Privacy Policy

Last updated: April 1, 2026

Who We Are

Statnive is a privacy-first analytics plugin for WordPress, developed and maintained by Statnive (“we,” “our,” or “us”). Our website is located at https://statnive.com.

We believe website analytics should be simple, fast, and respectful of user privacy. Our plugin is designed to give WordPress site owners meaningful insights without compromising their visitors’ personal data.

Important distinction: This Privacy Policy covers the statnive.com website and our company operations (account management, support, billing). The Statnive plugin itself operates entirely on your own server, does not use cookies, and does not send any visitor data to us or any third party.

What Data We Collect

Account Data

When you create a Statnive account or purchase a license, we collect:

  • Name
  • Email address
  • Billing address (for paid plans)
  • Payment information (processed by our payment provider; we do not store full card details)
  • WordPress site URL(s) associated with your license

Plugin Usage Analytics

To improve our product, we may collect anonymized, aggregated usage data such as:

  • Plugin version installed
  • WordPress version
  • PHP version
  • Active features/modules enabled

This data is collected only with your explicit opt-in consent during plugin setup. You can disable it at any time from the plugin settings.

Contact and Support Data

When you contact us for support, we collect:

  • Your name and email address
  • The content of your support request
  • Any attachments or diagnostic data you provide
  • System information shared voluntarily for troubleshooting

Website Analytics

We use minimal analytics on statnive.com to understand traffic patterns. This may include:

  • Pages visited
  • Referring source
  • Country (derived from IP, not stored)
  • Browser and device type

Plugin Geographic Data

The Statnive plugin uses GeoLite2 data created by MaxMind for approximate visitor geolocation (country and city level). The GeoIP database is downloaded directly to your server using your own MaxMind license key. No visitor IP addresses are sent to MaxMind or any third party — lookups happen locally on your server. This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

We use Google Tag Manager for analytics measurement on the statnive.com website. We do not use tracking scripts that profile visitors across websites for advertising purposes.

How We Use Your Data

We use the data we collect for the following purposes:

  • Account management — To create and maintain your account, process purchases, and manage licenses.
  • Product delivery — To provide plugin updates, verify license validity, and deliver premium features.
  • Customer support — To respond to your inquiries and resolve technical issues.
  • Product improvement — To understand how our plugin is used (aggregated, anonymized data only) and prioritize features.
  • Communication — To send transactional emails (purchase confirmations, license renewals) and, with your consent, product updates and tips.
  • Legal compliance — To comply with applicable laws, prevent fraud, and enforce our terms.

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract performance — Processing necessary to fulfill our agreement with you (account creation, license delivery, support).
  • Legitimate interests — Product improvement through anonymized analytics, fraud prevention, and security.
  • Consent — Marketing communications and optional plugin usage telemetry. You may withdraw consent at any time.
  • Legal obligation — Where we are required to retain data for tax, accounting, or regulatory purposes.

Cookies and Tracking

The statnive.com website uses a minimal set of cookies:

  • Cloudflare security cookies — Required for DDoS protection and site security. These are strictly necessary and do not track you across websites.
  • Session cookies — Used when you log in to your account dashboard. These expire when you close your browser or after a defined session period.
  • Analytics — If we use any first-party analytics, it operates without cookies or with minimal, non-identifying cookies.

We do not use advertising cookies, social media tracking pixels, or any cross-site tracking technologies. For full details, see our Cookie Policy.

Sub-processors

We process all customer data inside the EU/EEA. The full sub-processor list — every party that touches infrastructure on our behalf — is rendered as a structured table at the bottom of this page (Updated within 7 days of any upstream change).

We do not use Google Analytics, Google Tag Manager, Adobe Analytics, Segment, or any third-party tag manager on statnive.com itself. The only analytics on this site is Statnive itself — we dogfood our own privacy posture.

Cloudflare appears in the sub-processor list only as authoritative DNS for the .live zone (DNS-only / grey-cloud). Cloudflare receives DNS metadata for statnive.live lookups; it does not see application traffic, response payloads, or visitor data.

The static deploy of statnive.com is currently served via Cloudflare Pages. Cloudflare receives the request URL and serves cached static HTML / CSS / JS / fonts; no application data passes through it. We are migrating this to Hetzner in a follow-up — the static-asset posture does not change.

All sub-processors are bound under Art. 28(3) DPAs. We do not sell, rent, or trade your personal data to any third party.

Data Sharing

We do not share your personal data with third parties except:

  • Service providers — As described above, strictly for operating our business.
  • Legal requirements — If required by law, court order, or governmental authority.
  • Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, with equivalent privacy protections.

We will never sell your personal data.

Data Retention

We retain your data for as long as necessary to fulfill the purposes described in this policy:

Data TypeRetention Period
Account dataDuration of your account + 30 days after deletion
Billing records7 years (legal/tax requirements)
Support tickets2 years after resolution
Website analytics26 months (aggregated)
Marketing consent recordsDuration of consent + 1 year

You may request deletion of your account and associated data at any time.

Your Rights Under GDPR

If you are in the EEA, you have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your personal data (“right to be forgotten”).
  • Restriction — Request that we limit processing of your data.
  • Portability — Receive your data in a structured, machine-readable format.
  • Objection — Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at support@statnive.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Access controls and authentication for internal systems
  • Regular security reviews and dependency audits
  • Minimal data collection principle — we only collect what we need
  • Cloudflare WAF and DDoS protection

No method of transmission or storage is 100% secure. If we become aware of a data breach that affects your rights, we will notify you and the relevant authorities as required by law.

Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at support@statnive.com.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the “Last updated” date at the top of this page
  • Notify registered users by email for significant changes
  • Post a notice on our website

We encourage you to review this policy periodically.

Operator and contact

The operator of statnive.com and the data controller for this site is:

Herr Parhum Khoshbakht Schiffenberger Weg 1 35394 Giessen Germany

For GDPR-related inquiries, please include “GDPR Request” in your subject line to help us route your request promptly.

— Sub-processors

Every party that touches infrastructure.

Updated within 7 days
Sub-processor
Role
Country
Legal basis
Netcup GmbH
Infrastructure / VPS / DNS (optional)
DE
Art. 28(3) DPA, signed 2026-04-24
ANEXIA Deutschland GmbH
Infrastructure / personnel
DE
Inherited via Netcup Annex 2
ANEXIA Internetdienstleistungs GmbH
Infrastructure / personnel
AT
Inherited via Netcup Annex 2
DATASIX Rechenzentrumsbetriebs GmbH
Data-center operations
DE
Inherited via Netcup Annex 2
ANX Holding GmbH
Support services
AT
Inherited via Netcup Annex 2
ISRG / Let's Encrypt
TLS certificate issuance (DV, DNS-01)
US
Adequacy via EU-US DPF; no payload
Cloudflare, Inc.
Authoritative DNS for the .live zone (DNS-only / grey-cloud)
US
Adequacy via EU-US DPF; DNS metadata only

We update this list within 7 days of any upstream change. Customers on a Data Processing Agreement receive 30 days' notice via email before any new sub-processor is added.

Get Statnive Free