Legal
Privacy Policy
This policy explains what information we collect, why, and the choices you have. It covers the managed.dev website and the managed.dev hosting service.
1. Who we are
managed.dev is a managed WordPress hosting service operated by {{ LEGAL ENTITY NAME — e.g. Terrible Studios, LLC }} (“managed.dev”, “we”, “us”). Our registered address is {{ REGISTERED BUSINESS ADDRESS }}. For privacy questions, contact us at privacy@managed.dev.
Where this policy refers to “the service”, it means our hosting platform and customer dashboard at app.managed.dev. Where it refers to “the website”, it means our marketing site at managed.dev.
2. Scope of this policy
This policy applies to personal information we handle as a controller — that is, information about our website visitors, account holders, and billing contacts. It does not govern the content and end-user data you host on the service (your WordPress sites, databases, and files). We process that as a processor on your behalf; see Section 4.
3. Information we collect
- Account information — name, email address, and login credentials when you create an account or start a trial.
- Billing information — billing name, address, and the payment-card details you provide. Card details are collected and stored by our payment processor (Stripe); we do not store full card numbers on our systems.
- Customer Data — the sites, databases, files, and configuration you host with us. See Section 4 for how we treat this.
- Usage & technical data — server and application logs, IP addresses, request metadata, browser/device information, and performance telemetry (for example OpenTelemetry traces and error reports) generated when you use the service.
- Support & communications — messages, attachments, and metadata when you contact support or sales, including migration requests.
- Website data — limited information from the marketing site (see Cookies & analytics).
4. Customer data & our role
For the content and end-user data you host on the service (“Customer Data”), you are the controller and we are the processor. We process Customer Data only to provide and secure the service, to follow your documented instructions, and as required by law. You are responsible for having a lawful basis to collect and host that data and for your own privacy notices to your site visitors.
If you are subject to the GDPR, UK GDPR, or similar laws, our Data Processing Addendum (DPA) governs this relationship.
5. How we use information
We use personal information to:
- provide, operate, and maintain the service and your account;
- process payments, manage subscriptions and trials, and prevent payment fraud;
- secure the platform — detect, investigate, and prevent abuse, attacks, and policy violations;
- provide support and respond to your requests;
- send service, security, and billing notices (and, where permitted, product updates you can opt out of);
- understand and improve performance and reliability; and
- comply with legal obligations and enforce our Terms of Service.
6. Legal bases (EEA/UK)
If you are in the European Economic Area or the United Kingdom, we rely on: performance of a contract (to provide the service you sign up for); legitimate interests (to secure the platform, prevent abuse, and improve the service); consent (where required, for example optional communications); and legal obligation (for example tax and accounting records). {{ confirm consumer-law carve-outs for your jurisdiction }}
7. Cookies & analytics
The marketing website (managed.dev) sets no advertising or third-party tracking cookies. The service (app.managed.dev) uses only strictly necessary cookies to keep you signed in and your session secure.
For website analytics we use Plausible Analytics, a privacy-friendly, cookieless tool. Plausible does not use cookies, does not create persistent identifiers, and does not collect or store personal data or raw IP addresses; it reports only aggregate metrics, and all data is processed and stored in the European Union. Because no personal data or cookies are involved, we do not show a cookie consent banner for analytics. {{ confirm the no-consent position for your jurisdiction with counsel }}
8. Sharing & sub-processors
We do not sell personal information. We share it only with service providers (“sub-processors”) who help us run the service under contract, and when required by law or to protect rights and safety. Our current sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and subscription billing | United States / global |
| Sentry | Error monitoring and performance telemetry | United States |
| Plausible Analytics | Cookieless, aggregate website analytics (no personal data stored) | European Union (Estonia) |
| {{ Cloud / infrastructure provider }} | Compute, storage and networking that runs the platform | {{ region(s) }} |
| {{ Transactional email provider }} | Account, billing and notification email | {{ region }} |
Keep this list current; it is referenced by the DPA.
9. Data retention
We keep personal information for as long as your account is active and as needed to provide the service. After an account is closed, we delete or anonymize personal information within {{ RETENTION PERIOD — e.g. 30 days after account closure }}, except where we must retain records longer to meet legal, tax, accounting, or security obligations. Backups and snapshots are deleted on their normal rotation schedule.
10. Security
We apply technical and organizational safeguards appropriate to the risk, including encryption in transit (TLS), a web application firewall, rate limiting, malware scanning, vulnerability protection, hardened access controls, and audit logging. No method of transmission or storage is perfectly secure, but we work to protect your information and to respond promptly to incidents. {{ confirm encryption-at-rest and incident-notification commitments }}
11. International transfers
We may process and store information in countries other than your own. Where we transfer personal information out of the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses. {{ confirm transfer mechanism + hosting regions }}
12. Your rights
Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal information, to object to certain processing, and to withdraw consent. To exercise these rights, email privacy@managed.dev. We will respond within the time required by applicable law. You also have the right to complain to your local data protection authority.
If your personal information sits inside a site hosted by one of our customers, please contact that customer (the controller) directly; we will assist them as their processor.
13. Children
The service is not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it.
14. Changes
We may update this policy from time to time. We will post the updated version here and change the “Last updated” date, and we will give notice of material changes where required.
15. Contact us
Questions about this policy or your information? Contact privacy@managed.dev, or write to us at:
{{ LEGAL ENTITY NAME — e.g. Terrible Studios, LLC }}{{ REGISTERED BUSINESS ADDRESS }}
Our Data Protection Officer / representative (where applicable): {{ DATA PROTECTION OFFICER / EU-UK REPRESENTATIVE, if required }}.