Privacy Policy

Last Updated: November 4, 2025

Introduction

Donesa Group Ltd (“we,” “us,” or “our”) operates the Auto Social Media Marketer Pro (ASMM Pro) WordPress plugin and the website https://asmmpro.com (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information.

Important: ASMM Pro is a self-hosted plugin that runs on your WordPress website. Most data stays on your server and is under your control. We only collect minimal information necessary for licensing and payment processing.

By using ASMM Pro, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use our Service.

Table of Contents

1. Key Privacy Principles
2. Information We Collect
3. Information We DO NOT Collect
4. How We Use Your Information
5. Data Storage and Security
6. Third-Party Services
7. Payment Processing
8. Cookies and Tracking
9. Your Data Rights
10. Data Retention
11. International Data Transfers
12. Children’s Privacy
13. Changes to This Policy
14. Contact Us

Key Privacy Principles

Self-Hosted Plugin
ASMM Pro is a self-hosted WordPress plugin that runs entirely on your server. This means:

✅ Your data stays on your server
– All social media content you create stays in your WordPress database
– All media files (images/videos) stay in your WordPress uploads folder
– All social media API credentials are stored encrypted on your server
– All post history and logs stay on your server

✅ You control your data
– You can backup, export, or delete your data anytime
– You decide who has access to your WordPress admin
– You control security and access to your server

✅ We don’t have access to your data
– We cannot see your social media posts or content
– We cannot access your API credentials or passwords
– We cannot view your post history or analytics
– We don’t store your data on our servers (except license info)

Information We Collect

We collect very limited information – only what’s necessary for licensing and payment.

1. Information You Provide Directly

When You Purchase:
– Email address (for license delivery and communication)
– Name (billing name for invoice)
– Country/billing address (for tax compliance)
– We do not collect: Credit card numbers, bank details, or payment information

When You Activate License:
– License key (provided after purchase)
– Website URL (where plugin is installed)
– This validates that license is used on authorized site

2. Automatically Collected Information

License Validation:
When the plugin checks license validity (every 1 minute), we receive:
– License key
– Your website URL
– WordPress version
– Plugin version
– Timestamp of validation request

Purpose: Prevent unauthorized use and ensure you have active license.

What we DON’T receive:
– No social media API credentials
– No post content or media files
– No user data from your WordPress site
– No analytics or usage statistics
– No visitor information from your site

3. Support Communications

When you contact support:
– Email messages and correspondence
– Information you voluntarily provide to help resolve issues
– No automatic data collection from your site

Information We DO NOT Collect

We explicitly DO NOT collect, access, or store:

❌ Social Media Credentials
– No API keys or access tokens
– No Facebook Page IDs or tokens
– No Instagram credentials
– No Twitter API keys
– All stored encrypted on YOUR server only

❌ Your Content
– No social media posts or text
– No images or videos you upload
– No hashtags or captions
– All stays in YOUR WordPress database

❌ Post History
– No record of what you posted
– No social media responses
– No success/failure logs
– All stored on YOUR server only

❌ Usage Data
– No analytics about how you use plugin
– No tracking of features used
– No monitoring of posting frequency
– Plugin operates independently on your server

❌ WordPress User Data
– No usernames or passwords
– No email addresses from your WordPress users
– No IP addresses from your admin panel
– No WordPress database access

❌ Visitor Data
– No tracking of your website visitors
– No cookies on your site from plugin
– No analytics scripts injected
– Plugin is admin-only, no frontend presence

How We Use Your Information

The minimal information we collect is used only for:

1. License Management
– Email address: Send license key, renewal reminders, update notifications

– Website URL: Validate license is used on authorized domain

– License key: Track active licenses and prevent piracy

2. Payment Processing
– Email: Send receipts and invoices
– Name/Address: Tax compliance and invoicing
– Country: Determine applicable taxes (VAT/GST)

3. Customer Support
– Email: Respond to support requests
– Support history: Reference previous conversations
– Voluntary information: Information you provide to resolve issues

4. Legal Compliance
– Transaction records: Tax reporting requirements (7 years retention)
– Fraud prevention: Identify fraudulent purchases
– Legal requests: Respond to lawful requests from authorities

5. Service Improvement
– Aggregate data: General statistics like “number of active licenses”
– No individual tracking: We don’t track individual usage patterns
– No analytics: We don’t monitor how you use the plugin

