Processor Policy
Effective Date: October 16 2025
PART I: INTRODUCTION
This Processor Policy (“Processor Policy”) establishes WPChat’s approach to compliance with applicable data protection laws (and, in particular, European laws) when processing personal information on behalf of a third-party controller.
Scope of this Processor Policy
This Processor Policy applies when we process personal information as a processor on behalf of a third-party controller, including when the personal information is transferred to a group member for processing. This Processor Policy applies regardless of whether our group members process personal information by manual or automated means.
The Material Scope of this Processor Policy
The material scope of this Processor Policy is set out in Appendix 2. This describes the types of personal information, data subjects, and transfers that are protected by this Processor Policy.
Responsibility Towards the Customer
As a data processor, WPChat will have a number of direct legal obligations under applicable data protection laws. In addition, the Customer will also pass certain data protection obligations on to WPChat in its contract appointing WPChat as its processor.
When a Customer transfers personal information to a group member for processing in accordance with this Processor Policy, a copy of this Processor Policy shall be incorporated into the contract with that Customer. If a Customer chooses not to rely upon this Processor Policy when transferring personal information to a group member outside Europe, that Customer is responsible for implementing other appropriate safeguards in accordance with applicable data protection laws.
Important Terms used in this Processor Policy
For the purposes of this Processor Policy:
- the term applicable data protection laws include the data protection laws in force in the territory in which the controller of the personal information is located. Where a group member processes personal information on behalf of a European controller under this Processor Policy, the term applicable data protection laws shall include the European data protection laws applicable to that controller (including Europe’s General Data Protection Regulation, when applicable);
- the term controller means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal information. For example, WPChat is a controller of its Customer data and staff data;
- the term Customer refers to the third-party controller on whose behalf WPChat processes personal information. This includes WPChat’s third-party customers, when we process personal information on their behalf in the course of providing data processing services to them;
- the term WPChat Platform is defined in Appendix 2 (Processor);
- the term Europe (and European) as used in this Policy refers to the Member States of the European Economic Area – that is, the Member States of the European Union plus Norway, Liechtenstein and Iceland;
- the term group member means the members of WPChat’s group of companies listed in Appendix 1;
- the term personal information means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The term personal information shall include any information that is “personal data”, “personally identifiable information”, “personal information” and any analogous concept under applicable data protection laws;
- the term processing means any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- the term processor means a natural or legal person which processes personal information on behalf of a controller. For example, WPChat is a processor of the personal information it processes to provide services to its Customers;
- the term Processor Policy refers to this Processor Policy. The Processor Policy applies where WPChat processes personal information as a processor on behalf of a third party controller;
- the term sensitive personal information means information that relates to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation. It also includes information about an individual’s criminal offences or convictions, as well as any other information deemed sensitive under applicable data protection laws;
- the term staff refers to all employees, new hires, individual contractors and consultants, and temporary staff engaged by any WPChat group member.
How to Raise Questions or Concerns
If you have any questions regarding this Processor Policy, your rights under this Processor Policy or applicable data protection laws, or any other data protection issues, you can contact WPChat at https://wpchat.com/contact/.
WPChat will ensure that changes to this Policy are notified to the group members and to individuals whose personal information is processed by WPChat.
PART II: OUR OBLIGATIONS
This Processor Policy applies in all situations where a group member processes personal information as a processor anywhere in the world. All staff and group members will comply with the following obligations:
- We will ensure that processing is compliant with applicable law and this Processor Policy.
- We will cooperate with and assist the Customer to comply with its obligations under applicable data protection laws in a reasonable time and to the extent reasonably possible.
- We will, to the extent reasonably possible, assist a Customer to comply with the requirement to explain to individuals how their personal information will be processed.
- We will process personal information on behalf of, and in accordance with the instructions of, the Customer.
- We will assist our Customer to keep the personal information accurate and up to date.
- We will assist our Customer to store personal information only for as long as is necessary for the purpose for which the information was initially collected.
- We will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk to the personal information we process on behalf of a Customer.
- We will notify a Customer of any security incident that we experience if it presents a risk to the personal information we process on the Customer’s behalf.
- We will appoint external sub-processors who protect personal information to a standard that is consistent with this Processor Policy and our contractual terms with Customers.
