Home › Legal › GDPR Compliance

GDPR Compliance

Last updated: 16 February 2026

ShieldPress is committed to complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This page explains how ShieldPress approaches data protection, privacy, and user rights in accordance with GDPR principles.

While ShieldPress is operated from India, we serve customers globally, including users within the European Economic Area (EEA). We therefore design our systems and policies to respect GDPR requirements where applicable.

1. Roles Under GDPR

For the purposes of GDPR:

ShieldPress acts as a Data Controller for customer account information, licensing data, billing references, and support communications.
Website owners using ShieldPress act as Data Controllers for any personal data processed on their own websites.
ShieldPress does not act as a Data Processor for website visitor data, as such data is not transmitted to our servers.

2. Lawful Basis for Processing

ShieldPress processes personal data only when a lawful basis exists under Article 6 of the GDPR, including:

Contractual necessity – to provide licensed services
Legitimate interests – security, fraud prevention, and abuse detection
Legal obligations – accounting and compliance requirements

3. Plugin Operation & Visitor Data

The ShieldPress Anti-Spam plugin is designed with a privacy-by-design approach.

Spam detection, behavioral analysis, and filtering are performed locally on your WordPress installation. ShieldPress does not receive, store, or analyze personal data of your website visitors on its own servers.

As a result, the use of ShieldPress does not require you to share visitor personal data with ShieldPress as a third party.

4. Data Minimization & Purpose Limitation

ShieldPress collects and processes only the minimum amount of personal data necessary to operate the service effectively.

Collected data is not repurposed for unrelated activities such as advertising, profiling, or resale.

5. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including:

Active customer accounts and licenses
Support and security audit records
Legal and regulatory compliance obligations

Where possible, data is anonymized or deleted when no longer required.

6. Data Subject Rights

Under GDPR, individuals located in the EEA have the following rights:

Right of access to personal data
Right to rectification of inaccurate data
Right to erasure (“right to be forgotten”), where applicable
Right to restrict processing
Right to data portability
Right to object to certain processing activities

Requests to exercise these rights can be submitted by contacting support@shieldpresswp.com. We may require identity verification before fulfilling requests.

7. Security Measures

ShieldPress implements appropriate technical and organizational measures to protect personal data, including:

Encrypted communication (HTTPS)
Secure password hashing
Role-based access controls
Audit logging and monitoring

8. International Data Transfers

Where data is processed or stored outside the European Union, ShieldPress ensures that appropriate safeguards are in place in accordance with GDPR requirements.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, ShieldPress will notify affected users and relevant authorities as required by GDPR.

10. Contact & Complaints

If you have concerns about our GDPR compliance or data protection practices, you may contact us at:

Email: support@shieldpresswp.com

You also have the right to lodge a complaint with a supervisory authority in your country of residence if you believe your data protection rights have been violated.