WPXPO Privacy Policy

Last Updated: October 12, 2025

At M/S WPXPO, we prioritize your privacy while delivering premium WordPress themes and plugins. This Privacy Policy outlines how we collect, use, and share your information in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Bangladesh Digital Security Act 2018, and other applicable laws. Our goal is to be transparent and cooperative while limiting our liability to the fullest extent permitted by law.

This policy applies solely to data processed by M/S WPXPO through our website (https://www.wpxpo.com/) and related subdomains. It does not cover third-party sites, services, or actions beyond our direct control. By using our services, you agree to this policy and our Terms and Conditions, subject to your legal rights.

For general inquiries, contact the support team. For privacy requests or complaints, contact the support team. We are committed to cooperating fully within legal requirements.

Who We Are

M/S WPXPO, founded in 2020, is a Bangladeshi software company headquartered at House No. 1/C, Road No. 1, Shyamoli, Dhaka, Bangladesh. We specialize in WordPress and WooCommerce themes and plugins, released under the GNU General Public License (GPLv3). Our services include product sales, downloads, support, and newsletters. We act as the data controller for personal data collected directly.

Third-party processors (e.g., Paddle for payments) handle data under strict agreements. WPXPO is not liable for its actions beyond our instructions.

Information We Collect

We collect minimal data necessary for our services, divided into personal data (identifying individuals) and non-personal data (anonymized or aggregated). No sensitive data is stored in proprietary tools.

Personal Data

We collect personal data only with explicit consent or to fulfil services:

  • Account and Purchase Data: Name, email address, country (for tax/geolocation), and billing details (e.g., invoice address if provided). “Purchase information” includes transaction IDs, product keys, and order history for licensing/support.
    Newsletter Data: Name and email address for product updates and offers. Unsubscribe anytime via email links.
    Support Data: Name, email, and message content from emails or forms (via https://www.wpxpo.com/contact/).
    Usage Data: Anonymized license key usage (e.g., activation count) to prevent abuse, collected only with opt-in consent via the account dashboard.

Non-Personal Data

We collect personal data only with explicit consent or to fulfil services:

  • IP address (masked), device type, browser, operating system, and city-level location.
  • Site usage: Pages visited, time spent, referral sources, activities (e.g., clicks).
  • Aggregated analytics: Trends for marketing purposes.

Children’s Privacy

We do not knowingly collect data from individuals under 18 (or 16 under GDPR). Our services are not intended for children. If such data is inadvertently collected, we delete it promptly upon notification to our sales and business team via support. We comply with the Children’s Online Privacy Protection Act (COPPA) but are not liable for unintentional violations without our knowledge.

How We Collect Information

A: WPXPO started in 2020 with a mission to make WordPress easier, faster, and more flexible for every user – from bloggers to large-scale eCommerce businesses. Since then, we’ve launched multiple successful products that now power thousands of websites globally.

  • Directly: Via forms, account creation, purchases, or subscriptions, with clear consent prompts. 
  • Automatically: Using cookies, server logs, web beacons, and Google Analytics, subject to consent settings. 
  • Third Parties: From Paddle (transaction confirmations) or social media (e.g., X, Facebook) if you interact with us there (e.g., via https://www.facebook.com/wpxpo or https://x.com/wpxpoofficial). WPXPO is not responsible for third-party practices outside of its scope of operations and/or jurisdictions.

We provide a cookie consent banner to accept, reject, or customize non-essential cookies. Rejecting cookies may limit personalization but not core functionality. You are responsible for managing browser settings on your end. 

How We Use Your Information

We use data for defined purposes, based on legal grounds (consent, contract, legitimate interests):We’ve also recently expanded into the Shopify ecosystem with our latest app, WowETA, which allows Shopify merchants to show accurate estimated delivery times and boost buyer trust.

  • Service Delivery: Process purchases, deliver products, manage accounts, issue invoices (contract basis). 
  • Communication: Send updates, newsletters, offers (consent basis; opt-out available). 
  • Support and Security: Respond to inquiries, monitor fraud/spam, improve services (legitimate interests).
  • Marketing: Personalize ads/offers with consent (opt-out via settings).
  • Compliance: Fulfill legal obligations (e.g., tax reporting under Bangladeshi law).

We limit use to these purposes and are not liable for misuse by users or third parties beyond our control.