- We will assist a Customer to respond to queries or requests made by individuals in connection with their personal information.
- We will not transfer personal information internationally without ensuring adequate protection for the information in accordance with applicable law.
PART V: RELATED POLICIES AND PROCEDURES
APPENDIX 1 – LIST OF WPChat GROUP MEMBERS
The list below provides the WPChat group members which are bound by WPChat’s “Processor Policy”.
- Awesome Motive Inc
- WPBeginner
- OptinMonster
- WPForms
- MonsterInsights
- All in One SEO
- SeedProd
- WP Mail SMTP
- WPChat
- PushEngage
- Easy Digital Downloads
- AffilaiteWP
- WP Simple Pay
- SendLayer
- WPCode
- SearchWP
- RafflePress
- TrustPulse
- Charitable
- Sugar Calendar
- Thrive Themes
- Duplicator
- UserFeedback
- Envira Gallery
- Imagely
- Photocrati
- Soliloquy
- Beacon
- BuddyBoss
- LowFruits
- AccessAlly
APPENDIX 2 – MATERIAL SCOPE OF THIS PROCESSOR POLICY
- Background
- WPChat’s “Processor Policy” provide a framework for the transfer of personal information between WPChat group members.
- This Appendix 2 sets out the material scope of the Processor Policy. It specifies the data transfers or set of transfers, including the nature and categories of personal information, the type of processing and its purposes, the types of individuals affected, the identification of the third country or countries and lists the WPChat products that are covered by the Processor Policy.
- Important terms used within this Appendix
The following terms have the following meanings:
“Customer Services” means services provided by WPChat to Customers through the WPChat Platform.
“WPChat Platform” means the platform provided by WPChat to its Customers.
- Content data
| Who transfers the personal information described in this section? | Every WPChat group member inside of the European Economic Area (“EEA”) may transfer the personal information that they process on behalf of a third-party Controller described in this section to every other WPChat group member inside and outside of the EEA.Every group member outside of the EEA may also transfer the personal information that they process on behalf of a third-party Controller described in this section to every WPChat group member inside and outside of the EEA.Transfers made directly from a third-party Controller (whether inside or outside of the EEA) directly to a group member as processor (whether inside or outside of the EEA) will also be within the scope of the Processor Policy. |
| Who receives this personal information? | Every WPChat group member outside of the EEA may receive the personal information described in this section which is sent to them by other WPChat group members or third-party controllers inside and outside of the EEA.Every group member inside of the EEA may also receive the personal information described in this section which is sent to them by other WPChat group members or third-party controllers inside and outside of the EEA. |
| What categories of personal information are transferred? | Personal information of individuals processed by WPChat as a processor in the course of delivering Customer Services. The type and nature of personal information that data subjects choose to enter into WPChat’s services are determined by the data subject. |
| What categories of sensitive personal information (if any) are transferred? | WPChat group members do not intentionally collect or process any sensitive personal information on behalf of controllers, unless expressly authorized and instructed by a respective Customer. |
| Who are the types of individuals whose personal information are transferred? | Individuals whose personal information is processed by WPChat on behalf of its Customers through the WPChat Platform. |
| Why is this personal information transferred and how will it be used? | Providing Customer Services including:operating the WPChat Platform and performing Customer Services through the WPChat Platform;reporting on the use of the Customer Services by a Customer;security maintenance;Support services including:providing (local and remote) assistance to Customers and end users in the use of the WPChat Platform;WPChat generation of service level reports or other reports on a Customer’s use of WPChat products or services for Customer management information purposes;Customer-specific custom services including:adjusting the WPChat Platform to meet a Customer’s specifications;the collection and analysis of Customer use data to report trends;the provision of training for Customer staff or third parties related to the WPChat Platform;WPChat internal business process execution and management leading to incidental Processing of personal information for:internal auditing of WPChat processor-related activities;activities related to compliance with applicable law or regulation; anddata de-identification and aggregation of de-identified data for data minimization. |
| Where is this personal information processed? | The personal information described in this section may be processed in every territory where WPChat group members or their processors are located. A list of WPChat group member locations is available at Appendix 1 to this Processor Policy. |
- WPChat products
The WPChat Platform covered by this Processor Policy will include all WPChat products and services.