1. Introduction

Vlauma ("we", "us", "our") is a Software as a Service (SaaS) analytics platform for websites, WooCommerce and Shopify stores. This Privacy Policy explains how we collect, use, store, and share personal data in compliance with the EU General Data Protection Regulation ("GDPR"), the ePrivacy Directive, and other data protection laws.

We are committed to protecting your privacy and ensuring transparency in how we handle your data.

2. Data Controller & Data Processor

• • Data Controller: Vlauma is the data controller for the personal data we process. We determine the purposes and means of processing your personal data.
• • Data Processor: When acting on behalf of our customers (e.g., website owners and WooCommerce store managers), Vlauma may process personal data as a data processor pursuant to a Data Processing Agreement (DPA). Our customers remain the data controllers for the data collected from their sites and stores.

For any questions regarding this policy or our data handling practices, please contact our Support at:

• * Email: support@vlauma.com

3. What Personal Data Do We Collect?

We may process various categories of personal data, including but not limited to:

(A) Identifiers & Analytics Data

• • Session & Visitor IDs (randomized, non-personal identifiers).
• • Anonymized IP Address (we store only a truncated version, e.g., 1.2.x.x, to determine approximate location without personal identification).
• • Browser & Operating System Information (collected from User-Agent but not stored in full to avoid fingerprinting).
• • Time zone & Device Type (used for analytics and improving service functionality).

(B) WooCommerce & E-commerce Data

• • Product Data (product names, slugs, IDs, and cart contents).
• • E-commerce Events (Add to Cart, Purchase, Checkout Completion, etc.).
• • Aggregated Revenue & Order Data (for analytics purposes only).

(C) Cookies & Tracking Technologies

• We use cookies for session management and analytics:
• • Session Cookies (session_id, visitor_id) – Required for analytics.
• • Analytics Cookies – Used only with user consent (via cookie banner).

Additionally, via our WooCommerce plugin integration, we automatically collect and process WooCommerce-specific analytics, including (but not limited to):

• • Basic Woo Events (e.g., View Product, Revenue Analytics, Purchase Event)
• • Woo Cart, Checkout, Customer, Order, Coupon, Advanced, and Extended Events (e.g., Add to Cart, Remove from Cart, Account Creation, Login/Logout, Order Cancelled, Conversion Funnels, etc.)

We do not sell your data or use it for targeted advertising.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes:

• • Analytics and Reporting: To provide our customers with insights into website traffic, user behavior, conversion tracking, and e-commerce performance.
• • Platform Functionality: To enable our SaaS solution and integrations with WooCommerce to function effectively.
• • Customer Support: To address customer inquiries and ensure smooth operation of our services.
• • Compliance and Security: To comply with legal obligations, protect our rights and property, and ensure the security of our services.

Legal Bases for Processing:

• • Consent: Where applicable (e.g., use of cookies and tracking), we obtain voluntary, explicit consent from affected users.
• • Legitimate Interests: Processing is necessary for the purposes of ensuring the functionality and security of our platform and delivering our services. We balance our legitimate interests with your rights and freedoms under the GDPR.
• • Contractual Necessity: To fulfill our contractual obligations with our customers (e.g., providing analytics and insights).
• • Legal Obligations: To adhere to applicable legal, regulatory, and law enforcement requirements.

5. Cookies and Tracking Technologies

Our platform uses cookies – small text files stored on your device – to enhance user experience, authenticate sessions, and track visitor behavior. Examples include:

• • Session Cookies: To identify and maintain an active session under a unique session_id.
• • Tracking Cookies: To assign unique visitor_id values, monitor analytics events, and track conversions.

Managing Cookies:

Users have the right to manage or disable cookies through their browser settings. However, please note that disabling cookies may affect the functionality of certain features on our platform.

6. Data Storage, Retention, and Security

Data Storage:

Personal data is stored on secure servers and cloud platforms with appropriate technical and organizational measures in place to protect against unauthorized access, disclosure, alteration, or destruction.

Data Retention:

Your data will be stored for a period consistent with the chosen service plan (e.g., 30-day data retention under your current plan, unless otherwise specified). After the retention period, data may be anonymized or securely deleted in compliance with our data retention policies.

Data Security:

We implement a range of security measures, including encryption, access controls, and regular audits, to safeguard your data. Our internal data handling policies are designed to ensure compliance with industry standards and regulatory requirements.

7. Data Transfers

In order to provide our services globally, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). In such instances, we ensure that adequate safeguards are in place (including Standard Contractual Clauses or other approved transfer mechanisms) to protect your personal data in accordance with the GDPR.

8. Third-Party Data Sharing

• • Service Providers: We engage third-party vendors and service providers who help us operate our platform (e.g., hosting providers, analytics tools). All such processors are contractually required to uphold data protection standards equivalent to GDPR.
• • Legal Requirements: We may disclose personal data if required by law, regulation, or a valid legal process (such as a subpoena or court order).

We do not sell or rent your personal data to third parties.

9. Data Subject Rights

Under the GDPR, you have the following rights with respect to your personal data:

• ✅ Right of Access: You can request details about the personal data we hold about you and receive a copy of that data.
• ✅ Right to Rectification: You have the right to request that inaccurate or incomplete personal data is corrected.
• ✅ Right to Erasure ("Right to be Forgotten"): Under certain conditions, you have the right to ask us to delete your personal data, subject to legal or contractual obligations.
• ✅ Right to Restriction of Processing: You may request a temporary halt to processing your personal data in certain circumstances.
• ✅ Right to Data Portability: You may request that your personal data be provided in a structured, commonly used, and machine-readable format.
• ✅ Right to Object: You can object to the processing of your personal data on grounds related to your particular situation or for direct marketing purposes.
• ✅ Right to Withdraw Consent: If processing is based on your consent, you can withdraw your consent at any time. Note that this will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Data Protection Officer at support@vlauma.com. We will respond to your request within the timeframes required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal obligations, or regulatory requirements. We will post a notice on our website and update the "Last Updated" date when significant changes are made. We encourage you to review this policy periodically.

11. Contact Information

If you have questions or concerns about this Privacy Policy or our data processing practices, please contact:

• * General Inquiries: support@vlauma.com