Executive Summary
| Data Type | Location | Responsible Party | Developer Access |
|---|---|---|---|
| Donor data | Client's site database | Site Owner | ✗ NO |
| Plugin buyer data | Freemius / Developer | Developer + Freemius | ✓ YES |
| Donor payment data | Stripe, PayPal, etc. | Payment Processor | ✗ NO |
1. Donor Data
1.1 What Data the Plugin Stores
The "Simple Donation System" plugin stores the following donor data in the database of the site where it is installed (table wp_hb_lateral_simple_donations):
Personal data:
- Name and surname
- Phone
- Tax ID/NIF (if requested for tax deduction)
- Full address (street, city, postal code, province, country)
Financial data (non-sensitive reference):
- IBAN (for SEPA direct debits)
- Account holder name
- Donation amount
- Payment method used
- Transaction ID
Technical data:
- WooCommerce order ID
- Payment status
- Donation frequency
- Creation date
1.2 Where Data is Stored
| Data Type | Location | Developer Access |
|---|---|---|
| Donor data | Client's WordPress database | ✗ NO - Developer has no access |
| WooCommerce orders | Client's WordPress database | ✗ NO |
| Complete payment data | Stripe/PayPal/etc. servers | ✗ NO |
| Plugin configuration | Client's WordPress database | ✗ NO |
1.3 Site Owner Responsibilities
The site owner where the plugin is installed is the SOLE party responsible for:
✓ Regulatory compliance:
- GDPR (General Data Protection Regulation) if you have EU users
- CCPA (California Consumer Privacy Act) if you have California users
- LOPDGDD (Spanish Data Protection Law) if you operate in Spain
- Any other applicable data protection law
✓ Specific obligations:
- Provide clear privacy policy to donors
- Obtain adequate consent for data processing
- Respond to data rights requests (access, rectification, deletion, portability)
- Manage security of data stored on your server
- Notify security breaches according to applicable regulations
- Maintain records of processing activities
1.4 Developer is NOT Responsible
The plugin developer is NOT responsible for:
- ✗ Donor data stored on client's site
- ✗ GDPR/CCPA/LOPDGDD compliance for donor data
- ✗ Client's site privacy policies
- ✗ Managing donor data rights requests
- ✗ Client's server security
- ✗ Security breaches on client's site
- ✗ Misuse of data by site owner
Legal reason: The developer provides a software tool. Donor data is stored exclusively on the client's infrastructure. The developer has no physical or logical access to this data.
2. Plugin Buyer Data
2.1 Sales Channels
- WordPress.org (free version): No data collected directly
- Freemius (PRO version): Freemius manages sales and collects data
2.2 Data Collected When Purchasing (via Freemius)
Freemius collects:
- Buyer's name and email
- Billing information
- Payment data (processed by Freemius, not stored by developer)
- License information
Developer receives from Freemius:
- Buyer's email
- License type purchased
- Purchase date
- License status
3. Technical Information (Telemetry)
3.1 Free Version (WordPress.org)
The free version does NOT send data to external servers. All information remains on the client's site.
3.2 PRO Version (Freemius)
The PRO version may send to Freemius (with consent):
- Site URL (for license validation)
- WordPress version
- Plugin version
- PHP version
- License status
NOT sent:
- ✗ Donor data
- ✗ Site owner's personal information
- ✗ Order data
- ✗ Financial information
4. Responsibility Matrix
| Scenario | Responsible Party | Required Action |
|---|---|---|
| Donor requests access to their data | Site Owner | Provide data per GDPR |
| Donor requests data deletion | Site Owner | Delete from DB and WooCommerce |
| Security breach in donor data | Site Owner | Notify per GDPR (72h) |
| Buyer requests access to their data | Developer + Freemius | Provide data |
| Buyer requests data deletion | Developer + Freemius | Delete (except legal obligations) |
5. Guide for Site Owners
5.1 Before Installing the Plugin
You must:
- ✓ Review and update your privacy policy
- ✓ Inform donors about what data is collected
- ✓ Obtain consent for data processing
- ✓ Verify compliance with GDPR/LOPDGDD if operating in EU/Spain
5.2 Information to Include in Your Privacy Policy
Your privacy policy should inform donors about:
- What data is collected (name, email, address, tax data if applicable)
- How it's used (process donation, issue tax certificates, communications)
- Where it's stored (your server, payment processors)
- Their rights (access, rectification, deletion, portability)
- How to exercise their rights (contact)
- Data retention period
5.3 Managing Rights Requests
To respond to donor requests:
- Access: Export data from admin panel
- Rectification: Edit donation record
- Deletion: Delete record (consider tax retention obligations)
- Portability: Export in structured format (CSV)
Contact
For plugin buyer data questions:
- Email: [email protected]
- Responsible: Hector Luis Barrientos Hector Luis Barrientos
For donor data questions:
Contact the site owner where you made your donation (NOT the plugin developer)
6. Legal Notice
This document is informational and does not constitute legal advice. It is recommended to consult with a data protection specialist lawyer to:
- Adapt this document to your specific jurisdiction
- Verify compliance with applicable regulations
- Handle specific data protection situations