At Liven Studio, we prioritize transparency and data privacy. We adhere to the following principles:
Below is our privacy policy, detailing how we process personal data in compliance with GDPR, UK GDPR, and CCPA.
Updated on March 11, 2025 to better comply with UK GDPR and California Consumer Privacy Act.
Updated on March 27, 2025 to explicitly mention the Module 2 of the SCCs adopted by the EU Commission.
By using our website (www.wp-umbrella.com) and application (https://app.wp-umbrella.com/), you acknowledge that you have read and understood this Privacy Policy.
LIVEN STUDIO (“we”, “us”) is responsible for determining how your personal data is processed in compliance with applicable privacy laws.
This document explains how we collect, use, store, and protect your personal data, as well as your rights under GDPR, UK GDPR, and CCPA. LIVEN STUDIO is committed to protecting your personal data and ensuring compliance with global privacy laws, including:
We ensure compliance through strict data governance, security protocols, and transparency in data processing. This Privacy Policy applies to all users of WP Umbrella’s website and application.
This Privacy Policy applies to:
The data controller, as defined by the GDPR, is the person who determines the means and purposes of the processing. Our company LIVEN STUDIO is the data controller. LIVEN STUDIO is a simplified joint-stock company with a capital of 2353 euros, registered in the Lyon Trade and Companies Register under SIRET number 901 423 434, with its registered office located at 4 rue de République, 69001 Lyon. To consult the processing carried out by LIVEN STUDIO in its capacity as a subcontractor, please refer to our subcontracting agreement.
Each processing activity we perform has a specific legal basis, as required by applicable data protection laws (GDPR, UK GDPR, CCPA, etc.). Below is a structured overview of why we process your data (purposes) and on what legal grounds we do so.
| No. | PURPOSES (Why we use the data) | LEGAL BASES (What authorizes us to process data) |
|---|---|---|
| 1 | Technical management of the Application (e.g., maintenance, hosting, security, user account management) | Performance of a contract (Terms of Use) and execution of pre-contractual measures – Necessary to provide the service Legitimate interest (ensuring platform functionning, security and preventing abuse) |
| 2 | Customer management (e.g., order tracking, payments, renewals, pre-subscription exchanges, support service) | Performance of a contract (managing purchases, payments, and support requests) Legal obligation (financial and tax regulations require us to store billing information for up to 10 years) |
| 3 | Customer loyalty & commercial prospecting (e.g., engaging with registered users, sending promotions, retaining customers) | Legitimate interest (developing our business, retaining customers, etc.) |
| 4 | Measuring customer satisfaction & improving the application (e.g., collecting user feedback, surveys) | Legitimate interest (enhancing our services based on user feedback) Consent (if satisfaction surveys involve processing personal data) |
| 5 | Website management (e.g., security, contact forms, testimonials, analytics, newsletter subscriptions) | Legitimate interest (ensuring website functionality and security) Consent (required for analytics and newsletter subscriptions) |
| 6 | Management of the affiliate program (tracking affiliates and commission payments) | Performance of a contract (affiliate terms) |
We commit to processing strictly only the personal data necessary for the purposes outlined above.
| No. | PURPOSES | TYPE OF PERSONAL DATA |
|---|---|---|
| 1 | Technical management of the Application | User account data: email, first name, last name – API key (Login possible via Google and Github accounts), Connection data: IP addresses, logs, terminal identifiers, connection identifiers |
| 2 | Customer management | Customer data: account data (first name, last name, email), Order-related data (billing address, company name, order date, credit card, renewal date, payment, exchanges) |
| 3 | Customer loyalty and commercial prospecting | Clients, users, prospects: first name, last name, email, country |
| 4 | Measuring Application satisfaction | Customer data: name, first name, gravatar, email, last login date, OS, vote, comments |
| 5 | Management of www.wp-umbrella.com | – Connection data: IP addresses, logs, terminal identifiers, browser logs, contact form data: name, first name, email, message, need, Data of referenced individuals and customers providing testimonials: name, first name, photo, position, testimonials, Email for newsletter subscribers, Audience measurement tracker data is anonymized |
| 6 | Management of the affiliate program | Affiliate identity data, Affiliate-related data: referred customers, commission amounts |
LIVEN STUDIO does not process sensitive personal data (such as race, religion, health, or biometric data). If required in the future, we will request explicit consent.
