Privacy & Cookies Policy

Last Update: May 3, 2024.

This document explains our Privacy and Cookie policy.

Privacy Policy

This Privacy Policy explains how information about you, that directly identifies you, or that makes you identifiable (“personal information” (also referred to as “personal data” in some jurisdictions)) is collected, used, disclosed, and otherwise processed by Nelio.

1. Definitions

These definitions should help you understand the privacy and cookie policies described below.

Nelio“, “we“, “us” or “our” in this Privacy Policy refer to the Nelio Software S.L. a company registered in Spain (EU-VAT Number: ES-B66034794), with registered address: Carrer de Pomaret 83, 08017 Barcelona, governed by Spanish law (without application of conflict of law rules).

Channels” means the various means by which we may collect information including our Websites, the Services, social media pages, HTML-formatted e-mail messages and through offline sales and marketing activities.

data subjects“, “you” ,”your” mean individuals who visit our Websites, and/or use our Services as described in this Privacy Policy below.

personal data” means any information that identifies or can be used to identify an individual directly or indirectly, including, but not limited to, first and last name, identification number, date of birth, email address, gender, occupation, or other demographic information.

Premium Services” means the Services that are offered upon payment.

Services” refers to:

  • the online WordPress products, including the plugins Nelio A/B Testing, Nelio Content, Nelio Session Recordings, Nelio Unlocker Importer, Nelio Popups, Nelio Forms and the plugins published by Nelio in the plugin Directory.
  • Unlocker platform, and
  • any information or support related to them we provide to bloggers and business to improve their website and better promote their content.

User” refers to the data subject that uses our Services. They may have downloaded and installed a free version of one of our plugins, have created an account in the Nelio Unlocker platform, or have subscribed to or purchased a Premium Service.

Websites” means all content included in our domains and

Website Visitor” refers to anyone visiting our Websites.

2. Updates and Modifications

Nelio’s services and business may change over time, and we may revise this Privacy & Cookies Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the beginning of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website. We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy.

At Nelio, we respect your privacy and are committed to protecting your personal data.

3. Basic Information on Data Protection

Nelio as Data Controller: This Privacy Policy applies to the processing of personal data by Nelio in its capacity as a “data controller” (or similar term under applicable laws) of personal data.

Nelio as a Data Processor: In providing our Services, our Users may collect and process data in their utilisation of Services (“Customer Data”), or we may collect such data on their behalf, which may in either case include the personal data of our customers’ authorized users. Here, Nelio is a “data processor” (or similar term under applicable laws), and we have contractually committed ourselves to our Users (in accordance with our Terms and Conditions and Data Processing Agreement) to process that Customer Data (and personal data) under the instruction of the respective client, who is the data controller in these cases. As such, this Privacy Policy does not apply to the processing of Customer Data (including personal data), and we recommend you read the privacy notice of the respective client if their processing concerns your personal data.

4. Responsible for the Processing

We inform you that the data you provide us by any means (website or email) are treated confidentially and are incorporated into the corresponding processing activity owned by Nelio Software. S.L.

Identity: Nelio Software, S.L.
EU TAX ID Number: ESB66034794
Address: C/ Pomaret 83, 08017 Barcelona

5. For What Purposes We Use Your Personal Data

When conducting business and operating our various web presences and other communication channels, Nelio collects limited personal data of the people it interacts with, including customers, partners, suppliers, vendors, and any other people with whom we interact. In any of these cases, Nelio may use this personal data for one or more of the following business purposes:

(a) To pursue business relationships with customers, partners, and others. We may use personal data to pursue our business relationships with customers, partners, and other users to fulfill pre-contractual and contractual business relations. This may include satisfying requests, processing orders, delivering an ordered product or service, or engaging in any other relevant action to establish, fulfill and maintain our business relationships. When you purchase or intend to purchase Services from us on behalf of a corporate customer or are otherwise associated as contact person for the business relationship between us and a corporate customer or partner, we will use your personal data for this purpose. More specifically, we may use your personal data to confirm your purchase, manage the contract execution, send you disclosures as may be required by law, notice of payments, and other information about our products and services. We may respond to related inquiries, provide you with necessary support and process your feedback. In the context of your or your employers use of our Services, we may communicate with you by email, live chat, contact forms, phone or any other medium to resolve your, a user’s, or a customer’s question or complaint or to investigate suspicious transactions. In case of telephone calls or chat sessions, Nelio may record such calls or chat sessions to improve the quality of Nelio’s services after informing you accordingly during that call and, subject to applicable law, receiving your prior consent before the recording begins.

