FindAstra

Privacy Policy

Last updated: May 19, 2026

This page explains what data FindAstra collects when you visit the site, buy the plugin, or use it on your own store. We collect as little as we can, name everyone who processes it on our behalf, and don't sell anything to anyone.

1. Who we are

FindAstra is operated by Elyass Tarik, an individual sole trader based in Morocco. For privacy questions or to exercise your rights, email support@findastra.com. We aim to respond within 5 business days. We are the data controller for the personal data described below, unless a section says otherwise.

2. What data we collect

Marketing site visitors

When you visit findastra.com, we collect anonymous usage data through Google Analytics (GA4) and PostHog: pages viewed, approximate location (country and region), referrer, screen size, browser, and the actions you take on the site such as clicks and form submissions. We don't collect your IP address in its raw form. GA4 truncates IPs and PostHog is configured to mask them. These cookies are off by default and only run if you accept them via the cookie banner.

Customers (people who buy FindAstra)

When you place an order, the transaction is processed by Freemius. They share with us: your name, email address, country of residence, the product purchased, the order amount, the license key issued, and the order date. Your payment card details never reach us. Freemius keeps the payment data and we never see it.

Plugin telemetry (opt-in)

FindAstra includes an optional usage opt-in. If you turn it on, the plugin sends us anonymous information about the WordPress and WooCommerce versions you're running, which engine you've selected, and how many products are indexed. We do not collect your product names, customer data, search queries, or any identifiable information about your site visitors. Opt-in is off by default.

Email correspondence

When you email us at support@findastra.com or any other findastra.com address, we receive the content of your email plus standard headers (sender address, timestamp). We keep support emails for as long as needed to maintain a record of the conversation.

3. Why we use it

  • Service delivery. To deliver your license, issue updates, and provide support.
  • Product improvement. To understand which pages of the site convert, which docs are read most, and which features customers actually use.
  • Customer support. To answer your questions and resolve issues.
  • Legal compliance. To meet our tax, accounting, and consumer-law obligations.
  • Security. To detect and prevent fraud, abuse, and license-key sharing.

We do not use your personal data for advertising profiling or sell it to third parties.

4. Legal bases (GDPR / UK GDPR / Moroccan Law 09-08)

If you're in the EU, the UK, or any country with a similar law, here's the legal basis we rely on for each use of your data. Customers in Morocco are covered by Law 09-08 on the protection of personal data, which broadly mirrors GDPR.

  • Contract. For processing orders, delivering licenses, and providing support. Without this data we can't fulfill the contract you entered into.
  • Legitimate interest. For aggregate analytics on the marketing site and for fraud prevention. We balance this against your right to privacy and offer opt-out options below.
  • Consent. For cookies that aren't strictly necessary, including all analytics cookies. You give this through the cookie banner and can withdraw it at any time on the cookie policy page.
  • Legal obligation. For tax records, accounting, and responses to lawful authority requests.

5. Who else processes your data (subprocessors)

We share personal data with the following processors, each contractually bound to handle it lawfully:

ProcessorPurposeLocation
Freemius Inc.Checkout, payment processing, invoicing, tax / VAT, fraud screening, refundsUnited States
Stripe and PayPal (via Freemius)Card and PayPal payments. Card data flows directly to them, not to usUnited States
Cloudflare and Amazon Web Services (via Freemius)CDN and hosting for the checkout and license serversGlobal
Google Analytics 4 (Google LLC)Aggregate site analytics with IP truncationUnited States
PostHog Inc.Product analytics with IP maskingUnited States

We sign data processing agreements with each of these processors where required by law, and we make our own DPA available on request to customers who need one.

6. International transfers

FindAstra is operated from Morocco, while several of our processors are based in the United States. When personal data of EU, UK, or Swiss residents is transferred, we rely on the European Commission's Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework, the UK International Data Transfer Addendum, or equivalent mechanisms. Copies of these are available on request.

7. Cookies

The site uses cookies for analytics and to remember your cookie preferences. The full list lives on the cookie policy page, which also explains how to accept, refuse, or change your preferences at any time.

8. Data retention

  • Order and license records: 10 years, to meet tax and accounting requirements.
  • Support emails: 3 years from the last message in the thread.
  • Marketing site analytics: GA4 set to 14 months, PostHog set to 12 months.
  • Cookie consent records: 12 months from the date you gave or withdrew consent.

9. Your rights

Depending on where you live, you have some or all of these rights. To exercise any of them, email support@findastra.com. We respond within 30 days, free of charge.

Everyone

  • Access. Ask for a copy of the personal data we hold about you.
  • Correction. Ask us to fix data that is wrong or incomplete.
  • Deletion. Ask us to delete your data, subject to legal-retention obligations like tax records.

EU, UK, and Swiss residents (GDPR)

  • Restriction. Ask us to limit how we use your data.
  • Portability. Ask for your data in a portable machine-readable format.
  • Objection. Object to processing based on legitimate interest.
  • Withdraw consent. Withdraw analytics or marketing consent at any time without affecting prior processing.
  • Complain. Lodge a complaint with your national supervisory authority if you think we're handling your data improperly.

California residents (CCPA / CPRA)

  • Right to know what personal information we collect.
  • Right to delete personal information.
  • Right to correct inaccurate personal information.
  • Right to opt out of "sale" or "sharing" of personal information. We do not sell your data, but in California's broad definition, GA4 and PostHog cookies can count as "sharing for cross-context behavioral advertising". You can opt out via the cookie page.
  • Right not to be discriminated against for exercising your rights.

Moroccan residents (Law 09-08)

  • Right of access, rectification, and objection.
  • Right to lodge a complaint with the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP).

10. Security

We use industry-standard security practices: encrypted connections (TLS) site-wide, encrypted-at-rest storage for support emails, two-factor authentication on our admin accounts, and the principle of least privilege for who can access what. No system is 100% secure. If a breach does happen, we will notify affected users and the relevant supervisory authorities as required by law.

11. Children

FindAstra is a B2B product for WooCommerce store owners. It is not directed at children under 16, and we do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, please email us so we can delete it.

12. Changes to this policy

We may update this policy as our practices evolve. The "Last updated" date at the top of the page shows when. Material changes will be announced on the homepage with a link for at least 30 days.

13. Contact and complaints

Email support@findastra.com with any privacy question, request, or complaint. If you're not satisfied with our response and you live in the EU, UK, Switzerland, or Morocco, you have the right to complain to your national data protection authority.