1. Who We Are

2. Applicable Regulations

This policy is designed to comply with applicable data protection laws, including:

• The General Data Protection Regulation (GDPR) for users in the European Union and European Economic Area.
• The California Consumer Privacy Act (CCPA) for users in California, USA.
• Other applicable regional privacy laws where our services are accessed.

If you are located in a jurisdiction with specific data protection rights, you may have additional rights regarding your personal data. Please refer to Section 8 of this policy for details.

3. What Personal Data We Collect and Why

Blog Comments

When you leave a comment on our site, we collect the data you enter in the comments form, including your name, email address, and optional website URL. We also collect your IP address and browser user agent string to assist with spam detection.

An anonymized string (hash) created from your email address may be shared with the Gravatar service to check if you use it. Once your comment is approved, your profile picture (if applicable) and the name you provided will be publicly visible alongside your comment. Your email address remains private.

Contact Forms

Our website includes contact forms to assist with inquiries and support requests. When you use these forms, we collect the data you provide (such as your name and email address) along with your IP address.

We use this information to respond to your inquiries, provide technical assistance, and deliver quotes where applicable. This data is not shared with third parties or used for marketing purposes. Contact form data is deleted after one year.

Plugin Purchases

When you purchase a plugin from our store, we collect your name, email address, billing address, payment method, and IP address. If you provide a VAT number, we store it along with the associated business name and address.

This information is used to:

• Send your order receipt and plugin download link.
• Provide important account and service updates.
• Address queries, refund requests, or complaints.
• Process payments securely and prevent fraudulent transactions.
• Manage your account, verify your identity, and offer technical support.

We do not store payment information or credit card details on our website. Payments are processed securely by third-party providers including Stripe and PayPal. Please review their respective privacy policies for full details.

Upon purchase, we automatically create an account for you using the email address provided, with a secure randomly generated password sent via email. This account allows you to view your purchase history, access downloads, and generate invoices.

Cookies

If you leave a comment, you may opt in to save your name, email address, and website in cookies for convenience. These cookies last for one year.

When you log in to your account, we set a temporary cookie to check if your browser accepts cookies (no personal data is included; this cookie is discarded when you close your browser). Additional cookies save your login information (lasting two days) and screen display preferences (lasting one year). Selecting “Remember Me” extends login cookies to two weeks. Logging out removes these cookies.

If you visit a plugin page, we set a cookie with your local currency (for example, “USD”) based on your IP address to display the correct price, and another with your country code (for example, “US”) to determine available payment options at checkout. Both expire after one day.

A cookie is set when you close a newsletter signup prompt on certain plugin pages or blog posts, preventing it from reappearing for one day. During plugin purchases, we set a cookie to track the number of items in your cart.

Cookie Consent: By continuing to use our website, you consent to our use of cookies as described in this policy. You may manage or withdraw your cookie preferences at any time through your browser settings.

Analytics

We use Google Analytics to gather anonymous visitor statistics, including browser type, operating system, location, pages visited, visit date and time, and referring page. If you purchase a plugin, we record the transaction value in Google Analytics. This data helps us analyze visitor behavior, identify traffic sources, and improve our website and plugin store. We do not use Google Analytics Advertising Features.

Embedded Content from Other Websites

Our site may include embedded content from other websites. This content behaves as if you visited the third-party site directly, which may collect data, use cookies, or track interactions, especially if you are logged in to their platform.

4. Third-Party API Integrations

TubeBay Plugin – YouTube Account Connection (Google OAuth)

Our TubeBay plugin allows WooCommerce store administrators to connect their YouTube channel to their store in order to display YouTube videos on product pages. This section explains exactly what data is accessed, how it is protected, how it is used, and your rights in relation to that data.

---

4.1 Data Protection and Security Measures

WPAnchorBay implements the following technical and organizational measures to protect the YouTube account data accessed through the TubeBay plugin:

Encryption in Transit; All communication between the TubeBay plugin, our OAuth proxy endpoint (https://tbac.wpanchorbay.com), and Google’s OAuth 2.0 servers is conducted exclusively over HTTPS using TLS encryption. No OAuth credentials or YouTube data are transmitted over unencrypted connections at any point.

Proxy Server – No Data Retention; Our OAuth proxy server handles only the one-time authorization code exchange with Google. It does not log, write to disk, cache, or retain any OAuth tokens, refresh tokens, or YouTube account data at any stage of the exchange. The credentials are passed directly and immediately to the administrator’s WordPress installation and are never stored on WPAnchorBay’s infrastructure.

Credential Storage; OAuth refresh tokens are stored exclusively within the administrator’s own WordPress database, on their own hosting environment, under their own control. WPAnchorBay has no access to these stored credentials after the initial token exchange is complete.

Minimal Data Collection; TubeBay requests only the youtube.readonly scope — the narrowest scope sufficient to provide its functionality. No write access, no Google profile data, no email address, and no other Google account data is requested or stored.

Data Caching and Expiry; Video data retrieved from the YouTube API (video IDs, titles, and thumbnail URLs) is stored temporarily in WordPress transients and automatically expires based on the configured cache duration (default: 12 hours). This cache is also cleared immediately if the administrator disconnects their YouTube account. When a store administrator manually assigns a video to a product, only the video ID, title, and thumbnail URL are saved as WordPress post meta on that product.

No Frontend Exposure; YouTube API calls are made exclusively within the WordPress admin dashboard, initiated only by the store administrator. The plugin never makes API calls on behalf of frontend visitors. OAuth credentials are never exposed to the browser or frontend codebase.

Access Revocation; Administrators can disconnect their YouTube account and invalidate stored credentials at any time from within the TubeBay settings dashboard, or by visiting their Google Account Permissions page at https://myaccount.google.com/permissions. WPAnchorBay has no ability to access or use credentials after revocation.

Administrator Responsibility; The security of the WordPress database in which OAuth credentials are stored is the responsibility of the store administrator. We recommend keeping WordPress, all plugins, and hosting environments updated and secured in accordance with general WordPress security best practices.

---

4.2 How the Connection Works

When a store administrator chooses to connect their YouTube account, they are redirected to Google’s official OAuth 2.0 consent screen. This process uses the youtube.readonly scope, which grants read-only access to the authenticated user’s YouTube account data. The administrator must explicitly grant permission on Google’s consent screen before any data is accessed.

The OAuth flow is facilitated through our secure proxy endpoint at https://tbac.wpanchorbay.com. This server handles the token exchange with Google on behalf of the plugin and immediately returns the resulting credentials to the administrator’s own WordPress installation. We do not retain, log, or store any OAuth tokens, refresh tokens, or YouTube account data on our proxy server. All credentials are stored exclusively in the administrator’s own WordPress database, on their own hosting environment.

---

4.3 What Data Is Accessed

Using the youtube.readonly scope, the TubeBay plugin accesses the following data from the authenticated YouTube account, solely at the request of the store administrator within their WordPress admin dashboard:

• Channel information (channel ID, channel name)
• Playlist names and playlist IDs
• Video metadata: video IDs, titles, and thumbnail URLs

---

4.4 How This Data Is Used

The data retrieved from YouTube is used exclusively for the following purpose: to populate a video library inside the WordPress admin dashboard, allowing the store administrator to browse their own YouTube content and assign specific videos to WooCommerce product pages.

This data is:

• Accessed only when the store administrator initiates a sync action within the WordPress admin dashboard. It is never accessed automatically or from the frontend of the store.
• Video data retrieved from the YouTube API (video IDs, titles, and thumbnail URLs) is stored temporarily in WordPress transients and automatically expires based on the configured cache duration (default: 12 hours). This cache is also cleared immediately if the administrator disconnects their YouTube account. When a store administrator manually assigns a video to a product, only the video ID, title, and thumbnail URL are saved as WordPress post meta on that product.
• Never used for advertising, profiling, analytics, or any purpose beyond the product gallery feature described above.
• Never shared with third parties.

