GDPR and CCPA Compliance
ArrayHash supports privacy rights for website, signup, newsletter, support, checkout and license data, while keeping merchant WordPress store data outside ArrayHash collection.
- No sale of personal data
- Rights requests by email
- No plugin telemetry
- Covered laws
- GDPR, UK GDPR, CCPA/CPRA
- Response target
- Within 30 days
- Effective date
- April 10, 2026
- Last reviewed
- June 2, 2026
What this page covers
This page explains how ArrayHash handles privacy rights and regional privacy controls for personal data processed through the ArrayHash website, ArraySubs signup, newsletter, support, contact, checkout, payment, license, refund and account workflows.
Merchant store data is not collected by ArrayHash
ArraySubs does not send WooCommerce store metrics, customer data, WordPress admin emails, user emails, plugin installation events, activation events, usage telemetry or logs to ArrayHash. Merchants remain responsible for GDPR, UK GDPR, CCPA/CPRA and other privacy obligations for data inside their own WordPress and WooCommerce stores.
Rights you can request
| Right | What it means |
|---|---|
| Access | Ask what personal data ArrayHash holds about you. |
| Correction | Ask ArrayHash to correct inaccurate personal data. |
| Deletion | Ask ArrayHash to delete personal data where deletion is legally available. |
| Restriction | Ask ArrayHash to limit processing where applicable. |
| Portability | Ask for a copy of data in a portable format where applicable. |
| Objection | Object to processing based on legitimate interests where applicable. |
| Withdraw consent | Withdraw consent for newsletter or analytics where consent is the basis. |
| Opt out of sale or sharing | ArrayHash does not sell personal data or share it for cross-context behavioral advertising. |
How to make a request
- Email [email protected].
- Use the email address connected to your signup, newsletter, support, contact, checkout or license record.
- Include your country and the right you want to exercise.
- For payment or license requests, include the order number, invoice number or license key if available.
- Do not send passwords, full card numbers, secret keys, customer exports or unnecessary store data.
ArrayHash may need to verify your identity before completing a request. We respond within 30 days unless a legally permitted extension applies.
No sale or cross-context advertising sharing
ArrayHash does not sell personal data. ArrayHash does not use advertising pixels, retargeting pixels, heatmaps or session recordings. GA4 is used for aggregate website analytics, not advertising retargeting.
| Practice | ArrayHash position |
|---|---|
| Sale of personal data | No. |
| Sharing for cross-context behavioral advertising | No. |
| Advertising or retargeting pixels | No. |
| Sensitive personal information use beyond necessary purposes | No. |
| Discrimination for exercising rights | No. |
Lawful bases and consent
| Processing | Basis or control |
|---|---|
| Signup, support and contact forms | Contract or pre-contractual steps. |
| Newsletter | Consent, with unsubscribe available. |
| GA4 analytics | Consent where required and legitimate interests where permitted. |
| Stripe and Freemius payments, licenses and tax records | Contract and legal obligation. |
| Security logs and abuse prevention | Legitimate interests. |
Providers and international transfers
ArrayHash uses Google Analytics 4, Stripe, Freemius and hosting providers. These providers may process data in countries outside your own. Provider privacy, security and transfer mechanisms apply to their processing.
- Stripe privacy information: stripe.com/privacy.
- Freemius privacy information: freemius.com/privacy.
- GDPR rights reference: European Data Protection Board guide.
- CCPA reference: California Attorney General CCPA page.
Controller and processor roles
ArrayHash website data
ArrayHash is the controller for personal data collected through its own website, signup, newsletter, support, contact, checkout, license, refund and account workflows.
Merchant WooCommerce data
A merchant using ArraySubs in a WooCommerce store is the controller for customer and store data processed in that WordPress installation. ArrayHash is not a processor for that store data unless a separate written agreement says otherwise.
Contact
Privacy rights requests should be sent to [email protected]. Put "Privacy rights request" in the subject line.
Email privacy rights requestRelated policies
Each page covers one part of how ArrayHash handles privacy, payments, licenses, refunds, and accessibility.
Privacy Policy
What the ArrayHash website collects, why it is used, and how to exercise privacy rights.
Read policyData Safety
How website data, payment data, and merchant WordPress data are separated.
Read policyRefund Policy
The 60-day ArraySubs Pro refund guarantee and how refund requests are handled.
Read policyNeed help with a privacy rights request?
Email ArrayHash. We route rights requests, refund questions, and accessibility reports to the right place.