Privacy Policy – Zanopy WooCommerce Plugin

Plugin: Zanopy: Landing Page Creator

1. Overview

Effective Date: 30 April 2026 - Version 1.0

This Privacy Policy applies specifically to the Zanopy WooCommerce Plugin ("Plugin"), which connects a merchant's WooCommerce store to Zanopy services.

The Plugin enables features such as landing page generation, store analytics, and merchant-configured automation workflows.

Zanopy acts as a data processor on behalf of the merchant. The merchant (store owner) remains the data controller and is solely responsible for collecting, managing, and ensuring lawful use of customer data in accordance with applicable privacy laws.

This Plugin Policy should be read alongside the main Zanopy Privacy Policy, which governs general website use. Merchants who require a Data Processing Agreement (DPA) in accordance with GDPR Article 28 may request one at https://zanopy.ai/contact.php. By connecting the Plugin, the merchant agrees that Zanopy acts solely as a data processor under the merchant's documented instructions.

The Plugin does not provide consent management tools. Merchants are responsible for implementing appropriate consent mechanisms within their store.

This Policy is designed to align with major global data protection frameworks, including the General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA), where applicable.

2. Data We Collect and Process

When a merchant connects their store, the Plugin may securely transmit the following data to Zanopy:

• Store Information: Store URL, WordPress version, WooCommerce version
• Product Data: Names, pricing, stock status, categories, images
• Page & Theme Data: WordPress pages and theme configuration
• Order Data: Order ID, purchased items, totals, order status
• Customer Information: Name, email address, phone number, shipping address

Customer information is processed strictly to support merchant-configured workflows and plugin functionality. Zanopy does not independently initiate communication with customers.

Legal Basis for Processing Zanopy processes store and order data on the basis of contractual necessity - to deliver the Plugin services the merchant has subscribed to. Customer personal data is processed on the basis of the merchant's own lawful grounds (such as consent or contractual necessity with the end customer). Zanopy does not rely on an independent legal basis to process customer data and acts solely on documented merchant instructions. The Plugin itself does not place cookies on the merchant's storefront. However, the analytics and heatmap script used on Zanopy-generated landing pages may use tracking technologies that are subject to user consent. Analytics data is derived exclusively from server-side store data transmitted by the merchant.

Visitor Behaviour Data (Landing Pages only): When a merchant publishes a Zanopy-generated landing page, the page may include an analytics and heatmap script that collects the following from page visitors: IP address (anonymised after processing), browser type and version, device type and screen resolution, pages visited and time spent, click positions and scroll depth, and conversion events (e.g. form submissions, button clicks). This data is collected to provide the merchant with analytics and heatmap reports. It is processed on behalf of the merchant and is not used by Zanopy for any independent purpose.

Visitor behaviour data collected via the analytics and heatmap script is processed on the basis of consent. The merchant is responsible for implementing a compliant cookie consent mechanism on their landing page before the Zanopy analytics script activates. Zanopy provides a consent-aware script that will not fire until visitor consent is obtained. Where the merchant fails to implement consent, the merchant bears sole legal responsibility for any resulting non-compliance.

3. Merchant Responsibility

Merchants are responsible for:

• Ensuring they have lawful grounds to process customer data
• Obtaining any required user consent
• Configuring automation workflows in compliance with applicable laws (e.g., GDPR, CAN-SPAM, etc.)

Zanopy processes data only on documented instructions from the merchant via Plugin configuration. Zanopy shall not be liable for the merchant's failure to obtain valid consent, provide required notices, or otherwise comply with applicable data protection and privacy laws.

4. How Data Is Used

Zanopy uses transmitted data solely to provide Plugin functionality, including:

• Enabling automation workflows based on store activity
• Generating landing pages using store data
• Providing analytics dashboards to merchants
• Providing conversion analytics reports to merchants based on visitor behaviour on Zanopy-generated landing pages

All automation messages are configured and triggered by the merchant.

Zanopy does not:

• Sell customer data
• Use customer data for advertising
• Independently profile customers
• Share data with unauthorized third parties

5. Data Transmission

The Plugin connects securely to Zanopy infrastructure at:

https://zanopy.ai

Data transmission occurs only after explicit merchant connection and authorization. If the Plugin is not connected, no store or customer data is transmitted.

Visitor behaviour data collected by the analytics and heatmap script is transmitted directly from the visitor's browser to Zanopy's analytics infrastructure at:
https://zanopy.ai/reporting_page.php
This transmission occurs only on landing pages where the merchant has enabled the analytics feature and where visitor consent has been obtained.

6. Data Protection and Security

Zanopy takes commercially reasonable measures to protect data, consistent with the principles outlined in its main Privacy Policy.

• Sensitive fields (such as email addresses and phone numbers) are encrypted during transmission
• All communication occurs over secure HTTPS connections
• Access to data is restricted to authorized systems and personnel

However, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

6A. Sub-processors

Zanopy may engage trusted third-party service providers ("sub-processors") to support the operation of the Plugin, including cloud hosting, infrastructure, and data storage services. All sub-processors are contractually bound by data protection obligations consistent with this Policy and applicable law.

A current list of sub-processors may be provided upon request. Zanopy ensures that any sub-processor processes personal data only on documented instructions and implements appropriate technical and organisational measures to protect such data.

7. Service Improvement

Zanopy may process limited technical and operational metadata (e.g., usage logs, error reports) to:

• Improve performance and reliability
• Enhance automation accuracy

Customer-identifiable information is not used for advertising, profiling, or independent analytics.

8. Data Retention

• Store and customer data is retained while the store remains connected to Zanopy services.
• Upon disconnection or Plugin uninstallation, associated store and customer data is deleted within 90 days.
• Technical logs, error reports, and operational metadata may be retained for up to 1 year for security, debugging, and compliance purposes, after which they are permanently deleted.
• Anonymised or aggregated data that cannot be linked to any individual or store may be retained indefinitely for service improvement purposes.
• Where retention is required by applicable law (e.g. tax, accounting, or legal obligations), data will be retained for the minimum period required and deleted promptly thereafter.

9. Plugin Uninstall Behavior

If the Plugin is uninstalled:

• Stored connection credentials are deleted
• Cached store metadata is removed
• Communication with Zanopy servers ceases

10. Your Rights

Merchants may:

• Disconnect their store at any time
• Request deletion of stored data
• Request access to stored data

Customer Data Subject Rights Where Zanopy processes personal data about end customers on behalf of a merchant, those customers may have rights under applicable law (including GDPR and UK GDPR) — such as the right to access, rectification, erasure, restriction of processing, and data portability. These requests should be directed to the merchant in the first instance, as the data controller. Zanopy will provide reasonable assistance to merchants in fulfilling such requests.

CCPA Notice Zanopy does not sell personal data as defined under the California Consumer Privacy Act (CCPA). No customer or merchant data is sold, rented, or traded to third parties for commercial purposes. Requests can be submitted via the contact details below.

11. International Data Transfers

Children's Data: The Plugin is not intended for use in connection with services directed to children under the age of 13 (or the equivalent minimum age under applicable law). Zanopy does not knowingly collect or process personal data from children.

Zanopy's infrastructure may be located in countries outside of your jurisdiction, including outside the European Economic Area (EEA) or United Kingdom. Where personal data is transferred internationally, Zanopy relies on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure data is protected to an equivalent standard.

12. Contact

For privacy-related inquiries:

https://zanopy.ai/contact.php

Zanopy is operated by FAI Tech Pte Ltd, registered in Singapore.

This privacy policy is effective as of April 30, 2026.