(b) To provide, support, and improve the Services we offer, as well as to improve customer relationships. This includes our use of the data that our Users provide us in order to enable our Users to use the Services. This also includes, for example, aggregating information from your use of the Services or visit our Websites and sharing this information with third parties to improve our Services. This might also include sharing your information or the information you provide us with third parties in order to provide and support our Services or to make certain features of the Services available to you. When we do have to share personal data with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that requires them to use the personal data we transfer to them in a manner that is consistent with this policy.

(c) To notify you about new product releases and service developments, and to advertise Nelio’s products and services in accordance with this policy. Your website visit, marketing experience, and communications may be tailored to your interests based on your personal data. Nelio may also use personal data in order to respond directly to your information requests (including newsletter registrations or other specific requests), or pass your contact information to Nelio’s reseller for further follow-up related to your interests.

(d) To interact with you on third party social networks, which would be subject to that network’s privacy policies and terms of use.

(e) To post public testimonials on our Websites or social networks. If you wish to update or delete your testimonial, you may contact us to the contact address indicated above.

(f) To provide suggestions to you and adapt our Services and Websites. This includes keeping track of shopping cart additions, preserving order information between sessions, and presenting marketing campaigns. For more information about our use of cookies and other tracking technologies for this purpose, and instructions about how to opt out of having data collected through the use of cookies, please see the Cookies Policy below.

(g) Track and evaluate our marketing campaigns, including online advertising and e-mail marketing campaigns.

(h) To become a member of our affiliation program.

(i) To contact third parties referred by you through our affiliation program. If you select to use our affiliation program to inform a third-party about our Services, we will then send the third party a one-time contact related to your referral request. We only use the personal data you provide us in this situation to send the one-time contact and tracking the success of our affiliation program. The third party may contact us through their inquiry form to be removed from the affiliation program.

(j) To communicate with you about a conference or event hosted, co-sponsored or participated by us, including information about the event’s content, logistics, payment, updates, and any additional meetings, special demonstrations or other customer facilitation. After the event, we may contact you about the event and related products and services, and may share information about your attendance with your company (if any).

(k) To share personal data with third parties who provide services to us, provided that the third party has executed any data processing documentation required by law.

(l) To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.

(m) To transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Website.

6. What Personal Data do We Collect and Use

We collect two types of information: personally-identifiable and non-personally identifiable to operate effectively. 

We process various types of personal data about the people we interact with when conducting our business through our Channels. When you interact with us, we are collecting personal data about you. Sometimes we collect personal data automatically when you interact with our Services and sometimes we collect the Personal Data directly from you. At times, we may collect personal data about you from third parties with a legitimate right to share it.

Depending on the individual case, this may comprise the following types of personal data:

Information You Provide To Us

We receive and store any information you enter on our Website or give us in any other way through a direct interaction with us which includes:

  • Your email when you subscribe to our newsletter.
  • Your name and email when you post a comment on our blog posts.
  • Your name and email when you contact us through our contact forms.
  • Your name, email, postal address, telephone number and your company when you subscribe to or purchase our Premium Services.
  • Your name and email when you download and subscribe to our free services.
  • Your name and email when you create an account in our Nelio Unlocker platform.
  • Your name, email, postal address, telephone number and your company when you request to join our Affiliation Programs.
  • The personal data you provide us when you send us an email or contact our service support.

Information Our Reseller Provide To Us

We have an agreement with FastSpring as reseller of our Premium Services. Therefore, when you subscribe to or purchase one of our Premium Services. any payment information is collected by FastSpring.

In the context of the established business relationships with you and FastSpring, we may collect the following personal data:

  • Details of your purchase: you contact details and product(s) or subscription(s) purchased,
  • Links to you FastSpring invoices, and
  • Links to your FastSpring account (without having access to your payment method details).

See the section Third-party Providers below for more information.

