Privacy Policy
Last updated: May 2026
Our commitment: We minimize data collection, encrypt sensitive information, and never sell your data to third parties.
1. Information We Collect
- Account data: Name, email, phone number (for payments)
- Site credentials: WordPress API keys (encrypted with AES-256)
- Usage data: Number of posts created, API calls made
- API keys: Your AI service keys (encrypted, never shared)
2. How We Use Your Information
- To provide the Galaxy.WP service
- To process payments (Wish Money, Cash on Delivery)
- To send important service notifications
- To prevent abuse and ensure fair usage
3. Data Security
- All passwords are hashed with bcrypt
- API keys are encrypted with AES-256 before storage
- We use HTTPS/TLS for all data transmission
- Database backups are encrypted
4. Data Retention
- Account data: Retained while account is active, deleted 30 days after termination
- API keys: Encrypted, can be deleted by user at any time
- Audit logs: Retained for 1 year for security purposes
- Payment records: Retained for 5 years per legal requirements
5. Third-Party Services
We integrate with:
- AI services (OpenAI, Google, etc.) - only when you provide API keys
- Your WordPress sites - using credentials you provide
We do not share your data with analytics companies, advertisers, or data brokers.
6. Your Rights
- Access your data through the account panel
- Delete your account and associated data
- Export your site configurations
- Request data deletion (contact admin)
7. Cookies
We use only essential cookies for session management. No tracking or advertising cookies.
8. Changes to This Policy
We may update this policy. Significant changes will be notified via email.
9. Contact
For privacy questions or data requests, contact us through the admin panel.