We retain personal data only as long as necessary for the purposes described in Section 4 and in compliance with applicable laws. Below is a structured overview of retention periods for each processing activity:
| No. | PURPOSES | DATA RETENTION PERIODS |
|---|---|---|
| 1 | Technical management of the Application | User accounts: Retained as long as the account is active. If inactive for 3 years, we send an email; if there’s no response, data is deleted. Connection logs: Retained for a few weeks/months, only as needed for security purposes. |
| 2 | Customer management | Billing & order data: Retained for 10 years (to comply with financial regulations). Support service data: Retained for 2 years after the last ticket closure. |
| 3 | Customer loyalty and commercial prospecting | Existing customers: Data retained for 3 years after the last contract activity. Marketing contacts: Retained for 3 years from last interaction (unless user unsubscribes). |
| 4 | Measuring Application satisfaction | Feedback & survey data retained for 10 years. |
| 5 | Management of the website www.wp-umbrella.com | Security logs: Retained for a few weeks/months, as needed. Contact form data: Retained for 2 years after last contact. Customer testimonials: Retained for 5 years after publication. Newsletter subscribers: Retained for 3 years after last engagement; we send an opt-in renewal message before deletion. |
| Management of the affiliate program | Retained for 10 years after contract termination. |
The collected data are mandatory for fulfilling the processing purposes.
LIVEN STUDIO collects Data directly from the concerned individual, except for satisfaction measurement and the affiliate program, where some data are collected using third-party tools.
The personal data collected are intended for the use of LIVEN STUDIO. However, they may be transmitted to our service providers/suppliers who participate as processors in the management of the WP UMBRELLA Website and Application, such as the Application host (Scaleway) and the online payment service provider Stripe. We ensure that our processors commit to complying with the GDPR. The list of our processors is available upon request (support@wp-umbrella.com). LIVEN STUDIO may disclose personal data to competent authorities in operations aimed at combating any criminally punishable activity.
We take data security seriously and implement technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, and misuse.
1. Technical Security Measures
2. Data Breach Response
If we detect a data breach affecting personal data, we will:
If you believe your data has been compromised, please contact us at support@wp-umbrella.com.
We may transfer personal data outside the European Economic Area (EEA) strictly in compliance with the General Data Protection Regulation (GDPR). These transfers occur only when necessary to provide our services and always under legally approved safeguards.
When personal data is processed in a country that does not have an Adequacy Decision from the European Commission, LIVEN STUDIO ensures that transfers are governed by European Commission’s Standard Contractual Clauses (SCCs), ensuring that recipients provide GDPR-equivalent protection.
We do not engage in fully automated decision-making that produces legal or similarly significant effects on users. However, we may use automated processes for fraud prevention (Stripe).
All automated processes have human oversight. If a security flag or fraud detection alert affects your account, our team will review it manually before taking action.
As a data subject, you have several rights under the General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act (CCPA) (for California residents). Below is a breakdown of your rights and how you can exercise them.
| Right | What It Means | How to Exercise It |
| Right of Access | You can request a copy of the personal data we hold about you. | Contact us at support@wp-umbrella.com with the subject line: “Data Access Request.” We will respond within 30 days. |
| Right to Rectification | If your personal data is incorrect or incomplete, you can request an update. | Update your information directly in your WP Umbrella account or email us at support@wp-umbrella.com. |
| Right to Erasure (“Right to be Forgotten”) | You can request that we delete your personal data under certain conditions (e.g., if it’s no longer necessary for its original purpose). | Submit a deletion request at support@wp-umbrella.com. If deletion is not possible due to legal obligations (e.g., tax records), we will inform you. |
| Right to Restrict Processing | You can ask us to temporarily stop using your data (e.g., while verifying an accuracy request). | Contact us at support@wp-umbrella.com with details of your request. |
| Right to Data Portability | You can request a copy of your data in a structured, machine-readable format and transfer it to another service. | Request data portability via support@wp-umbrella.com. We will provide the data in JSON or CSV format. |
| Right to Object | You can object to data processing based on legitimate interest (e.g., marketing emails). | Click “Unsubscribe” in marketing emails or email support@wp-umbrella.com. |
| Right to Withdraw Consent | If we process your data based on consent (e.g., newsletters), you can withdraw it at any time. | Adjust your settings in your account or email support@wp-umbrella.com. |
| Right to File a Complaint | If you believe we are misusing your data, you can file a complaint with the data protection authority. | Contact CNIL (France): https://www.cnil.fr/fr/webform/adresser-une-plainte or your local authority. |
| Right to Define Post-Mortem Directives (France Only) | You can set instructions for what happens to your data after your death. | Contact us at support@wp-umbrella.com to submit your directives. |
California Residents: Additional CCPA Rights
California residents have extra rights under CCPA, including:
📌 How to Exercise CCPA Rights:
California residents can submit requests via support@wp-umbrella.com
If you believe we have misused your personal data or failed to uphold your privacy rights, you have the right to lodge a complaint.
