Privacy Policy
Privacy Policy
Last updated: March 2026
LLM Override (“we”, “us”, “our”) is committed to protecting the personal data of those who interact with our website and services. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under applicable data protection law.
This Policy applies to:
- The website llmoverride.com and its subdomains.
- The licence purchase and account management process handled through Lemon Squeezy.
- Email communications between LLM Override and our customers.
This Policy does not apply to the data processed by the LLM Override plugin on your own WordPress installation. That data is stored exclusively on your server and you are the data controller for it. See Section 8 for a detailed explanation.
1. Data Controller
The data controller for personal data collected via llmoverride.com is:
LLM Override
Camino de Ronda, 97-A
18003 Granada, Spain
Email: legal@llmoverride.com
2. Data We Collect and Why
2.1 Website Visitors (llmoverride.com)
When you visit llmoverride.com, our hosting infrastructure may collect standard server log data, including:
| Data | Purpose | Legal Basis |
|---|---|---|
| IP address | Security, abuse prevention, server diagnostics | Legitimate interest (Art. 6(1)(f) GDPR) |
| Browser type and version | Compatibility diagnostics | Legitimate interest (Art. 6(1)(f) GDPR) |
| Pages visited and timestamps | Aggregate traffic analysis | Legitimate interest (Art. 6(1)(f) GDPR) |
| Referring URL | Understanding traffic sources | Legitimate interest (Art. 6(1)(f) GDPR) |
We do not use this data to build individual profiles. Server logs are retained for a maximum of 30 days and then automatically purged.
2.2 Licence Purchasers
When you purchase a Pro or Agency licence, the transaction is processed by Lemon Squeezy as our Merchant of Record. In the context of the purchase, we receive from Lemon Squeezy:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Delivery of licence key; transactional communications | Performance of contract (Art. 6(1)(b) GDPR) |
| Licence key and activation status | Licence management and validation | Performance of contract (Art. 6(1)(b) GDPR) |
| Country of purchase | Tax compliance (managed by Lemon Squeezy) | Legal obligation (Art. 6(1)(c) GDPR) |
| Order ID and purchase date | Billing records, support | Legal obligation / Legitimate interest |
We do not receive or store your payment card details, bank information, or full billing address. These are handled exclusively by Lemon Squeezy. Please refer to Lemon Squeezy’s Privacy Policy for details on how they process your payment data.
2.3 Support and Contact Enquiries
If you contact us via email at legal@llmoverride.com or any other published contact address, we will process:
| Data | Purpose | Legal Basis |
|---|---|---|
| Your name (if provided) | Personalising the response | Legitimate interest (Art. 6(1)(f) GDPR) |
| Email address | Responding to your enquiry | Legitimate interest / Pre-contractual steps |
| Content of your message | Providing support or answering your query | Legitimate interest (Art. 6(1)(f) GDPR) |
Support correspondence is retained for 12 months from the last interaction, unless a longer retention period is required for legal reasons.
3. How We Use Your Email Address
We use your email address solely for the following purposes:
- Delivering your licence key and purchase confirmation.
- Sending essential product notifications: security updates, critical bug fixes, or significant changes to these Terms or this Privacy Policy.
- Responding to support requests you initiate.
We do not add you to marketing mailing lists without your explicit consent, and we do not sell, rent, or share your email address with third parties for marketing purposes.
If we wish to send you promotional communications in the future, we will request your explicit opt-in consent separately.
4. Cookies and Tracking Technologies
4.1 llmoverride.com
Our website may use strictly necessary cookies required for the website to function (e.g. session management). We do not use advertising or behavioural tracking cookies.
If we implement any analytics or non-essential cookies in the future, we will update this Policy and implement a cookie consent mechanism in compliance with the ePrivacy Directive and applicable Spanish law (LSSI-CE).
4.2 Lemon Squeezy Checkout
When you proceed to the Lemon Squeezy checkout from our website, you will be subject to Lemon Squeezy’s own cookie and tracking policy. We have no control over the cookies set by Lemon Squeezy’s payment interface.
5. Data Sharing and Third Parties
We share personal data with third parties only in the following limited circumstances:
| Recipient | Data Shared | Reason |
|---|---|---|
| Lemon Squeezy (Merchant of Record) | Email, order details | Processing your purchase and managing your licence |
| Hosting provider | Server logs (IP, access logs) | Infrastructure operation |
| Legal authorities | Any data required by law | Compliance with a legal obligation (Art. 6(1)(c) GDPR) |
We do not sell personal data to any third party.
