GreyHexagon-RedSnake-64×64

Privacy Policy

Effective Date: April 15, 2026
Last Updated: April 15, 2026

ViperBlock LLC, a Florida limited liability company (“ViperBlock,” “we,” “us,” or “our”), respects your privacy. This Privacy Policy explains what information we collect, how we use it, how we share it, how we protect it, and what rights you have. It applies to your use of the viperblock.com website (the “Site”), the ViperBlock WordPress security plugin in Free and Pro editions (the “Plugin”), and all related services (collectively, the “Service”).

This Privacy Policy is incorporated into and forms part of our Terms and Conditions. Capitalized terms not defined here have the meanings given in the Terms and Conditions.

If you do not agree with this Privacy Policy, do not use the Service.

1. Scope and Controller

1.1 Who is the Data Controller

For personal data about you as a customer, visitor to the Site, or account holder, ViperBlock LLC is the data controller. You may contact us using the information in Section 12.

1.2 Data About Your Site’s Visitors

The Plugin runs on your own WordPress installation, under your control. When the Plugin logs security events (such as blocked requests, failed login attempts, or rate-limited traffic), that data is stored in your own WordPress database, on your own server, and never leaves your infrastructure. ViperBlock LLC does not receive, access, or process your Site visitors’ data.

Under GDPR, CCPA, and similar laws, you (as the operator of the Site) are the data controller for your visitors’ data. You are responsible for any privacy notices, legal bases, cookie banners, consent flows, and data-subject-request handling applicable to the data the Plugin stores locally on your Site. If the Plugin processes personal data of EEA or UK residents, you should treat the Plugin’s local logging as processing that you control, and adjust your own privacy notice accordingly.

This distinction is important because it means that privacy questions from your Site’s visitors must be answered by you, not by ViperBlock.

2. Information We Collect

We collect only the information described in this section. We do not collect anything not listed here.

2.1 Information You Provide Directly

Account and Purchase Information (when you buy Pro or create an account):

  • Full name
  • Email address
  • Billing address (as required by our payment processor)
  • The payment method you select

We do not collect, store, or have access to your full credit card or bank account number. All payment details are collected and processed directly by Stripe; we receive only the last four digits of the card, the card brand, and a transaction identifier.

Support Communications:

  • The content of any message you send us (email, contact form, or support ticket), together with any information you choose to include

Marketing Consents (only if you opt in):

  • Your email address and the fact that you consented

2.2 Information the Plugin Transmits to Our License Server

When the Plugin communicates with ViperBlock’s license server for activation, validation, deactivation, or update checks, it transmits only the following fields:

EventData Transmitted
License activation / validationLicense key, Site URL (home_url()), Plugin version
License deactivationLicense key, Site URL
GeoIP database info checkNone (no request body; conditional HTTP headers only)
GeoIP database downloadNone (no request body; conditional HTTP headers only)

The Plugin does not transmit your WordPress version, PHP version, server IP, admin email, list of installed plugins or themes, site content, database contents, visitor logs, blocked IP lists, or any other information to ViperBlock.

2.3 Information Automatically Collected When You Visit the Site

When you visit viperblock.com, our web server and hosting provider (Cloudflare) automatically collect standard web-server log data, which may include:

  • IP address
  • Browser type and version
  • Referring URL
  • Pages visited, timestamps, and HTTP status codes
  • Approximate geographic location derived from IP

This data is used for Site operation, analytics, fraud prevention, and security. We do not use cross-site advertising trackers or third-party advertising cookies.

2.4 Cookies and Similar Technologies

The Site uses a limited set of cookies for:

  • Strictly necessary functions (session management, load balancing, security)
  • Preferences (remembering your language or display choices)
  • Anonymized analytics (aggregated page views, referral sources)

We do not use cookies for cross-site tracking or behavioral advertising. Where required by law, we will request your consent via a cookie banner before setting non-essential cookies. You can control cookies through your browser settings.

3. Information We Do NOT Collect

To be clear and accurate, ViperBlock LLC does not collect, receive, or store:

  • Your Site’s visitor traffic, visitor IP addresses, or visitor activity logs
  • Any data in the Plugin’s local database tables (wp_viperblock_activity_log, wp_viperblock_login_log, wp_viperblock_blocked_ips, wp_viperblock_rate_limiter, wp_viperblock_trusted_ips, or wp_viperblock_login_tokens)
  • The content of your Site’s posts, pages, media, or database
  • Your WordPress username lists, roles, or user metadata
  • Your WordPress configuration, secrets, or API keys
  • The contents of any email your Site sends
  • Any payment information beyond the Stripe-provided transaction identifier

The Plugin is designed so that all Site-visitor data stays on your server, under your control.

4. How We Use Information

We use the information we collect only to:

  1. provide, operate, and maintain the Service;
  2. process your purchase, manage your subscription, and issue and verify License Keys;
  3. deliver software updates and the GeoIP database;
  4. respond to support requests and communicate with you about your account;
  5. send important transactional and security notices (such as receipts, renewal notices, incident disclosures, and policy changes);
  6. prevent, detect, and investigate fraud, abuse, security incidents, and misuse of the Service;
  7. comply with our legal, regulatory, and tax obligations;
  8. enforce our Terms and Conditions and protect our rights;
  9. measure and improve the Service in an aggregated, non-identifying way.