1. Contacting LIVEN STUDIO First (Recommended)
We encourage you to contact us first so we can resolve your concerns quickly. You can reach us at:
2. Complaints Under GDPR (EU & UK Users)
If you are in the European Economic Area (EEA) or the UK, you may contact your national data protection authority:
If you are unsure which authority to contact, you can find a complete list here: EDPB National Authorities.
3. Complaints Under CCPA (California Users)
California residents may report privacy concerns to the California Attorney General’s Office:
You may also submit a CCPA request directly to us via privacy@wp-umbrella.com.
Updated on March, 11, 2025
In the context of using the WP UMBRELLA solution (hereinafter referred to as the “Solution” or “WP UMBRELLA Solution”), the company LIVEN STUDIO may process personal data as a Processor on behalf of its users (hereinafter “Users”): freelance developers or web agencies managing WordPress sites.
Under this Data Processing Agreement (DPA), the User entrusts LIVEN STUDIO with processing personal data. The User acts as the Data Controller, determining the purpose and means of processing, while LIVEN STUDIO acts as the Processor, following the documented instructions of the User.
This agreement is made in compliance with:
Each party undertakes to comply with its respective obligations under these regulations.
This agreement aims to define the conditions under which LIVEN STUDIO, in its capacity as a processor, carries out the processing of personal data on behalf of the User, who is the data controller. To consult the processing carried out by LIVEN STUDIO as a data controller, the User is invited to refer to the Privacy Policy.
Personal Data: Refers to any information relating to an identified or identifiable person. A person who can be identified, directly or indirectly, in particular by reference to an identifier or one or more specific elements unique to their identity, is deemed identifiable.
Regulation: Refers to the applicable regulations for the Parties on the date of the considered Processing, in particular, Law No. 78-17 of January 6, 1978 (known as “Data Protection Act” or “LIL”) and the General Data Protection Regulation (“GDPR”) 2016/679 of the European Parliament and of the Council of April 27, 2016.
Processing: Refers to any operation or set of operations carried out on Personal Data, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as locking, erasing, or destruction, regardless of whether this operation is carried out automatically or not.
Data Controller: Refers to the Party who, alone or jointly, determines the purposes and means of a Processing. In the context of this agreement, and with respect to LIVEN STUDIO, the data controller is the User.
Processor: Refers to any natural or legal person who processes Personal Data on behalf of the Data Controller. In the context of this agreement, the Processor with respect to the User is LIVEN STUDIO.
Subprocessor: Any third-party processor engaged by LIVEN STUDIO to assist in processing personal data on behalf of the User.
Documented Instructions: Written, electronic, or contractual instructions from the User specifying how LIVEN STUDIO should process personal data.
Data Subject(s): Refers to any natural person whose Personal Data may be subject to Processing by the Processor under this agreement.
In the context of using the WP UMBRELLA Solution, LIVEN STUDIO performs processing of personal data of the User’s end client(s), as well as individuals interacting with the WordPress site(s) of these end client(s). The User entrusts LIVEN STUDIO with “cascading” subcontracting activities on personal data, on behalf of their end client(s). The User, as a Data Controller with respect to LIVEN STUDIO and as a processor with respect to their end client(s), commits to complying with all obligations incumbent upon them under the Regulation. In particular, the User declares to have informed and signed a written data processing agreement in accordance with Article 28 of the GDPR, with their end client(s), expressly authorizing them to use the WP UMBRELLA Solution, install the WP UMBRELLA plugin on their WordPress site(s) and perform the personal data Processing described below, under the conditions defined in this agreement. The User undertakes that the data processing agreement to be concluded between them and their end client(s) reflects the personal data processing described below in Article 4 and complies with the conditions defined in this agreement.
