDPR you have the right to:

  • Access – request a copy of the data we hold about you.
  • Rectification – request correction of inaccurate data.
  • Erasure – request deletion, subject to legal retention obligations.
  • Restriction – request that we limit processing in certain circumstances.
  • Portability – receive your data in a structured, machine-readable format.
  • Objection – object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent – at any time, for consent-based processing.

Submit requests to privacy@guardianplug.com. We respond within 30 days. You also have the right to lodge a complaint with the ICO (UK) or your local supervisory authority (EU).

09Cookies

We use cookies and similar technologies. Full details are in our Cookie Policy. You can manage preferences through our cookie banner or your browser settings.

10Children

Guardian Hub is a professional SaaS platform. We do not knowingly collect data from persons under the age of 18. If you believe a minor has provided us with personal data, contact us immediately.

11Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by displaying a notice in the dashboard at least 14 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

12Contact

For all privacy-related enquiries:
Bluix Group Ltd
Email: privacy@guardianplug.com
Web: guardianplug.com