W
WooShift

Privacy Policy

How we collect, use, and protect your data

Your Privacy Matters

At WooShift, we take your privacy seriously. This policy explains what data we collect, why we collect it, and how we use it. We're committed to transparency and compliance with GDPR and Austrian data protection laws.

Data Controller

Responsible party: Gregor Wallner

Email: hello@wooshift.com

Website: wooshift.com

Data We Collect

Contact Forms

When you submit a contact form or audit request, we collect: name, email address, company name, website URL, and any message you provide. We use this data solely to respond to your inquiry and provide the services you requested.

Analytics & Cookies

We use Vercel Analytics (privacy-friendly, GDPR-compliant) to understand how visitors use our site. This collects anonymized data about page views, browser type, device type, and geographic location (country level only). We do not track individual users or use third-party advertising cookies.

Server Logs

Our hosting provider (Vercel) automatically collects standard server log data including IP addresses, browser information, and access times. This data is used for security, troubleshooting, and performance monitoring. Logs are retained for a maximum of 30 days.

Client Projects

When working on your headless WooCommerce migration, we may temporarily access your store's data (product information, order structures, customer schemas) to configure API integrations. We never store customer personal data or payment information. All client data is handled according to strict confidentiality agreements.

How We Use Your Data

  • To respond to your inquiries and provide requested services
  • To send performance audit reports and project proposals
  • To communicate about ongoing projects and support
  • To improve our website and services based on anonymous usage patterns
  • To comply with legal obligations and protect our rights

We will never: Sell your data to third parties, use it for unsolicited marketing, or share it without your explicit consent (except where required by law).

Legal Basis (GDPR)

Consent (Art. 6(1)(a) GDPR): When you submit forms, you consent to us processing your data for the stated purposes.

Contract Performance (Art. 6(1)(b) GDPR): Processing client data is necessary to deliver our headless migration services.

Legitimate Interests (Art. 6(1)(f) GDPR): Analytics and security monitoring serve our legitimate interest in operating a secure, effective website.

Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted via encrypted HTTPS connections (TLS 1.3)
  • Form submissions are processed securely and stored with restricted access
  • Client project data is encrypted at rest and in transit
  • Regular security audits and updates to our infrastructure
  • Access controls limit data exposure to authorized personnel only

Your Rights (GDPR)

Under GDPR, you have the following rights:

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Right to Restriction

Limit how we process your data

Right to Data Portability

Receive your data in a structured format

Right to Object

Object to certain types of processing

To exercise any of these rights, please contact us at hello@wooshift.com. We will respond within 30 days.

Third-Party Services

Vercel (Hosting & Analytics)

Our website is hosted on Vercel Inc. (USA). Vercel is GDPR-compliant and uses Standard Contractual Clauses for EU data transfers. Their privacy policy: vercel.com/legal/privacy-policy

Calendly (Appointment Scheduling)

When you book a call via our Calendly link, Calendly collects your name and email. Calendly is GDPR-compliant. Privacy policy: calendly.com/privacy

Data Retention

Inquiry data: Retained for 12 months after last contact, unless you become a client

Client project data: Retained for the duration of the project plus 3 years for warranty/support purposes

Analytics data: Anonymized and retained indefinitely for statistical purposes

Server logs: Automatically deleted after 30 days

International Data Transfers

Some of our service providers (e.g., Vercel) are based in the USA. All international transfers are protected by GDPR-approved mechanisms such as Standard Contractual Clauses. Your data receives the same level of protection regardless of where it's processed.

Children's Privacy

Our services are intended for businesses and professionals. We do not knowingly collect data from individuals under 16. If you believe we have inadvertently collected such data, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email (if you've provided one) or by posting a notice on our website. Continued use of our services after changes constitutes acceptance.

Supervisory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde):

Österreichische Datenschutzbehörde

Barichgasse 40-42, 1030 Wien, Austria

Email: dsb@dsb.gv.at

Website: dsb.gv.at

Questions About Privacy?

If you have any questions about this privacy policy or how we handle your data, please don't hesitate to reach out.

Contact Us About Privacy

Last updated: January 13, 2025