WolfieAuthWolfieAuth Privacy Policy
Version: 1.3 Effective date: 14 June 2026
1. Data Controller
The Controller of your personal data within the meaning of GDPR is:
Pawel Witek operating under the WolfieGuard brand Contact: office@wolfieguard.com
2. Data collected
2.1. Data required for service delivery (legal basis: Art. 6(1)(b) and (f) GDPR)
| Category | Data |
|---|---|
| Identification | Email address |
| Authentication | Password hash (Argon2id โ plaintext is NOT stored), TOTP secret (2FA), recovery codes |
| Profile | First name (optional), UI language (en/pl), role in the system |
| Security | Last-login IP address, country (from IP geolocation), city, browser user-agent, device fingerprint, list of trusted devices |
| Audit | Login history (successful and failed), timestamps, IPs, countries, event type |
| Sessions | Active sessions (random session token, IP, user-agent, creation and last-active timestamps) |
| Links | List of Client Applications the user signed in to + mappings to local accounts (e.g. WP user_id, Perfex staff_id) |
2.2. Data collected with voluntary consent (legal basis: Art. 6(1)(a) GDPR)
- Email in the context of marketing communications (if opted in per ยง4.2 of the Terms),
- Analytics data about usage patterns (if opted in per ยง4.3 of the Terms),
- Third-party sharing โ usage/identity data shared with or sold to third-party partners, only if you explicitly opt in to the separate "Share with third parties" cookie-consent category. This category is off by default; refusing it changes nothing else and never blocks the service. We record the grant (and any withdrawal) as proof of consent, and only people who opted in are ever included in a third-party data feed (see ยง5).
2.3. Data we do NOT collect
- We do not require phone number, home address, or date of birth.
- We do not use third-party trackers (Google Analytics, Facebook Pixel, etc.).
- We do not sell or share your data with advertisers.
3. Purposes and legal basis
| Purpose | Legal basis |
|---|---|
| Authentication service (SSO) delivery | Art. 6(1)(b) GDPR (contract) |
| Security, abuse detection, audit log | Art. 6(1)(f) GDPR (legitimate interest) |
| Handling inquiries and support requests | Art. 6(1)(f) GDPR |
| Fulfilment of legal obligations | Art. 6(1)(c) GDPR |
| Direct marketing (email) | Art. 6(1)(a) GDPR (consent) |
| Product analytics | Art. 6(1)(a) GDPR (consent) |
4. Retention periods
| Category | Period |
|---|---|
| Active account | Lifetime of the account |
| Login history (audit log) | 3 years (or longer if legally required) |
| Consent history and withdrawals | Lifetime of the account + 3 years after deletion (accountability principle โ Art. 5(2) GDPR) |
| Cookie-consent ledger (pre-login gate) | 3 years from the decision (append-only proof of consent under Art. 7(1) GDPR), mirrored to WolfieEye |
| Data after account deletion | Email replaced with SHA-256 hash, other personal data deleted. Audit log retained (as hashed reference) for 3 years. |
| Inactive sessions | Automatically deleted 14 days after last activity |
| Failed login attempts | 30 days |
| Marketing data | Until consent withdrawal or account deletion |
5. Data recipients
Your personal data may be transferred to the following categories of recipients:
- Client Applications โ when you sign in via WolfieAuth to WordPress, Perfex, etc., the relevant data (sub, email, name) is passed to that application as an OIDC token. Basis: your action (clicking "sign in").
- Infrastructure provider โ the VPS server (Contabo, Germany, under a hosting processor agreement), DNS/TLS provider (Cloudflare Inc., under Standard Contractual Clauses).
- Payment processor โ Stripe Payments Europe, Limited (Ireland, with sub-processor Stripe, Inc. in the USA). Stripe processes card data, subscription billing, and refunds for paid WolfieAuth subscriptions; the Provider receives only a customer / subscription identifier and last-four card digits. Stripe's privacy notice: https://stripe.com/privacy. Basis: contract performance (Art. 6(1)(b) GDPR) for paid tiers; no transfer for users on the Free tier.
