Pre-release Paid design-partner programme
Privacy and data handling
Local-first is the default, not permission to ignore sensitive data.
This notice describes the current website and paid design-partner programme as of 10 July 2026. It separates website contact data from trace data stored on a participant’s WordPress installation.
Pre-release operational noticeWP Flame has no public Community or Pro checkout and no required hosted trace service. This notice must be reviewed alongside the final providers, analytics, licensing, support, and checkout terms before public v1.
- Trace data is intended to remain in the participant’s WordPress database by default.
- No trace should be sent to WP Flame for review without separate, explicit permission and an agreed secure path.
- Identity, raw SQL, full URLs, user agents, IP addresses, and GraphQL query data are sensitive opt-ins—not default capture assumptions.
- Design-partner participation does not grant permission to use a client site, testimonial, research note, or case study.
- Any future licensing, analytics, AI, hosted report, or fleet service must be separately disclosed and consented to before data leaves the site.
Information you provide
Email, name, organisation, role, portfolio size, workflow description, and other information included in an application or support message. Do not submit credentials, payment data, raw traces, or unnecessary personal data through a general form.
Basic technical records
The hosting provider may process request logs such as IP address, timestamp, requested path, user agent, and error information for security and operation. Retention depends on the selected provider and must be confirmed before public launch.
Typography resources
This site currently requests stylesheet and font resources from fonts.googleapis.com and fonts.gstatic.com. Those requests expose ordinary network information such as IP address and user agent to the provider. This dependency must be reviewed or self-hosted before a broader public launch.
Essential browser state
The site may use local browser storage for interface preferences and, when an analytics endpoint is configured, your explicit anonymous-analytics choice. A local value is never treated as proof that an application was received.
Applications
Without a configured form endpoint, the application is prepared locally and opens your email client; it is not submitted until you send it. If a public form endpoint is configured, the site reports success only after that server returns a successful response. No private API key is placed in browser code.
The site contains support for a first-party commercial-events endpoint, but it sends nothing unless that endpoint is configured and you select “Allow anonymous analytics.” A Do Not Track browser signal also prevents collection.
When enabled with consent, an event may contain the event name, current page path, campaign parameters from the landing URL, destination path, placement label, and timestamp. It does not include application answers, email addresses, raw traces, credentials, or form field values. The receiving host may still process ordinary network records such as an IP address, so its provider, location, retention, and access controls must be documented before activation.
You can change the stored choice using “Analytics choices” in the footer whenever an analytics endpoint is active. Behavioural advertising, cross-site tracking, and sale of visitor data are not part of this implementation.
Trace-data categories and default treatment | Category | Default direction | Risk and control |
| Timing and span structure | Stored locally with bounded retention. | Can expose internal architecture and plugin/theme ownership; restrict administrative access. |
| Routes and request context | Normalize and redact by default. | Full URLs can contain identity, search, order, or secret values. |
| Database evidence | Prefer fingerprints/hashes and bounded metadata. | Raw SQL values may contain personal or confidential content and require explicit acknowledgement. |
| HTTP evidence | Prefer bounded host, method, status, error, and timing. | Headers, tokens, query strings, and bodies must not be captured by default. |
| Identity and client metadata | Off by default. | User identity, IP address, and user agent require a specific purpose, explicit acknowledgement, and bounded retention. |
| Exports and support bundles | Redacted by default and created locally. | The operator must review the export before sharing it outside the site. |
Design-partner programme
Separate permissions
- Participation and billing.
- Authorization for each participant or client production site.
- Review of a specific redacted trace or support bundle.
- Anonymized research notes.
- Attributable testimonial or logo use.
- Publication of a case study or benchmark example.
Purposes
Why information is used
- Respond to applications, enquiries, and support requests.
- Onboard and administer an agreed design-partner engagement.
- Investigate product safety, compatibility, and correctness with permission.
- Maintain website security and reliability.
- Meet accounting, legal, and dispute-resolution obligations where applicable.
Website, email, optional form, optional analytics, hosting, billing, support, and file-transfer providers may process only the information needed to deliver their service. Final provider names, locations, retention, and data terms must be added before those services are activated publicly.
WP Flame does not sell personal information. Data may be disclosed where required by law, to protect the service and participants, or during a business transaction subject to appropriate safeguards and notice.
Retention and deletion
Contact and programme records should be kept only while needed for the enquiry, engagement, legal obligations, or a documented dispute. Local trace retention is controlled on the WordPress installation and must be bounded by quotas and resumable cleanup before public v1.
Access and correction
You may request access, correction, deletion, or a copy of personal information held by the WP Flame project, subject to identity verification and legal obligations. Anonymous data may not be linkable back to a person after identifiers are removed.
Security is shared work
Use least-privilege access, conservative capture, bounded retention, redacted exports, and an approved secure channel. No system can promise absolute security. Report a suspected WP Flame vulnerability privately through the responsible-disclosure process.
Privacy questions and requests can be sent to hello@wpflame.com. Material changes to data handling should update the date and explanation on this page before the changed processing begins.