Data Storage and Security

Where Your Data is Stored

On Your Server (99% of data):
– All content, posts, media files
– All social media API credentials (encrypted)
– All post history and logs
– All settings and configurations
– Location: Your hosting provider’s servers
– Control: You have complete control

On Our Licensing Server (<1% of data):
– License keys and associated site URLs
– Customer email addresses
– Purchase/renewal dates
– License status (active/expired)
– Location: United Kingdom
– Purpose: License validation only

Security Measures

Your Server (Plugin Security):
– ✅ AES-256-CBC encryption for API credentials
– ✅ Prepared SQL statements (SQL injection protection)
– ✅ WordPress nonce verification (CSRF protection)
– ✅ Input sanitization and validation
– ✅ Capability checks (admin-only access)
– ✅ Rate limiting (abuse prevention)

Our Licensing Server:
– ✅ SSL/TLS encryption for all communications
– ✅ Secure database storage
– ✅ Regular security updates
– ✅ Access logging and monitoring
– ✅ Encrypted backups

However:
– No system is 100% secure
– You are responsible for securing your WordPress installation
– Use strong passwords and keep WordPress/PHP updated

Your Responsibility

To maintain security:
– ✅ Use strong WordPress admin passwords
– ✅ Keep WordPress, PHP, and plugins updated
– ✅ Choose reputable hosting provider
– ✅ Enable two-factor authentication on social media accounts
– ✅ Regularly backup your WordPress database
– ✅ Use SSL certificate (HTTPS) on your site
– ✅ Limit WordPress admin access to trusted users

Third-Party Services

Services That Process Your Data

Stripe (Payment Processing):
– What they collect: Payment information (credit cards, billing details)
– What we receive: Confirmation of payment, no card details
– Their policy: https://stripe.com/privacy
– Purpose: Secure payment processing
– Location: USA (compliant with global standards)

Social Media Platforms:
When you use ASMM Pro to post content:
– Facebook: Your content posted via Facebook Graph API
– Instagram: Your content posted via Instagram Graph API
– Twitter: Your content posted via Twitter API
– Their control: Each platform processes data per their privacy policy
– Our role: We only facilitate the connection; we don’t receive or store the content

Important: When you post to social media:
– Content becomes subject to platform’s privacy policy
– Platforms may analyze, store, and use your content per their terms
– We recommend reviewing each platform’s privacy policy
– We don’t control what platforms do with your data

Services We DO NOT Use

❌ No Analytics:
– No Google Analytics on plugin
– No usage tracking
– No behavior monitoring

❌ No Advertising:
– No ad networks
– No remarketing pixels
– No tracking cookies

❌ No Data Brokers:
– We don’t sell data
– We don’t share data with marketers
– We don’t rent email lists

Payment Processing

Stripe Payment Processing

We use Stripe for payment processing:

What Stripe Collects:
– Credit/debit card information
– Billing name and address
– Email address
– Country

What We Receive from Stripe:
– Confirmation that payment succeeded
– Customer email (for license delivery)
– Transaction ID (for records)
– We do NOT receive: Full card numbers, CVV, banking details

Stripe’s Security:
– PCI DSS Level 1 compliant (highest security standard)
– Industry-leading fraud prevention
– Secure tokenization of payment methods
– Privacy Policy: https://stripe.com/privacy

Your Rights:
– You can delete payment methods from Stripe
– You can request payment history
– Contact Stripe support for payment data questions

Refunds and Data

When you request a refund:
– Transaction record retained for tax compliance (7 years)
– License deactivated immediately
– Email address retained for customer support history
– Can request email deletion after retention period

Cookies and Tracking

Our Website (asmmpro.com)

Essential Cookies:
– Session cookies (for logged-in users)
– Shopping cart cookies (during checkout)
– Authentication cookies (remember me)

– Analytics cookies (Google Analytics)

The Plugin Itself

ASMM Pro plugin does NOT:
– ❌ Set any cookies on your website
– ❌ Track your website visitors
– ❌ Add any frontend scripts
– ❌ Load external resources on your site

WordPress Standard:
– Plugin uses WordPress standard session management
– Nonces for security (temporary tokens, not cookies)
– Admin-only functionality (no visitor impact)

Your Cookie Choices

You can control cookies through:
– Browser settings (block all cookies)
– Browser extensions (cookie managers)
– Most browsers notify you when cookies are set

Note: Blocking essential cookies may affect ability to use our website (login, checkout).