- WolfieEye (analytics + consent ledger) โ our own first-party, self-hosted analytics platform (eye.wolfiecloud.com), operated by the same Controller. Every cookie-consent decision is mirrored to WolfieEye so the proof-of-consent record exists in two independent systems (you can export it from either). This mirror carries the consent metadata (categories, policy version, timestamp, and โ only if you provided one at the gate โ your email); it is not advertising and is never shared onward. Product analytics is processed in WolfieEye only if you opted in to the analytics category; without opt-in, measurement is anonymous/aggregate (no cookie, no profile). With opt-in, WolfieEye's People / "Iris" layer sets a first-party visitor id so your return visits are recognised across sessions (a pseudonymous profile โ not anonymous); if you later identify yourself (sign in, submit a form, or place a WooCommerce order) the profile is linked to your email and your earlier anonymous history folds into it (timeline, traits, goals, affinity). Where a specific site additionally enables it, your sessions may be recorded (session replay, rrweb) to diagnose UX issues โ replay is a separate per-site opt-in, gated on the same analytics consent, and you can request erasure of your profile, events and replays at any time. We never use third-party ad trackers and never sell analytics data.
- State authorities โ exclusively upon a lawful request (e.g. court order, prosecutor, data protection authority).
- WolfieCRM (lead management) โ our own self-hosted CRM, operated by the same Controller. When you sign up for or use a WolfieAuth-connected service, a lead record (your email, name, and the app/vendor you signed up through) is created in WolfieCRM so the vendor responsible for that service can manage the relationship. The lead is routed to the vendor organisation that operates the app you used (and is visible to that vendor and, where applicable, its reseller in the Wolfieverse hierarchy); the platform owner can also see it. Legal basis: legitimate interest in operating the service and managing the customer relationship (Art. 6(1)(f) GDPR); marketing emails to the lead are sent only with the marketing opt-in (Art. 6(1)(a)). You can object/erase at any time (ยง7).
- Third-party partners (consent-gated) โ only for people who explicitly opted in to the "Share with third parties" category, their usage/identity data may be shared with or sold to third-party partners (e.g. marketing, data, or advertising partners). The shared record is keyed by a stable cross-site identifier (a salted hash of the email โ no third-party cookie). People who did not opt in are never included. You can withdraw at any time (ยง7.7), which removes you from all future feeds. Legal basis: your consent (Art. 6(1)(a) GDPR).
We do NOT transfer data to:
- advertisers, data, or analytics partners except those you consented to under the "Share with third parties" category above,
- any recipient for people who did not opt in,
- data brokers for non-consenting users.
6. Transfers outside the EEA
If you use the CDN/TLS provider (Cloudflare), your data may be processed in the USA based on Standard Contractual Clauses (Art. 46 GDPR). We do not transfer data to countries without adequate data protection.
7. Your rights
As a data subject, you are entitled to the following rights:
- Right of access (Art. 15) โ know what data is processed + obtain a copy in JSON (Settings โ Export data).
- Right to rectification (Art. 16) โ correct incorrect data in the panel.
- Right to erasure (Art. 17) โ "right to be forgotten" (Settings โ Delete account). Erasure is integrated across the Wolfieverse: deleting your account removes your WolfieAuth identity AND propagates to the connected systems โ your WolfieEye analytics profile and events are erased (and a tombstone stops any re-collection), your WolfieCRM lead record is deleted, and you are removed from any third-party data feed going forward. We retain only what the law requires (a hashed, non-identifying audit reference โ see ยง4).
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20) โ JSON or CSV.
- Right to object (Art. 21) โ especially against direct marketing and against the lead/CRM processing under Art. 6(1)(f); on objection we stop and erase.
- Right to withdraw consent (Art. 7(3)) โ at any time, without effect on prior
processing. Withdrawal is honoured across every connected system (cookie
gate, WolfieEye, WolfieCRM, third-party feeds). You can withdraw:
- in the panel (Settings โ Consents) โ covers analytics, marketing, and the "share with third parties" category (which removes you from all future feeds),
- via the "Unsubscribe" link in any marketing email,
- by email to office@wolfieguard.com.
- Right to lodge a complaint with the President of the Personal Data Protection Office (uodo.gov.pl).
Response time: up to 30 days.
8. Cookies and similar technologies
8.1. Cookie-consent gate
Before you sign in, WolfieAuth shows a cookie-consent gate. It distinguishes two classes of cookies:
- Strictly necessary (session, CSRF, 2FA, OIDC flow). These are exempt from consent under the ePrivacy Directive / GDPR, because the sign-in service you requested literally cannot function without them. They are therefore required: if you do not accept the strictly-necessary cookies and the Privacy Policy, you cannot create an account or sign in โ there is no version of the service that works without a login session. We still disclose them to you in full (below).
