AIpage WPBack to home

Privacy Policy

Last updated: 2026-04-29

This policy describes how AIpage WP ("we") collects, uses, and protects your personal data, in compliance with Vietnam's Decree 13/2023/ND-CP on Personal Data Protection and the EU GDPR.

1. Data controller

AIpage WP, operating at aipage.vn. Contact: support@aipage.vn.

2. Data we collect

2.1 You provide

  • Email, name, password (bcrypt-hashed) on registration.
  • Payment info handled by Lemon Squeezy — we do NOT store card numbers.
  • Bank info for commission withdrawal (account number, bank name, holder).

2.2 Collected automatically

  • Site activation: home_url, fingerprint (SHA256 of UUID + path + DB charset), IP, User-Agent, plugin/WP/PHP versions.
  • Heartbeat: last heartbeat timestamp, last IP.
  • Audit log: critical actions (activate, deactivate, refund, ban, etc.).
  • Cookies: aip_ref (affiliate referral, 90 days), NextAuth session.

3. Purposes

  • Issue and manage licenses, send welcome emails and invoices.
  • Verify plugin activation and prevent fraud (UUID collision, brute force).
  • Calculate and pay affiliate commissions.
  • Customer support and dispute resolution.
  • Service improvement (aggregated telemetry, never personalized profiling).

4. Legal basis (GDPR)

  • Contract: providing the license, dashboard, plugin (Art. 6(1)(b) GDPR).
  • Legitimate interest: fraud prevention, security, aggregated telemetry (Art. 6(1)(f)).
  • Consent: marketing cookies (if implemented), email marketing (opt-in).
  • Legal obligation: financial transaction records under Vietnamese tax law.

5. Sub-processors

ProcessorPurposeRegion
VercelNext.js backend hostingUSA
Neon (Postgres)DatabaseSingapore (ap-southeast-1)
ResendTransactional emailUSA
Lemon SqueezyInternational payment processingUSA / EU (Ireland)
AnthropicAI inference (Claude) — only when customer uses their own API keyUSA
OpenAI / Google / DeepSeek / Mistral / PerplexityAI inference — depending on customer-selected providerUSA / EU

Important AI note: the AIpage WP plugin calls AI providers directly from the customer's WordPress site using their own API key. We do NOT receive or store the prompt content sent to AI.

6. Cookies

  • authjs.session-token — login (HttpOnly, Secure).
  • aip_ref — affiliate referral, 90 days, non-sensitive.
  • NEXT_LOCALE — preferred language (vi/en).

We currently do not use ad cookies, tracking pixels, or Google Analytics.

7. Storage and retention

Data typeRetention
Account + active licenseLifetime of service
Audit log3 years
Invoices / payment records10 years (Vietnam tax law)
Deleted account (soft delete)Anonymize immediately; full purge after 90 days
Session cookies30 days or until logout
Magic link / reset tokens15-60 minutes (auto-deleted after use)

8. Your rights

Under Vietnam Decree 13/2023 and GDPR, you have the right to:

  • Access: download all personal data via /dashboard/settings → Download JSON.
  • Rectification: edit name, email, locale directly in settings.
  • Erasure: "Delete account" button in settings (soft delete + anonymize).
  • Restrict processing: contact support@aipage.vn to request.
  • Object: opt out of marketing email via unsubscribe link.
  • Lodge complaint: with your local DPA (Vietnam Cybersecurity Department or EU DPA).

9. Security

  • Passwords bcrypt-hashed (10 rounds).
  • API tokens AES-256-GCM encrypted on plugin side.
  • JWT activation tokens expire 90 days, auto-renew via heartbeat.
  • Optional 2FA TOTP for all accounts.
  • HTTPS enforced, HSTS enabled.
  • Plugin updates verify SHA256 against MITM.
  • Revoke webhooks verified via HMAC.

10. International transfers

Some sub-processors operate outside Vietnam (Vercel, Resend, Lemon, AI providers). Transfers are protected by standard contractual clauses (SCCs) and technical safeguards (encryption in transit and at rest).

11. Children

The Service is not intended for children under 16. If you are under 16, please do not register. Parents who notice their child has registered can contact support@aipage.vn for deletion.

12. Policy changes

Updates will be emailed at least 14 days before taking effect. Continued use of the Service constitutes acceptance.

13. Contact DPO

Email: support@aipage.vn(subject prefix "[Privacy] Request...").