Data protection and privacy centre

This is our data protection and privacy centre that contains all the information you need on what we do with your data. To avoid unnecessary duplication (and the risks of duplicate documents getting out of synchronisation), some of these policies apply to services sold from other websites (e.g., When so, that is indicated on that website, which links to here. (N.B. We no longer own or are involved in Keyy ( or MetaSlider ( – these plugins were sold to other companies, and you should consult their websites for their policies).

All of these policies are written to protect you, your data, and our ongoing ability to provide you and everybody else with sustainable services. Not everybody likes having lots of documents of this sort, but, they are largely mandated by the law (e.g. the EU GDPR law, California’s CCPA), and intended for everybody’s good. They are not because we are eager to find some smallprint to use to pounce upon our valued customers! You can read about our general approach in this blog post.

How we collect and process your data

Terms and conditions

Privacy policies relating to third parties

Data protection policies and agreements of/with relevant third parties

  • N.B. We do not link to the policies of (and we do not have formal agreements with) third parties that we do not deal directly with. e.g. If you chose to use Dropbox for your backup, then we are not a conduit in between you and Dropbox; technically and legally, your site interacts directly with Dropbox. We only list policies here for which we are an actual intermediary for data.
  • N.B. It’s normal to have lots of suppliers. Don’t get worried and think “gosh, my data goes to a lot of people”. The point of the General Data Protection Regulation is to ensure the opposite. The agreements all generally say something equivalent, as required by law, to “though data may be processed on our systems, we have no permission to do anything with it that was not required by the customer (whether through direct action or necessarily to provide the service they purchased)”. The agreements are part of the process of assurance that data is being handled according to best privacy practices. As required by law, we do not have any suppliers who cannot provide such assurances.
  • Cloudflare (used by us for website security and performance services) – privacy policy; legal agreement; and a copy of our data processing agreement (for which a copy signed by both Updraft WP Software Ltd. and Cloudflare exists).
  • Stripe (our payment processor for card payments) – general policy on data transfers, and data processing agreement.
  • Amazon Web Services (used by us for technical resources for provision of our UpdraftVault product) adhere to the Cloud Infrastructure Services Providers in Europe Code of Conduct – – as part of their GDPR compliance. Also, see here.
  • DigitalOcean (a supplier used by us for technical resources for provision of our UpdraftClone (temporary clone) product) comply with ‘standard contractual clauses‘ guidelines in their general data processing agreement. Here is a copy of our GDPR Data Processing Agreement with them.
  • Linode (a supplier used by us for technical resources for various servers (not all of which process any customer data)) comply with ‘standard contractual clauses‘ guidelines in their general data processing agreement. Here is a copy of the Data Processing Agreement with them, and EU Model Contract.
  • PayPal privacy policy