LIVEN STUDIO, as a data processor, performs the following activities on behalf of the User (the data controller). These processing activities occur within the WP Umbrella service and are carried out strictly based on documented instructions provided by the User.
Backup encryption
Backups are encrypted (AES-256, + HMAC-SHA256 authentication) before storage, at rest, and in transit with secured data transmission (TLS 1.2/1.3).
The processing may have the following purposes:
The Processing may consist of: Consultation, structuring, exporting, preservation, transmission, dissemination, deletion
The Data Subjects may be:
The types of Data processed may be:
The User ensures that no sensitive data is processed under this agreement.
LIVEN STUDIO retains personal data only for as long as necessary to provide WP Umbrella services, in accordance with documented retention periods:
Upon termination of this agreement, LIVEN STUDIO will:
Exception: LIVEN STUDIO may retain anonymized or aggregated data that cannot be used to re-identify individuals for service improvement purposes.
LIVEN STUDIO, as the Processor, commits to processing personal data only on documented instructions from the User (Data Controller) and in compliance with applicable data protection laws.
6.1 General Processing Obligations
LIVEN STUDIO shall:
6.2 Security Measures
LIVEN STUDIO shall implement and maintain the following security measures:
Encryption:
Access Controls:
Data Minimization & Anonymization:
Breach Notification:
6.3 Subprocessor Management
LIVEN STUDIO may engage subprocessors for specific services, provided that: all subprocessors sign a Data Processing Agreement (DPA) ensuring compliance with GDPR.
The list of sub-processor is available upon request.
6.4 Data Return & Deletion
Upon termination of the User’s WP Umbrella account:
7.1 Use of Subprocessors
To provide the WP Umbrella service efficiently, LIVEN STUDIO relies on third-party subprocessors. These subprocessors assist with hosting, payment processing, analytics, and infrastructure services, ensuring high availability and security of our platform.
We carefully select our subprocessors to ensure they comply with GDPR, UK GDPR, and CCPA requirements. Each subprocessor is bound by a Data Processing Agreement (DPA) that includes security commitments, confidentiality clauses, and compliance with relevant data protection laws.
The list of sub-processors involved in the processing of personal data can be delivered upon request at support@wp-umbrella.com.
7.2 International Data Transfers
LIVEN STUDIO primarily processes personal data within the European Economic Area (EEA). However, some subprocessors operate outside the EEA, requiring additional safeguards for international transfers.
For personal data transfers to countries outside the European Economic Area (EEA) that do not benefit from an adequacy decision, LIVEN STUDIO relies on the Standard Contractual Clauses (SCCs) adopted by the European Commission under Implementing Decision (EU) 2021/914 of 4 June 2021, specifically:
These SCCs form an integral part of this Data Processing Agreement and ensure appropriate safeguards are in place for international transfers.
7.3 User Authorization for Subprocessors
By using the WP Umbrella service, you authorize LIVEN STUDIO to engage the subprocessors listed above for data processing on your behalf. If we add or replace a subprocessor, we will:
For questions about subprocessors, please contact us at support@wp-umbrella.com.
Furthermore, in accordance with Article 30.2 of the GDPR, LIVEN STUDIO will keep a register of processing activities carried out on behalf of the User. In this context, LIVEN STUDIO must record the contact details of the person in charge of issues related to the protection of personal data or, where applicable, the Data Protection Officer (DPO) of the User, if the User communicates this information.
The User is informed that the GDPR representative designated by LIVEN STUDIO is: Mr. Aurelio Volle, legal representative of LIVEN STUDIO. He can be reached by email: support@wp-umbrella.com.
This agreement will enter into force on the date of creation of the User’s account on the WP UMBRELLA Solution. It will remain in force as long as LIVEN STUDIO performs Processing entrusted by the User under the Terms of Use and the present agreement.