Your Data Rights

Depending on your location, you may have the following rights:

Right to Access
– Request copy of personal data we hold
– Includes: email address, license key, purchase history
– Provided in readable format (PDF or CSV)
– How: Email asmmprosupport@donesa.co.uk with license key

Right to Rectification
– Correct inaccurate personal data
– Update email address, name, billing details
– How: Email asmmprosupport@donesa.co.uk

Right to Erasure (“Right to be Forgotten”)
– Request deletion of personal data
– Subject to legal obligations (tax records must be kept 7 years)
– What we’ll delete: Email from marketing lists, optional data
– What we must keep: Transaction records for tax compliance

Right to Restriction
– Request we limit processing of your data
– While accuracy is verified
– While we assess your deletion request

Right to Data Portability
– Receive your data in portable format
– Transfer to another service provider
– Format: CSV or JSON

Right to Object
– Object to processing for marketing purposes
– We don’t do marketing emails (except product updates)
– Can opt-out from update emails

Right to Withdraw Consent
– Withdraw consent for optional data processing
– Doesn’t affect lawfulness of prior processing
– May affect ability to use service

How to Exercise Rights

Email: asmmprosupport@donesa.co.uk
Include:
– License key or order number
– Specific request (access, deletion, etc.)
– Email address associated with account

Response Time: Within 30 days.

Verification: We may request additional information to verify your identity

Data Retention

License Data (Our Servers)

Active Licenses:
– Retained while license is active
– Used for validation and support

Expired Licenses:
– Retained for 3 years after expiration
– For renewal convenience and records

Cancelled/Refunded:
– Transaction records: 7 years (legal requirement)
– Personal data: 3 years or upon request
– License key deactivated immediately

Plugin Data (Your Server)

Under Your Control:
– You decide how long to keep content
– You control post history retention (configurable)
– You can delete all plugin data by uninstalling
– You manage database backups

Plugin Defaults:
– Post history: 90 days (configurable)
– Security logs: 90 days (configurable)
– Content library: Unlimited (until you delete)

Support Communications

Support tickets: 2 years
Support emails: 2 years
Purpose: Reference for ongoing support

Deletion

You can request deletion of:
– Email address (after retention period)
– Account information
– Marketing preferences

We must retain:
– Tax records: 7 years (legal requirement)
– Fraud prevention data: As needed
– Legal defence records: As needed

International Data Transfers

Where We Operate

Primary Operations: United Kingdom
Licensing Server: United Kingdom
Payment Processor: Stripe

Transfers to Third Countries

Stripe:
– Payment processing requires transfer to USA
– Stripe complies with GDPR via Standard Contractual Clauses
– Stripe certified under various privacy frameworks

Social Media Platforms:
– When you post content, transmitted to platform servers
– Facebook, Instagram, Twitter primarily based in USA
– You initiate these transfers by using the plugin
– Subject to platform privacy policies

Legal Basis for Transfers

For EU/UK Users:
– Necessity: Transfer necessary to perform contract (provide service)
– Consent: You consent when connecting social media accounts
– Safeguards: Standard Contractual Clauses where applicable

Your Rights

If you’re in the EEA, UK, or Switzerland:
– Right to information about transfers
– Right to object to transfers (may affect service)
– Right to lodge complaint with supervisory authority

Children’s Privacy

ASMM Pro is not intended for users under 18.

We do not knowingly collect data from children.

If you’re a parent/guardian and believe we collected data from a child:
– Contact us immediately: privacy@asmmpro.com
– We’ll delete information promptly
– We’ll take steps to prevent future collection

Note: Social media platforms also have age restrictions. Users must be of legal age to use Facebook, Instagram, and Twitter in their jurisdiction.

