Privacy Policy

Account information

When you create a Structura account you provide your email address and, optionally, your first name, last name, and profile photo. You may sign in with an email magic link, Google OAuth, or GitHub OAuth. We store your account data in Firebase (Google Cloud) and assign you a unique user identifier.

License activation data

When you activate the Structura WordPress plugin on a site, the plugin transmits your license key, site domain, site name, WordPress version, and plugin version to our cloud service. A daily license-verification request ("heartbeat") sends the same data set so we can enforce plan limits and deliver update notices.

Payment information

Payments are processed exclusively by Stripe. We never receive or store your credit card number. Stripe shares a customer identifier with us so we can link subscriptions to your account. Stripe's privacy policy is available at https://stripe.com/privacy.

Content and integration data

If you connect third-party publishing channels (LinkedIn, Slack, Discord, Telegram, WhatsApp, or others), we store the OAuth tokens or webhook URLs you provide. These credentials are encrypted at rest with AES-256-GCM and are used solely to publish or notify on your behalf. When a post is generated, the post title, URL, status, and campaign identifier are sent to our cloud service to dispatch to your connected channels.

AI provider data

Structura supports OpenAI, Google Gemini, and Anthropic Claude for content generation. When you use the cloud suggestions feature, post content is sent to the provider you have configured. If you supply your own API keys they are stored locally in your WordPress installation and are not transmitted to Structura's servers.

Website visitor data

Our marketing website and documentation site do not use commercial analytics services, ad trackers, or tracking pixels. Standard web-server access logs (IP address, browser user-agent, requested URL, timestamp) may be retained for security and troubleshooting purposes.

We use the information described above to operate and improve the Service, including: verifying your license and enforcing plan entitlements; processing payments and managing subscriptions; publishing content to the channels you connect; generating AI-assisted content when you request it; sending transactional emails (license receipts, password resets, subscription changes); and diagnosing technical issues.

We share data only with the third-party providers necessary to deliver the Service. These include:

• Google Cloud / Firebase — hosting, authentication, database (Firestore), and cloud functions. Data is stored in the United States (us-central1).
• Stripe — payment processing and subscription management.
• OpenAI / Google Gemini / Anthropic — AI content generation, only when you initiate a generation request.
• LinkedIn, Slack, Discord, Telegram, WhatsApp — content publishing and notifications, only for channels you have explicitly connected.
• IndexNow (Bing, Yandex, Seznam, Naver, Yep) — search-engine URL submission for published posts.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Our web portal uses Firebase Authentication, which stores session tokens in browser local storage. We do not set additional tracking cookies. The WordPress plugin itself does not set cookies in your visitors' browsers.

Account data is retained for as long as your account exists. License activation records are retained for the duration of the license. Channel event logs (post dispatch records) are retained for up to 12 months for troubleshooting and analytics. Payment records are retained as required by applicable tax and accounting regulations. When you delete your account, we cascade the deletion to all associated licenses, activations, and connection records.

All data in transit is encrypted via TLS. OAuth tokens and API credentials stored in our database are encrypted at rest with AES-256-GCM. Access to production systems is restricted to authorized personnel. We follow Firebase and Google Cloud security best practices for infrastructure configuration.

Our cloud infrastructure is hosted on Google Cloud in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your data is transferred to and processed in the United States. We rely on Google Cloud's Standard Contractual Clauses and Stripe's approved transfer mechanisms to safeguard these transfers.

If you are located in the EEA you have the right to access, correct, or delete your personal data; restrict or object to certain processing; request data portability; and withdraw consent at any time. To exercise any of these rights, contact us at the address below. We will respond within 30 days. If you believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority.

If you are a California resident you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To submit a request, contact us at the address below. We will verify your identity before fulfilling the request and respond within 45 days.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through the Service. Your continued use of the Service after a change constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: