Our
Privacy Policy

Last updated: 8 April 2026

This Privacy Policy explains how REDSHAPE di Lorenzo Corso, trading as TheOneWP (”TheOneWP”, “we”, “us”, or “our”), collects, uses, stores, and discloses personal data when you visit www.theonewp.com, create an account, purchase a license, contact us, or otherwise interact with our website, products, and services.

This Privacy Policy is intended for users in the European Union, European Economic Area, United Kingdom, Switzerland, United States, and other international jurisdictions, subject to applicable local laws.

1. Data Controller

The data controller is:

REDSHAPE di Lorenzo Corso

Piazza del Porto 10/A

37124 Verona (VR)

Italy

Email: info@redshape.it

Privacy contact: info@redshape.it

VAT number: 02670160205

2. Scope of This Policy

This Privacy Policy applies to personal data collected through:

  • the website www.theonewp.com;

  • the account area and login system;

  • purchases, invoices, and billing workflows;

  • contact and support requests;

  • product licensing and update delivery;

  • customer communications related to our products and services.

This Privacy Policy does not apply to third-party websites, services, or platforms that may be linked to or used in connection with our services, including payment providers, external repositories, Cloudflare services, or third-party AI platforms. Those third parties operate under their own privacy policies and terms.

3. Personal Data We Collect

We collect personal data only to the extent necessary to operate our website, provide our services, process purchases, deliver updates, and respond to customer requests.

3.1 Data you provide directly

When you contact us, create an account, or place an order, we may collect:

  • first name and last name;

  • email address;

  • company name, if provided;

  • account credentials;

  • the content of messages, support requests, or other communications you send us.

3.2 Transaction and billing data

When you purchase a license or subscription, we may collect or receive limited transaction and billing information from the payment provider, such as:

  • purchase details;

  • selected plan;

  • payment status;

  • invoice details;

  • billing name;

  • billing address, if provided through the payment provider;

  • tax or VAT information, where required;

  • transaction identifiers supplied by the payment provider.

Customers do not enter payment card details directly on our website. Payments are processed through PayPal or other third-party payment providers used from time to time. We do not intentionally store full payment card details on our own servers.

3.3 Technical and website usage data

When you visit our website, some technical data may be processed automatically, such as:

  • IP address;

  • browser type and version;

  • device type;

  • operating system;

  • referring pages;

  • pages visited;

  • timestamps;

  • server logs and security-related events.

This information is used for website operation, security, debugging, and fraud prevention.

3.4 Account and licensing data

If you create an account or purchase a license, we may process:

  • account identification data;

  • license status;

  • subscription or plan information;

  • order history;

  • invoice history;

  • update eligibility;

  • support entitlement.

3.5 Plugin update-related data

Our plugin connects to our server only for update-related purposes, such as checking whether a newer version is available and delivering update information where applicable.

We do not use the plugin to perform behavioral tracking, usage profiling, or general telemetry, unless explicitly stated otherwise in separate product documentation.

Data involved in update requests may include technical information strictly necessary to determine update availability and license validity, such as:

  • plugin version;

  • product or license status;

  • domain or site identifier, where required for license validation or update eligibility;

  • server request metadata such as IP address and user agent.

This processing is limited to what is reasonably necessary to provide updates, maintain security, and prevent license abuse.

3.6 AI-related data

Some product features may allow users to connect their own third-party AI provider accounts or API keys.

In those cases:

  • the AI functionality is based on API keys provided directly by the user;

  • prompts, requests, and outputs generated through those AI integrations may be processed by the user’s chosen third-party provider;

  • we do not provide the AI model account on the user’s behalf unless explicitly stated otherwise;

  • we are not responsible for the independent privacy practices of those third-party AI providers.

Users are responsible for reviewing and complying with the privacy terms, data handling rules, and API conditions of the AI providers they choose to connect.

3.7 Anti-bot and form protection data

We use Cloudflare Turnstile to help protect forms and the website from abuse, automated submissions, and malicious traffic. In connection with Turnstile, certain technical information may be processed for security and verification purposes, such as browser, device, and network-related signals, in accordance with Cloudflare’s own policies and documentation.

4. Sources of Personal Data

We collect personal data:

  • directly from you;

  • automatically from your browser or device when you use the website;

  • from payment providers and invoicing systems when a transaction is made;

  • from service providers helping us operate the website, support, licensing, billing, and security.

5. Purposes of Processing

We process personal data for the following purposes:

  • to provide access to the website and account area;

  • to create and manage user accounts;

  • to process orders, subscriptions, invoices, and refunds;

  • to deliver product licenses and updates;

  • to verify license validity and update eligibility;

  • to respond to contact requests and support inquiries;

  • to protect forms and prevent spam, abuse, and malicious activity;

  • to maintain the security and integrity of our systems;

  • to detect fraud, abuse, unauthorized use, or violations of our terms;

  • to comply with legal, tax, accounting, and regulatory obligations;

  • to communicate with customers regarding purchases, services, updates, or support matters.

We do not collect personal data for unrelated purposes in a way that would be incompatible with the purposes described above.

6. Legal Bases for Processing

If you are located in the EEA, UK, or Switzerland, we process personal data on one or more of the following legal bases:

Contract

We process personal data where necessary to perform a contract with you or take steps at your request before entering into a contract, including:

  • account creation;

  • order processing;

  • invoice issuance;

  • support delivery;

  • licensing;

  • update delivery.

Legitimate Interests

We may process personal data where necessary for our legitimate interests, including:

  • operating and securing our website and infrastructure;

  • managing accounts and services;

  • preventing fraud, spam, and abuse;

  • protecting our legal rights;

  • ensuring proper licensing and update functionality;

  • maintaining internal administrative records.

Where required, we balance these interests against your rights and freedoms.

Legal Obligation

We may process personal data where necessary to comply with legal obligations, including tax, accounting, consumer protection, and law enforcement obligations.

Consent

Where required by law, we rely on your consent, for example in relation to optional communications or other processing activities that legally require consent.

7. Cookies and Similar Technologies

We use cookies and similar technologies only to the extent necessary for essential website functionality, security, form protection, account access, and payment-related workflows.

At the time of writing, we do not use analytics cookies or marketing cookies on the website unless and until such tools are actually enabled and appropriately disclosed.

For more information, please refer to our Cookie Policy.

8. Payments

Payments are processed by third-party payment providers, including PayPal. These providers may process personal data necessary to complete transactions, prevent fraud, and comply with legal obligations.

We may receive limited transaction-related information from such providers, including:

  • payment confirmation;

  • transaction ID;

  • billing name;

  • billing address, if provided through the payment provider;

  • tax information;

  • invoice-related details.

Customers are redirected to or otherwise complete payment through the payment provider’s own environment. We do not control how payment providers process personal data for their own compliance, fraud prevention, or regulatory purposes.

9. Licensing and Updates

We process account and licensing data to:

  • activate and manage licenses;

  • determine update eligibility;

  • provide customer access to purchased products;

  • prevent unauthorized usage and abuse;

  • maintain service continuity and product integrity.

The plugin’s connection to our server is limited to update-related functionality and related technical validation necessary for that purpose.

We do not use that connection to monitor the content of your website or to collect general user behavior analytics from the plugin itself, unless explicitly disclosed elsewhere.

10. Customer Support and Communications

If you contact us by form, email, or support channels, we may process the information you provide in order to:

  • answer your request;

  • troubleshoot product issues;

  • verify your account or purchase;

  • maintain support records;

  • improve customer service quality.

Please do not send highly sensitive personal data unless it is strictly necessary for support.

11. AI Integrations and User Responsibility

Where the product offers integrations with third-party AI services through user-supplied API keys:

  • the user decides whether to activate those features;

  • the user is responsible for the API credentials they provide;

  • prompts, instructions, content, and outputs are generally transmitted from the user’s own environment to the selected third-party AI provider using API credentials configured directly by the user;

  • such processing is governed in part by the privacy policy and contractual terms of the chosen AI provider.

We do not control how third-party AI providers process data submitted through their own systems.

Users must ensure that they have a valid legal basis to submit any personal data to third-party AI services through those integrations.

12. Sharing of Personal Data

We may disclose personal data only where reasonably necessary to operate our business and provide our services, including to:

  • payment processors and payment service providers;

  • invoicing providers;

  • hosting and infrastructure providers;

  • Cloudflare or equivalent website security providers;

  • email and support service providers;

  • security and fraud prevention providers;

  • professional advisers such as lawyers, auditors, and accountants;

  • competent courts, regulators, public authorities, or law enforcement where required by law;

  • successor entities in the event of a merger, acquisition, financing, or business transfer.

We do not sell personal data for money.

13. International Data Transfers

Because we may use service providers located in different countries, personal data may be transferred to and processed outside your country of residence, including outside the EEA, UK, or Switzerland.

Where required, we implement appropriate safeguards for international transfers, such as:

  • adequacy decisions;

  • Standard Contractual Clauses;

  • contractual protections;

  • supplementary technical and organizational measures where appropriate.

14. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to:

  • provide services and account access;

  • maintain billing and tax records;

  • respond to support matters;

  • comply with legal obligations;

  • resolve disputes;

  • enforce our agreements;

  • maintain security and fraud prevention records.

Retention periods depend on the type of data and the legal or operational purpose involved.

For example:

  • account data may be retained while your account remains active and for a reasonable period afterward;

  • billing and invoice data may be retained for the period required by tax and accounting laws;

  • support communications may be retained as reasonably necessary for customer service and legal protection;

  • security and server logs may be retained for a limited time consistent with security and operational needs.

15. Data Security

We implement reasonable technical and organizational measures designed to protect personal data from unauthorized access, loss, misuse, disclosure, alteration, or destruction.

These measures may include:

  • HTTPS encryption in transit;

  • access controls;

  • authentication safeguards;

  • restricted internal access;

  • logging and security monitoring;

  • software updates and vulnerability management;

  • backup and recovery procedures.

No system is completely immune from risk. Accordingly, we cannot guarantee absolute security.

16. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to:

  • access your personal data;

  • correct inaccurate data;

  • request deletion of data;

  • restrict processing;

  • object to certain processing;

  • receive data portability where applicable;

  • withdraw consent where processing is based on consent;

  • lodge a complaint with a supervisory authority.

To exercise your rights, contact us at:

info@redshape.it

We may need to verify your identity before responding.

EEA / UK / Switzerland

If you are in the EEA, UK, or Switzerland, you may also lodge a complaint with the relevant data protection authority in your country or region.

United States and Other Jurisdictions

If local law grants you specific privacy rights, we will handle requests in accordance with applicable law, subject to verification and lawful limitations.

17. Marketing Communications

If we send newsletters or promotional communications, we will do so in accordance with applicable law.

You can opt out of marketing emails at any time by using the unsubscribe link or contacting us directly.

Transactional messages, such as purchase confirmations, invoices, account notices, update notices, or support responses, are not marketing communications and may still be sent where necessary.

18. Children’s Privacy

Our website and products are not directed to children, and we do not knowingly collect personal data from children in violation of applicable law.

If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps.

19. Third-Party Services and Links

Our website or products may contain or rely on third-party services, including payment processors, code repositories, security tools, and third-party AI providers.

We are not responsible for the privacy practices of those third parties. You should review their privacy policies separately.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or operational practices.

When we do, we will update the “Last updated” date at the top of this policy and, where required, provide appropriate notice.

21. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

REDSHAPE di Lorenzo Corso

Piazza del Porto 10/A

37124 Verona (VR)

Italy

Email: info@redshape.it

Privacy contact: info@redshape.it

VAT number: 02670160205