Privacy Policy

Last updated: March 5, 2026

This Privacy Policy describes how Sunbeam Software ("we", "us", or "our") collects, uses, and protects your information when you use our services.

1. Information We Collect

Account Information:

• Email address and contact information
• Phone number (if you choose to provide it for SMS text message delivery)
• Billing information (processed by third-party payment providers)
• Account preferences and settings

WordPress Site Data:

• WordPress core version and update status
• Installed plugin and theme versions
• Security vulnerability status
• SSL certificate information and expiration dates
• Database health metrics (size, optimization status)
• SEO configuration (robots.txt, sitemap availability)
• Server response times and availability status

Technical Information:

• IP addresses for rate limiting and security
• Browser and device information for service optimization
• Usage patterns and feature interaction data

2. How We Collect Information

WordPress Plugin: Our WordPress plugin securely transmits site health data using RS256 cryptographic authentication. The plugin operates with read-only permissions and does not store or transmit:

• WordPress admin passwords or login credentials
• Post content, page content, or media files
• User personal information from your WordPress database
• Customer or visitor data from your websites

Dashboard Usage: We collect information about how you interact with our dashboard to improve the service and provide better user experience.

SMS Opt-In: If you choose to enable SMS alerts, we collect your phone number and record your explicit consent at the time of opt-in. Consent is captured through a checkbox and disclosure presented within the dashboard (during account creation or in Account Settings → Notifications). We do not collect phone numbers through any other channel and do not enroll users in SMS messaging without their affirmative consent. For full details on our SMS consent flow, see Section 3.1 below.

3. How We Use Your Information

We use collected information to:

• Provide WordPress monitoring and security scanning services
• Send alerts (including via email and SMS text message, if enabled) about vulnerabilities, SSL expiration, and updates
• Generate reports and analytics dashboards
• Improve our service and develop new features
• Communicate with you about your account and service updates
• Ensure platform security and prevent abuse

3.1 SMS and Phone Number Usage

Consent and Opt-In: SMS messaging is entirely optional. Users opt in by providing their phone number during account creation or within Account Settings → Notifications in their dashboard. At the point of opt-in, users are presented with a clear consent disclosure and must check a consent checkbox before SMS alerts are enabled.

Types of Messages Sent: We send only transactional SMS messages, including:

• One-time passcodes (OTP) for login or account verification
• Critical website monitoring alerts (downtime, security issues, SSL expiration)
• Account-related security notifications

We do not send promotional or marketing SMS messages.

Message Frequency: Message frequency varies based on your account activity and the monitoring alerts configured for your sites.

Message and Data Rates: Standard message and data rates from your wireless carrier may apply.

Opt-Out: You may opt out of SMS messages at any time by replying STOP to any message received from Sunbeam Software. You may also disable SMS alerts within your Account Settings. Upon opting out, you will receive a final confirmation message and no further SMS messages will be sent.

Help: Reply HELP to any message for assistance. Customer care: [email protected].

Privacy of Mobile Information: Mobile information, including phone numbers, will not be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Carrier Liability: Carriers are not liable for any delayed or undelivered messages.

4. Information Sharing

We do not sell, trade, or rent your personal information. Mobile information (including phone numbers) will not be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We may share information only in these limited circumstances:

Service Providers: We work with trusted third-party providers for:

• Payment processing (payment information is handled directly by payment processors)
• Email delivery for alerts and communications
• SMS delivery for transactional alerts and authentication (via Twilio)
• Infrastructure and hosting services
• Security vulnerability data (via Wordfence database integration)

Legal Requirements: We may disclose information if required by law, legal process, or to protect our rights and users' safety.

5. Data Security

We implement industry-standard security measures:

• All data transmission uses HTTPS encryption
• RS256 cryptographic authentication for WordPress plugin communication
• Timestamp-based request validation to prevent replay attacks
• IP-based rate limiting and abuse detection
• Regular security audits and monitoring
• Secure data storage with encryption at rest

6. Data Retention

We retain your information as follows:

• Account Information: Until you delete your account or request deletion
• Monitoring Data: Historical data is retained for reporting purposes, typically up to 2 years
• Security Logs: Retained for security and compliance purposes, typically 1 year
• Billing Information: Retained as required for accounting and legal purposes
• SMS Consent Records: Retained for the duration of your account and for a reasonable period after account deletion for compliance purposes

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct your account information
• Deletion: Request deletion of your account and associated data
• Portability: Export your monitoring data in standard formats
• Opt-out of SMS: Reply STOP to any SMS message or disable SMS alerts in Account Settings
• Opt-out of emails: Use unsubscribe links in non-essential emails when provided

To exercise these rights, contact us by email at [email protected].

8. Cookies and Tracking

We use cookies and similar technologies for:

• Maintaining your login session
• Remembering your preferences
• Analyzing service usage patterns
• Improving security and preventing fraud

You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.

9. International Data Transfers

Your information may be processed and stored in countries other than your residence. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable privacy laws.

10. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover such information has been collected, we will delete it promptly.

11. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice in our dashboard. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related questions or requests, please contact us by email at [email protected].

We will respond to privacy requests within 30 days of receipt.