We do not use your personal information for profiling, behavioral advertising, or automated decision-making that produces legal or similarly significant effects. We do not sell or rent your personal information to anyone, for any reason.

5. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

PurposeLegal Basis
Providing the Service; processing your purchase and subscriptionPerformance of a contract (Article 6(1)(b))
License verification, fraud prevention, securing the ServiceLegitimate interests (Article 6(1)(f)) — our interest in protecting our business and customers
Transactional emails (receipts, renewal, security notices)Performance of a contract (Article 6(1)(b))
Optional marketing emailsConsent (Article 6(1)(a)), withdrawable at any time
Tax, accounting, anti-fraud recordkeepingLegal obligation (Article 6(1)(c))
Defending legal claimsLegitimate interests (Article 6(1)(f))

You have the right to object to processing based on legitimate interests. To exercise that right, see Section 9.

6. How We Share Information

We do not sell personal information. We share information only with the limited set of recipients below, and only as necessary to operate the Service.

6.1 Service Providers (Processors)

  • Stripe, Inc. — payment processing, subscription billing, fraud prevention. Stripe’s privacy policy is available at https://stripe.com/privacy.
  • Our email delivery provider — sending transactional emails (receipts, license keys, security notices, password resets).
  • Cloudflare, Inc. — content delivery, DDoS protection, and caching for the Site.
  • Our hosting provider — running the Site, license server, and supporting infrastructure.

Each service provider is contractually bound to use your information only for the purposes for which it was disclosed and to implement appropriate security measures.

6.2 Legal and Protective Disclosures

We may disclose information if we reasonably believe disclosure is necessary to: (a) comply with applicable law, legal process, subpoena, or government request; (b) enforce our Terms and Conditions or investigate potential violations; (c) detect, prevent, or address fraud, security, or technical issues; (d) protect the rights, property, or safety of ViperBlock, our users, or the public.

6.3 Business Transfers

If ViperBlock LLC is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share information for any other purpose with your explicit consent.

7. International Data Transfers

ViperBlock LLC is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate. These countries may have data protection laws different from those of your country.

Where required, we rely on appropriate safeguards for international transfers, including the European Commission’s Standard Contractual Clauses or equivalent mechanisms provided by our service providers.

8. Data Retention

We retain your personal information only for as long as is necessary for the purposes described in this Policy, as summarized below:

CategoryRetention Period
Account informationWhile your account is active, plus a reasonable period for legal and recordkeeping purposes
License and subscription recordsActive subscription term plus up to seven (7) years for tax, accounting, and legal compliance
Payment records (via Stripe)As required by Stripe and applicable tax/financial law
Support communicationsUp to two (2) years after resolution
Server and security logsUp to ninety (90) days under normal conditions; longer if required for incident investigation
Marketing consentsUntil you withdraw consent, then archived only as needed to prove prior consent

When we no longer have a legitimate reason to retain your personal information, we will delete or anonymize it.

9. Your Rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Access — a copy of the personal information we hold about you
  • Correction / rectification — fixing inaccurate or incomplete data
  • Deletion / erasure — asking us to delete your information, subject to legal retention obligations
  • Restriction — asking us to limit how we process your information
  • Objection — objecting to processing based on legitimate interests or direct marketing
  • Portability — receiving a machine-readable copy of certain information
  • Withdrawal of consent — where processing is based on consent, withdrawing it at any time
  • Complaint — lodging a complaint with your local data protection authority

To exercise any right, email us at [email protected] with the subject line “Privacy Rights Request.” We will respond within thirty (30) days or as required by law. We may ask you to verify your identity before we act on the request.

10. California Residents (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act as amended by the CPRA, including:

  • The right to know what personal information we collect, use, disclose, and sell or share
  • The right to delete personal information we have collected
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information
  • The right to limit use of sensitive personal information
  • The right not to be discriminated against for exercising your rights

ViperBlock does not sell personal information, and does not share personal information for cross-context behavioral advertising. We have not done so in the preceding twelve (12) months.

Categories of personal information we collect are described in Section 2 of this Policy. We collect this information to provide the Service (Section 4). To exercise your CCPA rights, contact us using the information in Section 12. You may designate an authorized agent to make a request on your behalf, subject to verification.

11. Children’s Privacy

The Service is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will promptly delete it.

12. Contact Us

For privacy questions, requests, or concerns, contact:

ViperBlock LLC
13575 58th Street North,
Suite 200
Clearwater, Florida 33760

Privacy inquiries: [email protected]
Legal inquiries: [email protected]
Website: https://viperblock.com

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email to the address on file or by a prominent notice on the Site at least thirty (30) days before the changes take effect. The “Last Updated” date at the top reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Accuracy Statement

The data-flow descriptions in this Policy are based on an audit of the Plugin source code as of the Last Updated date. If the Plugin’s behavior changes in a future version — for example, if it begins transmitting additional data to the license server — this Policy will be updated before that change is shipped, and you will be notified as described in Section 13.

WordPress security that strikes first. Geo-blocking, IP protection, and brute-force defense — lightweight, fast, and affordable.

Company

Legal & Support

Newsletter

Receive product updates news

    © ViperBlock. All rights reserved.