Changes to This Policy

Updates

We may update this Privacy Policy from time to time to reflect:
– Changes in our practices
– Legal or regulatory changes
– New features or services
– User feedback

Notification

For Material Changes:
– Email notification to license holders
– Notice on website: https://asmmpro.com/privacy-policy
– At least 30 days before effective date

For Minor Changes:
– Updated policy posted on website
– “Last Updated” date changed
– Continued use constitutes acceptance

Your Options

If you disagree with changes:
– Discontinue use of service
– Contact us with concerns

Legal Basis for Processing (GDPR)

For users in the EEA and UK, we process your data under these legal bases:

Contract Performance

License activation and validation:
– Necessary to provide the service you purchased
– Validate authorized use of plugin
– Deliver updates and support

Purchase processing:
– Necessary to complete transaction
– Issue license and invoice
– Process payment

Legitimate Interests

Fraud prevention:
– Protect our business from unauthorized use
– Identify suspicious activities
– Maintain service integrity

Service improvement:
– Understand general usage patterns (aggregate only)
– Identify bugs and issues
– Improve documentation

Legal compliance:
– Tax reporting obligations
– Respond to lawful requests
– Maintain business records

Consent

Marketing communications:
– Product updates and news (unless opted out)
– Can withdraw consent anytime

Social media connections:
– You consent when connecting accounts
– You control what’s posted
– Can disconnect accounts anytime

Legal Obligations

Tax compliance:
– UK and EU tax laws require transaction records
– Must retain for 7 years
– Required for government audits

You have the right to:
– Object to processing based on legitimate interests
– Withdraw consent for optional processing
– Lodge complaint with Information Commissioner’s Office (UK) or your local data protection authority

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to Know

Categories of information collected:
– Identifiers: Email, name, license key
– Commercial information: Purchase history, transaction records
– Internet activity: License validation requests (minimal)

Sources: Directly from you during purchase/activation

Purpose: As described in “How We Use Your Information”

Sharing: Not sold or shared with third parties for their marketing

Right to Delete

Request deletion of personal information:
– Subject to legal retention requirements
– Tax records must be kept 7 years
– May affect ability to use service

Right to Opt-Out of Sale

We DO NOT sell personal information.
– No data brokers
– No marketing partners
– No advertising networks

Right to Non-Discrimination

We will not discriminate for exercising your rights:
– Same price and service for all users
– No denial of service
– No different quality of service

How to Exercise CCPA Rights

Verification:
– We’ll verify your identity before processing
– May request additional information
– For your security and privacy

Authorized Agents

You may designate an authorized agent:
– Must provide written permission
– We’ll verify agent’s authority
– Agent must verify your identity

Data Protection Officer

For data protection inquiries:

Privacy Contact:
Email: asmmprosupport@donesa.co.uk

General Support:
Email: asmmprosupport@donesa.co.uk

Company:
Donesa Group Ltd
United Kingdom

Supervisory Authority

If you’re in the EEA or UK, you have the right to lodge a complaint with your data protection authority:

UK Users:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

EEA Users:
Contact your local data protection authority
List: https://edpb.europa.eu/about-edpb/board/members_en

We encourage contacting us first so we can address your concerns directly.

Contact Us

For privacy-related questions, concerns, or requests:

Privacy Inquiries:
Email: asmmprosupport@donesa.co.uk

General Support:
Email: asmmprosupport@donesa.co.uk
Website: https://asmmpro.com

Mailing Address:
Donesa Group Ltd
United Kingdom

Response Time:
We aim to respond within 48 hours (business days).

Additional Resources

Related Policies:
– Terms of Use: https://asmmpro.com/terms-of-use

Third-Party Policies:
– Stripe Privacy: https://stripe.com/privacy
– Facebook Privacy: https://www.facebook.com/privacy/policy
– Instagram Privacy: https://help.instagram.com/privacy/policy
– Twitter Privacy: https://twitter.com/privacy

Regulatory Information:
– UK GDPR: https://ico.org.uk/for-organisations/guide-to-data-protection/
– EU GDPR: https://gdpr.eu/
– CCPA: https://oag.ca.gov/privacy/ccpa

Summary

What we collect: Email, name, website URL, license key

What we DON’T collect: API keys, social media content, usage data

Where data is stored: Mostly on your server (your control)

Payment processing: Stripe (we don’t see card numbers)

Your rights: Access, rectification, erasure, portability

How to contact us: asmmprosupport@donesa.co.uk

Remember: ASMM Pro is self-hosted. You control 99% of the data. We only handle licensing.

Document Version: 1.0
Effective Date: November 4, 2025
Last Updated: November 4, 2025

This Privacy Policy is part of our Terms of Use and constitutes a legal agreement between you and Donesa Group Ltd.