Legal · Privacy

Privacy Policy

What PowerSEC collects from your accounts, connected WordPress sites, and billing — how we use it, where it lives, and the choices you have.

Effective dateApril 28, 2026
Last updatedApril 28, 2026
Versionv5.4 · build 2026-04-28
JurisdictionFlorida, USA
LanguagesEnglish · فارسی

PowerSEC is a control panel for managing security on WordPress sites you own or operate. This policy explains exactly what we collect from your account, the sites you connect, and your billing — and what we don’t.

01Who we are

PowerSEC is a service operated by ScamMinder AI Trust LLC (“PowerSEC,” “we,” “us,” or “our”). Our registered address is 26246 Wesley Chapel Blvd, Unit #145, Lutz, FL 33559. You can reach us at info@powersec.io.

This Privacy Policy explains what information we collect when you use PowerSEC’s website, the PowerSEC WordPress plugin, and the PowerSEC Central dashboard (collectively, the “Service”) — how we use that information, and the choices you have.

02Information we collect

We collect the following categories of information. Each category includes only what’s needed to operate the Service.

Account information
from you, at signup
Name, email address, hashed password, role, and preferences you set in your PowerSEC Central account.
Site information
from sites you connect
URLs of WordPress sites you connect, site identifiers, and metadata such as WordPress version, plugin version, and hosting indicators.
Plugin telemetry
from the plugin runtime
Heartbeat signals, configuration state, and high-level health indicators reported by the PowerSEC plugin running on sites you choose to connect.
Security findings
from scans & rules
Results of malware scans, file-integrity checks, vulnerability matches, rule applications, alerts, and remote actions you trigger from Central.
Backup metadata
from the backup pipeline
Information about backups created by the plugin — size, timestamp, type, and storage location. Backup file contents may be stored on infrastructure you configure (such as an S3-compatible bucket) according to your settings.
Billing information
from our payment processor
Plan tier, subscription status, and limited invoice metadata returned by our payment processor. We do not store full payment card numbers.
Usage & diagnostic logs
from routine operation
Request logs, error reports, IP addresses, user-agent strings, and timestamps generated by routine operation of the Service.

03How we use information

We use the information we collect to:

  • provide, operate, and improve the Service;
  • authenticate users and protect accounts;
  • perform security monitoring on connected sites and surface findings to you;
  • execute remote actions, rule syncs, scans, and backups that you trigger;
  • send service messages, alerts, and account notifications;
  • process billing, invoicing, and subscription changes;
  • detect, investigate, and prevent abuse, fraud, and security incidents;
  • respond to support requests and feedback; and
  • comply with legal obligations and enforce our Terms of Use.

04Cookies and local storage

We use a small number of strictly necessary cookies and browser local storage entries to keep you signed in, remember your preferences, and protect against abuse.

✓ We use

Session cookies, anti-CSRF tokens, and local preferences for the dashboard UI.

✕ We don’t use

Marketing or third-party advertising cookies. No cross-site tracking pixels.

If we add optional analytics cookies in the future, we will update this policy and surface a clear control before enabling them.

05Service providers we use

We rely on a small set of vendors to operate the Service. These providers receive only the information needed to perform their function and are bound by contractual obligations to protect it.

  • Hosting and database. Cloud platforms host the PowerSEC Central application and store account, site, and telemetry data.
  • Payments. A PCI-compliant payment processor handles subscription checkout and billing. PowerSEC receives plan and status information; full card data never reaches our servers.
  • Email and notifications. Transactional email and notification providers deliver account messages, security alerts, and password resets.
  • Operational monitoring. Logging and error-reporting tooling helps us investigate issues and keep the Service reliable.
  • Customer-configured storage. If you point PowerSEC at S3-compatible object storage for backups, that storage provider is your processor under your own agreement.

06How information is shared

We do not sell personal information. We disclose information only:

  • to service providers, as described above, under written agreements;
  • to comply with applicable law, valid legal process, or lawful requests from public authorities;
  • to enforce our Terms of Use or protect rights, property, or safety; and
  • in connection with a corporate transaction such as a merger or acquisition, in which case we will require comparable privacy protections.

07Data retention

We keep account and site data for as long as your account is active or as needed to provide the Service. Operational logs are retained for a limited period (typically a few months) for debugging, abuse investigation, and capacity planning. Billing records are kept for the period required by tax and accounting law.

When you delete your account, we remove or anonymize associated data on a reasonable schedule, except where retention is required by law or necessary to resolve disputes.

08Security measures

We use technical and organizational measures designed to protect the Service, including encryption in transit, access controls, signed plugin-to-Central communication, scoped API keys, and audit logging.

No system can be made completely secure. You are responsible for protecting your own account credentials, using strong passwords, keeping your WordPress sites updated, and following the security guidance we publish.

09Your rights and choices

Depending on your location, you may have rights to access, correct, delete, restrict, or port the personal information we hold about you, and to object to certain processing.

You can update most account information directly from PowerSEC Central. For other requests, email us at privacy@powersec.io from the address tied to your account. We may need to verify your identity before fulfilling a request and we will respond within the timelines required by applicable law.

10Children’s privacy

PowerSEC is intended for businesses, agencies, and adult site operators. The Service is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

11International users

PowerSEC operates in the United States. If you access the Service from another country, you understand that your information will be processed in the United States and other locations where our service providers operate. We use appropriate safeguards to protect information transferred internationally.

12Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective date” above and, where appropriate, notify account holders by email or in-product message. Continued use of the Service after the changes take effect means you accept the updated policy.

13Contact us

Questions, requests, or complaints about this policy can be sent to privacy@powersec.io, or by mail to:

Privacy & Data Protection

ScamMinder AI Trust LLC
26246 Wesley Chapel Blvd, Unit #145
Lutz, FL 33559 · United States

Email privacy team →
This policy is provided for transparency and is not legal advice. Material questions about scope, regional rights, or compliance should be reviewed by qualified counsel before acting on them.