1. Information We Collect
Visitors who are not registered members: Technical data such as time-on-page and device information is stored solely in your browser. It is not transmitted to our servers and cannot be accessed by us. In accordance with GDPR Recital 26, data that cannot be linked to any individual does not constitute personal data and falls outside the scope of the GDPR.
Registered members: Upon registration, we collect your email address, password (stored in encrypted form), and registration date. When you are logged in, technical data relating to your navigation behavior is recorded on our servers for the purpose of improving our services.
Server logs are automatically deleted by Hostinger within 7 days.
2. How We Use Your Information
Collected data is used solely to provide and improve our services. Your email address may be used to send you important notifications, updates, and communications related to our services. To opt out of marketing emails, use the unsubscribe link in any email or contact us directly.
Data is not shared with or sold to third parties. (Article 5(1)(b) — purpose limitation)
3. Legal Basis for Processing
Data belonging to registered members is processed on the basis of contract performance under Article 6(1)(b) and legitimate interest under Article 6(1)(f).
In the event of a legal obligation (court order, statutory requirement, etc.), personal data may be shared with the relevant authorities. (Article 6(1)(c))
4. Data Retention
Personal data is retained for as long as your account remains active. Upon a deletion request, your data will be permanently removed within 30 days.
5. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Hostinger | Hosting — server logs deleted within 7 days | hostinger.com/privacy-policy |
| Auth0 | Identity verification for existing member migration (temporary) | auth0.com/privacy |
| LemonSqueezy | Payment infrastructure | lemonsqueezy.com/privacy |
| LemonSqueezy Affiliate | Affiliate referral tracking | lemonsqueezy.com/privacy |
| WordPress | Blog infrastructure — may load external resources via active plugins and themes | automattic.com/privacy |
6. Your Rights
Registered members have the right to access their data, request its deletion, object to processing, and exercise data portability (Articles 15–21). To submit a request: privacy@theplus.so
7. Security
Server access is restricted and industry-standard technical security measures are applied. (Article 32) No method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security of your information.
8. Cookies and Browser Storage
We do not use third-party advertising cookies. Essential browser storage mechanisms are used solely for session management.
The blog is powered by WordPress. Active plugins and theme components may send technical requests to third-party servers such as Gravatar.
9. Policy Updates
This policy may be updated from time to time. Registered members will be notified of significant changes by email.
10. Tracking & Analytics
Our tracking system operates in two distinct phases depending on whether you are a registered member.
Phase 1 — Before login or registration: No data is written to our database. Data is held temporarily in a server-side PHP Session only. When the session expires or the user leaves without logging in, this data is automatically discarded. No persistent storage occurs. As no permanent processing takes place, this falls outside the scope of GDPR.
Phase 2 — After login or registration: When you register or log in, the temporary PHP Session data is flushed to the database and linked to your account. The data collected from this point is limited to:
| Data | Description |
|---|---|
| Visited URL | Which pages were accessed |
| Page type | Visit, login, register, purchase, cancel |
| Timestamp | When the event occurred |
| Operating system | Windows, macOS, iOS, etc. (read from browser) |
| Browser | Chrome, Firefox, Safari, etc. |
| Browser language | e.g. tr-TR, en-US |
What we do not collect: IP address, screen resolution, location or timezone, time spent on page, scroll depth, referrer URL, or any cookies beyond the strictly necessary session cookie.