CC CodeCasa SMS

Last updated: 15 May 2026

Privacy Policy

This policy explains how CodeCasa Studios handles personal data when you visit our website, install SMS for WooCommerce, create an account, send SMS messages, manage billing, or use related CodeCasa SMS services.

1. Who We Are

CodeCasa Studios provides the SMS for WooCommerce plugin and CodeCasa SMS hosted service. In this policy, "CodeCasa", "we", "us", and "our" mean CodeCasa Studios.

For questions about this policy or personal data, contact hello@codecasastudios.com.

2. Our Role

For account, website, subscription, billing, support, and service administration data, CodeCasa is normally the controller of that data.

For customer data sent from a WooCommerce store through the plugin, the store owner is normally the controller and CodeCasa acts as a processor or service provider. That means the store owner decides why SMS messages are sent and is responsible for giving customers appropriate privacy information and obtaining any required consent.

3. Personal Data We Collect

Depending on how you use the service, we may collect and process:

  • Account details such as email address, phone number, site URL, store name, and verification status.
  • WooCommerce store settings, plugin settings, message templates, trigger settings, and authentication tokens.
  • Customer SMS data such as recipient phone numbers, SMS message content, order IDs, order status events, customer note events, password reset links, account links, and two-factor authentication codes.
  • Shortlink data such as original URLs, generated short URLs, click counts, and technical request data.
  • Message logs such as send time, delivery status, error messages, message IDs, credit usage, and delivery report data.
  • Subscription and billing data such as plan, SMS balance, usage, payment status, auto top-up status, Stripe customer ID, Stripe subscription ID, invoice IDs, and payment event references.
  • Support communications and information you send when asking for help.
  • Technical data such as IP address, browser or device information, server logs, security logs, and usage diagnostics.

4. How We Use Personal Data

We use personal data to:

  • Create, verify, secure, and administer accounts.
  • Provide the SMS for WooCommerce plugin and hosted SMS service.
  • Send SMS messages requested by store owners, including order updates, account security codes, password reset messages, and customer messages.
  • Create and manage shortlinks used inside SMS messages.
  • Maintain message logs, delivery reports, credit balances, and usage records.
  • Process subscriptions, invoices, payments, failed payments, billing portal sessions, and auto top-ups through Stripe.
  • Prevent abuse, investigate security issues, enforce our terms, and protect the service.
  • Provide support, fix issues, and improve reliability.
  • Comply with legal, tax, accounting, regulatory, and telecoms obligations.

5. Lawful Bases

Where UK GDPR or similar law applies, our lawful bases may include contract, legitimate interests, legal obligation, and consent where required. Our legitimate interests include operating, securing, improving, and preventing misuse of the service.

For SMS messages sent to a store's customers, the store owner is responsible for identifying the lawful basis for each message, including any consent needed for marketing messages.

6. Who We Share Data With

We may share personal data with:

  • SMS delivery partners, telecoms providers, and carrier networks so messages can be sent and delivery reports received.
  • Stripe for checkout, subscriptions, payment processing, billing portals, invoices, fraud prevention, and auto top-up payments.
  • Hosting, database, monitoring, security, email, and infrastructure providers.
  • Shortlink providers where a URL is shortened for SMS use.
  • Professional advisers, insurers, regulators, law enforcement, courts, or authorities where legally required or necessary to protect our rights.
  • A purchaser or successor if our business, assets, or service are reorganised, sold, or transferred.

We do not sell customer SMS data.

7. Stripe

Stripe processes payment and billing data. We do not store full card numbers. Stripe may act as an independent controller for some payment and fraud prevention activities and as a processor or service provider for others. Stripe's privacy documents explain its handling of personal data.

See Stripe Privacy Policy and Stripe Privacy Center.

8. International Transfers

We and our providers may process personal data in the United Kingdom, European Economic Area, United States, and other countries. Where required, we rely on appropriate safeguards, such as contractual protections or transfer mechanisms recognised by applicable data protection law.

9. Retention

We keep personal data only for as long as reasonably needed for the purposes described in this policy. Typical retention periods include:

  • Account and subscription data for as long as the account is active, then for a reasonable period needed for support, legal, accounting, and fraud prevention purposes.
  • Billing and invoice records for up to 7 years where needed for tax or accounting purposes.
  • SMS logs and delivery data while the account is active and for up to 24 months afterwards unless a longer period is needed for disputes, security, abuse prevention, or legal compliance.
  • Verification codes and temporary authentication data for short periods needed to complete verification or account security flows.
  • Backups for a limited period according to our backup and disaster recovery processes.

10. Security

We use technical and organisational measures designed to protect personal data, including access controls, HTTPS transport, authentication, logging, provider security controls, and operational monitoring. No system is completely secure, and you must also keep your WordPress administrator account, plugin access, customer data, and message templates secure.

11. Cookies and Website Data

Our website may use basic technical cookies, server logs, and analytics or security tools to operate, protect, and improve the site. If we add optional analytics or marketing cookies, we will provide any required notice or consent controls.

12. Your Rights

Depending on your location, you may have rights to access, correct, erase, restrict, object to, or transfer your personal data. You may also have rights to withdraw consent and complain to a data protection authority.

To exercise rights relating to your CodeCasa account, contact us. To exercise rights relating to SMS messages sent by a store, contact that store first because the store normally controls why those messages were sent.

13. Children's Privacy

The service is for business use by WooCommerce store owners and administrators. It is not intended for children. Store owners must not use the service to knowingly collect or process children's personal data unless they have a lawful basis and all required safeguards.

14. Store Owner Privacy Responsibilities

If you use the plugin in your WooCommerce store, you should update your own privacy policy to explain that customer phone numbers, message content, order information, account security events, password reset links, shortlinks, and delivery logs may be processed by CodeCasa and its providers to send and manage SMS messages.

15. Changes to This Policy

We may update this policy from time to time. If changes are material, we will take reasonable steps to notify users through the website, plugin, dashboard, email, or another appropriate method. The latest version will be posted on this page.

16. Complaints

If you are in the UK and are unhappy with how we handle personal data, you can contact the UK Information Commissioner's Office. Visit ico.org.uk for details.