- Optional (analytics, marketing, preferences, and share with third parties). These are a free, genuine choice, each off by default. Refusing any of them does not block sign-in and does not degrade the service; it only means we don't set those cookies or process that optional data. The "share with third parties" category, when (and only when) you enable it, permits the sharing/sale described in ยง2.2 and ยง5(6). There is no cookie wall for optional categories.
Your decision is recorded as an append-only proof-of-consent entry (date, time,
the categories you accepted, policy version, IP, user-agent) โ see ยง4 (retention)
and ยง5 (recipients) โ and remembered in the wolfieauth_cookie_consent cookie
so you are not asked again on the same browser. You can change or withdraw an
optional choice at any time (Settings โ Consents, or by emailing us โ see ยง7.7).
8.2. Cookies we set
| Name | Type | Purpose | Period |
|---|---|---|---|
wolfieauth_admin |
Strictly necessary, HttpOnly, Secure, SameSite=Lax | Logged-in user session token | 8 hours |
wolfieauth_pending |
Strictly necessary, HttpOnly, Secure | State between password entry and 2FA | 10 minutes |
wolfieauth_real_admin |
Strictly necessary, HttpOnly, Secure | Retains super-admin session during impersonation | 8 hours |
wolfieauth_flow |
Strictly necessary, HttpOnly, Secure | PKCE/state during OIDC flow (only on Client Applications) | 10 minutes |
_oidc.session |
Strictly necessary, HttpOnly, Secure | OIDC provider session | 8 hours |
wolfieauth_cookie_consent |
Strictly necessary, HttpOnly, Secure | Remembers your cookie-consent decision so the gate isn't re-shown | 12 months |
We set no third-party advertising or cross-site tracking cookies. Analytics, if you opt in, is first-party and cookieless-capable (see ยง5).
9. Security
We apply the following technical and organizational measures:
- Passwords: Argon2id (64 MB memory cost, 3 iterations, parallelism 2).
- Transport: TLS 1.3 with HSTS (Strict-Transport-Security, 2-year preload).
- Database: encrypted by Postgres (at disk level on the VPS), access protected by a strong password, port 5432 not exposed externally.
- Audit log: append-only, HMAC-SHA256 signed (tamper detection).
- Anomaly detection: new-country login, impossible travel, brute force โ email to the Provider.
- Regular database backups.
- Administrative access restriction (only SUPER_ADMIN can perform critical actions).
- Security event monitoring.
10. Automated decisions and profiling
The Service performs one form of automated decision with legal effect: automatic account lock after 5 failed login attempts in a short time. The decision can be reversed by contacting the Provider.
Profiling for marketing purposes: we do not perform automated profiling for targeted advertising.
11. Contact for data protection matters
Email: office@wolfieguard.com Subject line: [GDPR] + request description Response time: up to 30 days (extendable by 60 days for complex cases)
Data Protection Officer (DPO): not appointed, as processing does not require a DPO under Art. 37 GDPR.
12. Changes to this Privacy Policy
Any change to this Privacy Policy will be announced:
- by email to all Users (provided they consented to communications),
- by an in-panel notice on the next login,
- by publishing the new version at https://auth.wolfieguard.com/privacy.
For material changes (e.g. new processing purposes) re-acceptance of the Policy is required.
Version 1.3 โ effective: 14 June 2026
Changes in 1.1: documented the pre-login cookie-consent gate (necessary vs optional,
required-to-sign-in model), the wolfieauth_cookie_consent cookie, the WolfieEye
proof-of-consent mirror, and the cookie-consent ledger retention.
Changes in 1.2: added the opt-in "Share with third parties" consent category โ with
explicit consent only, usage/identity data may be shared with or sold to third-party
partners (ยง2.2, ยง5(6), ยง8.1); off by default, recorded, and withdrawable.
This Privacy Policy was prepared as a GDPR-compliant template. Before deployment for external users, consultation with legal counsel is recommended โ particularly regarding Section 5 (recipients), Section 6 (transfers outside the EEA), and Section 12 (DPO).