Sharing Your Information

We do not sell personal data. We share data only as necessary, with consent or legal obligation:

  • Service Providers: Paddle (payments; https://paddle.com/legal/) and Google Analytics (analytics; https://policies.google.com/privacy)) process data under strict agreements with Standard Contractual Clauses (SCCs) for GDPR compliance. WPXPO is not liable for its actions beyond our instructions.
  • Social Media: Interaction data (e.g., likes on X, Facebook) may be shared for ads with consent. Opt-out via platform settings. WPXPO is not responsible for platform policies.
  • Legal Compliance: We disclose data to comply with laws (e.g., Bangladeshi Digital Security Act 2018) or protect rights (e.g., court orders). We cooperate fully but are not liable for required disclosures.
  • Business Transfers: Data may be transferred in mergers/acquisitions, with prior notice. We are not liable for successor actions.
  • Aggregated Data: Anonymized insights shared for research, without identifying information.

For CCPA users: We have not “sold” or “shared” personal data in the past 12 months. International transfers use SCCs or equivalent safeguards. WPXPO is not liable for third-party breaches.

User Rights and Choices

You have rights under GDPR, CCPA, and Bangladeshi law, which we fully support:

  • Access: View your data.
  • Rectification: Correct inaccuracies.
  • Erasure: Request deletion (subject to legal retention).
  • Objection/Restriction: Limit processing.
  • Portability: Receive data in a machine-readable format.
  • Withdraw Consent: At any time, without affecting prior actions.
  • CCPA-Specific: Opt-out of “sales/sharing” (not applicable), limit sensitive data, and non-discrimination.

For cookies: Manage via our consent tool or browser settings (guidance at https://www.allaboutcookies.org/). Opt-out of Google Analytics at https://tools.google.com/dlpage/gaoptout. We honor Do Not Track (DNT) and Global Privacy Control (GPC) signals, but are not liable for browser compatibility issues.

Data Retention and Security

You have rights under GDPR, CCPA, and Bangladeshi law, which we fully support:

  • Retention: Personal data is retained only as needed (e.g., account data until deletion; invoices for 7 years per Bangladeshi tax law). Non-personal data is kept for 26 months. Refunds under our 14-day money-back guarantee (per Terms and Conditions) trigger deletion of related purchase data unless legally required. We are not liable for data retained to meet legal obligations.
  • Security: We use encryption (SSL/TLS), access controls, and audits. Paddle ensures PCI DSS compliance. We take reasonable measures, but are not liable for breaches beyond our control. In case of a breach, we notify users/authorities within 72 hours (GDPR) and cooperate fully, but liability is limited to direct negligence.

For cookies: Manage via our consent tool or browser settings (guidance at https://www.allaboutcookies.org/). Opt-out of Google Analytics at https://tools.google.com/dlpage/gaoptout. We honor Do Not Track (DNT) and Global Privacy Control (GPC) signals, but are not liable for browser compatibility issues.

Cookies and Tracking Technologies

We use cookies for essential (e.g., login), functional (e.g., preferences), and analytics/marketing purposes. See our Cookie Policy for details. Essential cookies are always active; others require consent via our banner. We are not liable for the user’s failure to manage cookie settings or third-party tracking beyond our instructions.

Changes to This Policy

We may update this policy to reflect legal or operational changes. Significant updates will be posted on our site. Continued use implies acceptance. We are not liable for the user’s failure to review updates.

Governing Law

This policy is governed by the laws of Bangladesh, without regard to conflict of law principles. Disputes will be resolved exclusively in the courts of Dhaka, Bangladesh. We cooperate with legal processes but are not liable for outcomes beyond our control.

Contact Us

  • General Inquiries/Privacy Requests/Complaints: Visit our support.
  • Address: M/S WPXPO, House No: 1/C, Road No: 1, Shyamoli, Dhaka, Bangladesh
  • Data Protection Officer: Available upon request

EU/UK users may contact the ICO (https://ico.org.uk/). CCPA users: California Privacy Protection Agency (https://cppa.ca.gov/). Bangladeshi users: Bangladesh Telecommunication Regulatory Commission (BTRC). We cooperate fully but are not liable for outcomes beyond our control.

Grow More Faster with Industry Experts
Whether you’re just getting started or scaling fast, we’ve got you covered. Access helpful guidance
Message IconQuick Support
Facebook IconJoin the Community