Automatic Data Collection

When you use the Services, we may collect information the following information: about your visit to our Websites, your usage of the Services, and your web browsing. That information may include:

  • Log Data: when you use our Services, we may collect your Internet Protocol (IP) address used to connect your computer to the Internet and may identify your general geographic location or company.
  • Content Data: we may collect the content you share through the use of our Services, such as when creating a social message to post on social networks.
  • Activity Data: your usage and activity on our Services, such as but not limited to emails opened, support tickets created, and experiments or social messages created through our Services.
  • Website Analytics Data: when you visit our website we may collect your computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform, and also your website interactions such as pages visited, mouse moves, clicks, double clicks, scrolls, keyboard strokes, selections and form fillings. All such analytical information collected is completely anonymous and we do not capture personally identifiable information.
Cookies and Similar Technologies

We may collect the above Website Analytics Data as a part of log files as well as through the use of cookies or other tracking technologies (collectively “cookies”) to collect information about you (“Cookie Information”) so we can provide the experiences you request, recognize your visit, track your interactions, and improve your and other customers’ experiences. You have control over some of the information we collect from Cookies and how we use it. For full details on how we use cookies and similar technologies please see our Cookies Policy below.

Publicly Available Data or Data from other Sources

We may also store certain information from automated interactions on websites other than Nelio’s or other data you may have made publicly available. This information may include:

  • Your name or WordPress username, for example, when you participate in WordPress support forums.
  • Your name, your social account, and personal data that is public on that account when providing a rate review or participating on social media (for example, the WordPress Plugin Directory, Facebook, Twitter, LinkedIn, Google+, Reddit or Instagram).

Regularly, we use your personal data based on the following legal grounds according to the Spanish Organic Law 3/2018 (“LOPDGDD“), the Regulation (EU) 2016/679 (the “EU GDPR”) or, where applicable, the “UK GDPR” as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 GDPR:

  • Agreement: We have a contract (by means of a purchase or subscription) with you and it is necessary to process your personal data to perform our contract with you, including to provide you with the benefits of our Services and operate our business.
  • Consent: when you agree that we can use your personal data in a particular way, as for example, you have opted in to receive marketing communications from us, or you have accepted the agreement to which our Free Services are subject before you begin using them.
  • Legitimate interest: when we may collect information about your visit to our Websites, your usage of the Services, and your web browsing to improve your experience in ways you would reasonably expect, and which have a minimal privacy impact.
  • Legal obligation: to comply with legal requirements, including applicable laws and regulations.

8. Data Retention

We will usually store the personal data we collect about you for no longer than necessary for the purposes as set above, and in accordance with our legal obligations and legitimate business interests. The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:

  • Agreement. Where we are processing personal data is based on contract, we generally will retain your personal data for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.
  • Consent. Where we are processing personal data based on your consent, we generally will retain your personal data until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal data.
  • Legitimate Interests. Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account your fundamental interests and your rights and freedoms.
  • Legal Obligation. Where we are processing personal data based on a legal obligation, we generally will retain your personal data for the period of time necessary to fulfil the legal obligation.
  • Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.

9. Data We Share and Disclose to Third Parties

We do not sell or disclose your personal data to anyone for marketing or advertising purposes.

Security. We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All personal data we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information.

International Transfers of your Personal data. The personal data we collect may be transferred to and stored in countries outside the EEA, UK and Switzerland in countries where we and our third-party service providers have operations, including in the United States. In the event of a transfer by Nelio, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard contractual clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us at

We may disclose your personal data as we believe to be necessary or appropriate:

  • under applicable law, including laws outside your country of residence;
  • to comply with legal process;
  • to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
  • to enforce Nelio’s terms and conditions, which are subject to this private policy; and
  • to allow us to pursue available remedies or limit the damages that we may have.

Additionally, in the event of a reorganization, merge, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Nelio’s business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the personal data it has collected to the relevant third party.

10. Your Rights – Communication and Support

You may send a written communication to us, through the contact form in our Website, or to the e-mail address to request the exercise of the following rights:

  • Right of access. You have the right to obtain certain information about our processing of your personal data which includes:
    • confirmation of whether, and where, we are processing your personal data;
    • information about the categories of personal data we are processing, the purposes for which we process your personal data and information as to how we determine applicable retention periods;
    • information about the categories of recipients with whom we may share your personal data; and
    • a copy of the personal data we hold about you.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay. 
  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay, such as if the continued processing of that personal data is not justified. 
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data, such as where the accuracy of the personal data is contested by you.
  • Right to withdraw consent. There are certain circumstances where we require your consent to process your personal data. In these instances, and if you have provided consent, you have the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal. 
  • Right to Object. You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason at any time.