---

4.5 What Data Is Not Accessed

The youtube.readonly scope does not grant and TubeBay does not access any of the following: your Google account email address, your Google profile, financial data, private messages, comments, watch history, subscriptions, or any data beyond the channel, playlist, and video metadata listed above.

---

4.6 Frontend Visitors

TubeBay does not perform any YouTube API calls on behalf of frontend store visitors. When a visitor views a product page containing a TubeBay video, the video thumbnail is served as a static image (the “Video Facade”). YouTube’s iframe player is only loaded if the visitor explicitly clicks to play the video, at which point standard YouTube embed behavior applies and is governed by Google’s own privacy policy.

---

4.7 Revoking Access

You may disconnect your YouTube account from TubeBay at any time from within the plugin’s settings dashboard. Disconnecting your account will also immediately clear all cached YouTube data from your WordPress database. You can also fully revoke TubeBay’s access to your Google account at any time by visiting your Google Account Permissions page at https://myaccount.google.com/permissions and removing TubeBay from the list of connected apps. Upon revocation, the stored refresh token in your WordPress database will no longer be valid.

---

4.8 Third-Party Services – Google & YouTube

The TubeBay plugin connects to the YouTube Data API v3, a service provided by Google LLC. By connecting your YouTube account through TubeBay, you agree to be bound by:

• YouTube Terms of Service: https://www.youtube.com/t/terms
• Google Privacy Policy: https://policies.google.com/privacy

5. Who We Share Your Data With

If you subscribe to our newsletter or purchase a plugin, your name and email address are stored with our newsletter service provider (currently MailChimp) to send requested emails and plugin update notifications. You may unsubscribe at any time.

If you begin but do not complete a plugin purchase, your name, email address, and billing address (if provided) may be stored via an abandoned cart recovery service (currently Recapture) to send a reminder email. You may opt out of these reminders at any time by contacting us.

We do not sell your personal data to third parties. Data is shared with service providers only to the extent necessary to deliver the services described in this policy.

6. International Data Transfers

WPAnchorBay is headquartered in the United States. If you are located outside the United States, including in the European Union or the United Kingdom, your personal data may be transferred to and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that differ from those in your jurisdiction. Where required, we ensure appropriate safeguards are in place to protect your data during such transfers, in compliance with applicable data protection laws including GDPR.

7. How Long We Retain Your Data

Comments and their metadata are retained indefinitely to streamline follow-up comment approvals.

User account information for registered users or accounts created during purchase is stored indefinitely for tax, accounting, and reporting purposes.

Contact form data is retained for one year and then permanently deleted.

You may request deletion of your personal data at any time, subject to any legal obligations we may have to retain certain records.

8. Your Rights Over Your Data

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• The right to access the personal data we hold about you.
• The right to request correction of inaccurate data.
• The right to request erasure of your data (the “right to be forgotten”).
• The right to restrict or object to the processing of your data.
• The right to data portability.
• The right to withdraw consent at any time, where processing is based on consent.

California residents may also have the right to know what personal information is collected, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising these rights.

To exercise any of these rights, contact us at

[email protected] or through our Support Center.

9. Children’s Data

Our website and plugins are not directed at children under the age of 13 (or 16 where applicable under GDPR). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take prompt steps to delete it.

10. Where We Send Your Data

Comments submitted on our site may be processed by an automated spam detection service. No other personal data is sent to external parties beyond the service providers described in this policy.

11. Contact Information

For any questions, concerns, or requests regarding this privacy policy or your personal data, please reach us through any of the following channels:

• Email: [email protected]
• Support Center: wpanchorbay.com/support
• Address: 12120 Conant Street, Detroit, MI, United States

This policy is reviewed and updated periodically. We encourage you to revisit this page regularly. Continued use of our website and plugins following any update constitutes acceptance of the revised policy.