GDPR and CCPA Compliance
ArrayHash supports privacy rights for website, signup, newsletter, support, checkout and license data, while keeping merchant WordPress store data outside ArrayHash collection.
- No sale of personal data
- Rights requests by email
- Consent withdrawal in footer
- Covered laws
- GDPR, UK GDPR, CCPA/CPRA
- Response target
- Within 30 days
- Effective date
- April 10, 2026
- Last reviewed
- June 7, 2026
What this page covers
This page explains how ArrayHash handles privacy rights and regional privacy controls for personal data processed through the ArrayHash website, ArraySubs signup, newsletter, support, contact, checkout, payment, license, refund and account workflows.
Merchant store data is not collected by ArrayHash
ArraySubs does not send WooCommerce store metrics, customer data, WordPress admin emails, user emails, plugin installation events, activation events, usage telemetry or logs to ArrayHash. Merchants remain responsible for GDPR, UK GDPR, CCPA/CPRA and other privacy obligations for data inside their own WordPress and WooCommerce stores.
Rights you can request
| Right | What it means |
|---|---|
| Access | Ask what personal data ArrayHash holds about you. |
| Correction | Ask ArrayHash to correct inaccurate personal data. |
| Deletion | Ask ArrayHash to delete personal data where deletion is legally available. |
| Restriction | Ask ArrayHash to limit processing where applicable. |
| Portability | Ask for a copy of data in a portable format where applicable. |
| Objection | Object to processing based on legitimate interests where applicable. |
| Withdraw consent | Withdraw newsletter consent by unsubscribe and retargeting consent through the footer Privacy choices control. |
| Opt out of sale or sharing | ArrayHash does not sell personal data or share it for cross-context behavioral advertising. |
How to make a request
- Email [email protected].
- Use the email address connected to your signup, newsletter, support, contact, checkout or license record.
- Include your country and the right you want to exercise.
- For payment or license requests, include the order number, invoice number or license key if available.
- Do not send passwords, full card numbers, secret keys, customer exports or unnecessary store data.
ArrayHash may need to verify your identity before completing a request. We respond within 30 days unless a legally permitted extension applies.
Sale and cross-context advertising sharing
ArrayHash does not sell personal data. Advertising and retargeting tags load only after the visitor opts in, and ArrayHash does not use heatmaps or session recordings. GA4 is used for aggregate website analytics and loads on every visit as necessary measurement. If a browser sends Global Privacy Control, ArrayHash treats it as a privacy signal, keeps retargeting off, and does not sell or share personal data for cross-context behavioral advertising.
| Practice | ArrayHash position |
|---|---|
| Sale of personal data | No. |
| Sharing for cross-context behavioral advertising | Only with opt-in consent; off by default and under GPC. |
| Advertising or retargeting pixels | Only after opt-in. |
| Sensitive personal information use beyond necessary purposes | No. |
| Discrimination for exercising rights | No. |
Lawful bases and consent
| Processing | Basis or control |
|---|---|
| Signup, support and contact forms | Contract or pre-contractual steps. |
| Newsletter | Consent, with unsubscribe available. |
| GA4/GTM analytics | Legitimate interests; necessary measurement loaded on every visit. |
| Retargeting and advertising tags | Consent through the website consent manager; off under GPC. |
| Payment, license and tax records | Contract and legal obligation. |
| Security logs and abuse prevention | Legitimate interests. |
Providers and international transfers
ArrayHash uses Google Analytics 4, payment providers, checkout providers and hosting providers. These providers may process data in countries outside your own. Provider privacy, security and transfer mechanisms apply to their processing.
- Stripe privacy information: stripe.com/privacy.
- GDPR rights reference: European Data Protection Board guide.
- CCPA reference: California Attorney General CCPA page.
Controller and processor roles
ArrayHash website data
ArrayHash is the controller for personal data collected through its own website, signup, newsletter, support, contact, checkout, license, refund and account workflows.
Merchant WooCommerce data
A merchant using ArraySubs in a WooCommerce store is the controller for customer and store data processed in that WordPress installation. ArrayHash is not a processor for that store data unless a separate written agreement says otherwise.
Contact
Privacy rights requests should be sent to [email protected]. Put "Privacy rights request" in the subject line.
Email privacy rights requestRelated policies
Each page covers one part of how ArrayHash handles privacy, payments, licenses, refunds, and accessibility.
Privacy Policy
What the ArrayHash website collects, why it is used, cookie consent behavior, and how to exercise privacy rights.
Read policyData Safety
How website data, payment data, and merchant WordPress data are separated.
Read policyRefund Policy
The 30-day ArraySubs Pro refund guarantee and how refund requests are handled.
Read policyNeed help with a privacy rights request?
Email ArrayHash. We route rights requests, refund questions, and accessibility reports to the right place.