You also have the right to lodge a complaint to your local data protection authority. If you are based in the EU, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office ( and the Swiss Federal Data Protection and Information Commissioner (

11. Notice to Visitors of Your Websites

When you use our Services as part of your own websites and services, you may collect information from your visitors using our services, but you remain responsible for their own privacy and security practices. We are not responsible for your privacy and security practices, which may differ from ours.

Our Data Processing Agreement is the document under applicable privacy laws that outlines the responsibilities and obligations of both, you, the data controller and, us, the data processor for processing your visitors information.

12. Children’s Privacy

Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 16. If an individual is under the age of 16, they should not use our Services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 16 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the age of 16, we will promptly delete that personal information.

At Nelio we respect your privacy. Through our Websites we do not collect or process any personal data, except for the data collected through contact and/or purchase forms and cookies, as explained below.

Please note that our Websites may contain links to other websites of other related companies or social media. When you click on a link to another website of the Website or related third parties, please remember that these sites have their own privacy policy. Please familiarize yourself with their privacy policy before using these websites. We assume no responsibility or liability whatsoever for third party websites linked to our Websites.

14. Does Nelio Use Cookies and Other Tracking Mechanisms?

Yes. Nelio uses cookies and similar technologies like single-pixel gifs and web beacons. We use both session-based and persistent cookies. We set and accesses our own cookies on our Website. In addition, we use third-party cookies, like Google Analytics’. To learn more about cookies, visit this site.

We may use cookies to recognize you when you visit a domain we operate or when you use our Services, and also for us to remember:

  • your display preferences, including your selected language,
  • if you have already replied to a survey pop-up that asks you to subscribe to our Newsletter (so you won’t be asked again),
  • if you have agreed (or not) to our use of cookies on that site,
  • the service you subscribe to perform the checkout with our reseller.

We also use cookies to measure the traffic and performance of our Website’s pages.

15. What Types of Cookies Do We Have?

Depending on who sends the cookies and treats the data obtained, the cookies we use may be:

(a) Own Cookies: These are cookies sent to your terminal from a computer or domain managed by us (and from which the service requested by you is provided). For example, we have defined and own certain cookies that are used to run A/B tests and heatmaps experiments and to track visitor information. See the Nelio A/B Testing Cookies section for further details.

(b) Third party cookies: These are cookies sent to your terminal from a computer or domain that is not managed by us, but by another entity that processes data obtained through cookies. For example, we use Google Analytics cookies to measure the traffic in our Websites or MailChimp cookies to see the openings and clicks of our Newsletter emails, or YouTube cookies to record user viewing preferences. See the Third Party Service Providers section below for more details.

16. How You Can Control or Delete Cookies

This web includes a system of configuration of cookies so that in the first visit to the web you can explicitly accept or reject the use of own and third party cookies.

You can control and/or delete cookies as you wish – for details, see You may delete all cookies that are already in your computer and you may set most browsers to prevent cookies from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Browser manufacturers provide help for cookie management in their products. Please see below for more information.

For other browsers, please consult the documentation that your browser manufacturer provides.

Third Party Service Providers

To be transparent and provide you with the maximum information about who our third party service providers are, we list below the ones that may keep personal data and what information they keep.

As data processors, our providers have undertaken to comply with the applicable data protection regulations at the time of their contracting. With all of them Nelio has signed a Data Processing Addendum (DPA) as an additional means of meeting the adequacy and security requirements under the GDPR.

Sub-Processor NamePurpose of ProcessingLocation of Processing
Amazon Web Services (AWS)Cloud computing platform as the backend of our services (SOC 1/SSAE 16/ISAE 3402. SOC2, SOC 3, FedRAMP, DoD SRG, and PCI DSS Level 1 Certified)Ireland
FastSpringMerchant of Record (CCPA, PCI DSS, SOC2, SOC 3)EU, USA
Freshdesk Support DeskTicketing and help desk service (SOC 2, VAPT, ISO 27001 and 27701 Certified)Global
Google WorkspaceBusiness suite for communication, storage and collaboration (SOC 2, SOC 3, ISO/IEC 27001, 27017, 27018, and 27701, ENS Spain, MTCS, GNS Portugal, Certified)EU
Google AnalyticsTo collect and receive website analytics (ISO/IEC 27001 Certified)Global
Intuit MailchimpTo deliver our newsletters and other email communications (SOC 2, SOC 3, PCI DSS, ISO/IEC 27001 Certified)Global
SiteGroundWebsite hosting (TLS v.1.2 SSL encryption)Global