Privacy Policy of NewWayPMSCo

Last Updated: February 27, 2025

We at NewWayPMSCo (registered in Dubai, United Arab Emirates) are committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use the Facial Recognition Authentication plugin, and outlines your privacy rights under applicable laws. By installing and using the plugin, you agree to the terms outlined here.

What Data Do We Collect?

We only collect the following information to provide authentication and security services:

• Your email address, used for registration and login.
• Your facial image, captured via webcam during registration (registration image) and login (login image), used solely for authentication and security purposes and not displayed to you.
• The domain of the website from which you register or log in (e.g., https://yourdomain.com).
• Your password (hashed using PBKDF2 with 870,000 iterations and salt, used only for authentication).

We do not collect or log any unnecessary or unrelated data. All data is used strictly for authentication, security, and user account management purposes.

Why Do We Collect This Data?

• To register and create your account, and store the facial image for future authentication.
• To verify your identity when logging into WordPress using facial recognition.
• To protect your account and prevent unauthorized access.
• To manage your account through the Manage Account page (e.g., changing password, changing facial image, or deleting the account).

How Do We Collect Your Data?

We only collect data when you:

• Register through the plugin and provide explicit consent by submitting the registration form.
• Log in by entering your details and providing a facial image via webcam.

Where Is Your Data Stored?

Your data is stored on a DigitalOcean Droplet server located in the New York (NYC1) region. We implement the following security measures:

• AES-256 encryption for facial images (fields `avatar` and `avatar2` in the User model).
• SSL/TLS for secure data transmission.
• Continuous server monitoring to detect and prevent security threats.
• No sensitive data is stored in WordPress databases.

International Data Transfers

As our users are located worldwide and our company is based in Dubai, your data may be transferred from your country to our server in New York. We comply with:

• UAE PDPL: UAE Personal Data Protection Law.
• GDPR: General Data Protection Regulation (European Union).
• CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act (United States).

Your Rights

You have the following rights under privacy laws, which you can automatically exercise through the Manage Account page in the plugin:

• You can change your password through the Manage Account page.
• You can change your facial image (registration or login image) through the Manage Account page.
• You can delete your account and data (including email, facial images, domain, and password) completely and irreversibly from our database and servers through the Manage Account page. No backups or copies of the data are retained, except where required by law (e.g., legal or judicial obligations).
• You can request through the Manage Account page that we keep your data but stop using it (e.g., for authentication).
• You can take your data (excluding facial images, which are not displayed) and move it to another service through the Manage Account page (available in future versions).
• Facial images are stored solely for security purposes and are not displayed to you, and you cannot view or change your email or domain through the Manage Account page.

Your Consent

By installing and using the plugin, you explicitly consent to the collection and processing of your email, facial image, domain, and password. You may withdraw your consent at any time by deleting your data through the Manage Account page, which will be permanently and irreversibly removed as described above.

Data Sharing

We do not share your data with any third parties, except:

• When legally required (e.g., by court order).
• To protect the security of our server against attacks.

Cookies

We use cookies solely to manage login sessions. These cookies do not collect additional personal data. You can disable cookies in your browser settings, but this may affect plugin functionality.

Changes to This Policy

If this Privacy Policy changes, we will announce updates on our official website (newwaypmsco.com). Continued use of the plugin after changes constitutes acceptance of the new terms.

Our Responsibility

We take all reasonable steps to protect your data but cannot guarantee 100% security against breaches. In the event of a security breach, we will notify you and relevant authorities within 72 hours and take appropriate action.

Governing Law

This Privacy Policy is governed by the laws of the United Arab Emirates, with disputes resolved in Dubai courts. We also comply with GDPR, CCPA/CPRA, and other international laws for users in different regions.

Contact Us

If you have questions or requests (e.g., if the Manage Account page is unavailable for any reason):

• Email: support@newwaypmsco.com
• Address: Metropolis Tower, Business Bay, Dubai, United Arab Emirates