5.1 International Transfers
Lemon Squeezy is a US-based company. When Lemon Squeezy processes your data in connection with a purchase, your data may be transferred to and processed in the United States. Lemon Squeezy relies on appropriate transfer mechanisms (including Standard Contractual Clauses where applicable) to ensure your data is protected in accordance with GDPR requirements. Please review Lemon Squeezy’s Privacy Policy for details.
LLM Override does not independently transfer personal data outside the European Economic Area.
6. Data Retention
| Category | Retention Period |
|---|---|
| Server access logs | 30 days |
| Licence and purchase records | 7 years (Spanish tax law obligation) |
| Support correspondence | 12 months from last interaction |
| Email address (licence holder) | Duration of active licence + 3 years, or until deletion is requested |
When a retention period expires, data is securely deleted or anonymised.
7. Your Rights Under GDPR
As a data subject under GDPR (and LOPDGDD for residents in Spain), you have the following rights:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
- Right to restriction of processing (Art. 18): Request that we limit how we use your data while a dispute is resolved.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at legal@llmoverride.com. We will respond within 30 days of receiving your request.
You also have the right to lodge a complaint with the Spanish data protection authority:
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6, 28001 Madrid, Spain
https://www.aepd.es
Or, if you are resident in another EU/EEA member state, with your local supervisory authority.
8. Data Processed by the LLM Override Plugin on Your WordPress Site
This section is important. It explains the data that the LLM Override plugin may process on your own WordPress server. LLM Override (the company) does not receive, access, or control this data. You — as the operator of the WordPress site where the plugin is installed — are the data controller for all data stored by the plugin on your server.
8.1 Free Plugin — Shadow Analytics Lite
Shadow Analytics Lite records a single numeric counter in your WordPress wp_options table each time an AI crawler is detected. It does not store IP addresses, User-Agent strings, session data, or any data attributable to an individual. No data is transmitted to LLM Override’s servers or any external endpoint. This feature is GDPR-compliant by design.
8.2 Pro Addon — Full GEO Analytics
Full GEO Analytics logs detailed telemetry about AI crawler activity in a custom table (wp_llmoverride_pro_bot_analytics) on your WordPress database. Each log row captures:
- Timestamp of the interception
- Bot slug (e.g.
gptbot,claudebot) - Bot category (Training, Query, Discovery, Scraping)
- Intercepted URL
- Detection method
- A privacy-safe hash of the visitor IP address, generated using a daily-rotating cryptographic salt — the raw IP address is never stored
- Payload type served
- Semantic rule application status (Corporate Manifest injected, Forbidden Terms purged)
AI crawlers are not human users and do not carry personally identifiable information in the traditional sense. The IP hash is retained purely for diagnostic purposes. This data is stored exclusively on your server and is never transmitted to LLM Override.
You can configure log retention periods (30, 90, or 120 days) and purge all logs at any time via the plugin’s Danger Zone settings.
8.3 Pro Addon — M2M Operational Logger
The M2M Operational Logger stores records of AI Copilot and Batch Accelerator operations in a second custom table (wp_llmoverride_pro_m2m_logs) on your server. This log captures:
- Timestamps and post IDs of compilation jobs
- AI provider used (e.g. Anthropic, DeepSeek)
- API latency and estimated token costs
- Error messages returned by third-party API providers
This data does not contain personal data of human users. It is operational metadata about your own content processing pipeline. It is stored on your server and never transmitted to LLM Override. You can purge this log at any time via the Danger Zone.
8.4 BYOK API Keys
Third-party AI provider API keys entered in the Pro or Agency settings are stored encrypted in your WordPress wp_options table. They are masked in the admin interface after saving (only the last 4 characters are visible). These keys are never transmitted to LLM Override’s servers.
8.5 Agency Addon — MCP Application Passwords
WordPress Application Passwords used to authenticate MCP endpoint requests are managed natively by WordPress and stored in your WordPress database. LLM Override does not transmit or store these credentials.
8.6 Licence Validation Requests
When the Pro or Agency plugin validates a licence key, it makes an outbound HTTP request to the Lemon Squeezy API (api.lemonsqueezy.com). This request includes your licence key and the domain of the activating site. LLM Override does not independently log or store the data exchanged in these validation requests beyond what is recorded in your Lemon Squeezy account.
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:
- HTTPS encryption for all data in transit on llmoverride.com.
- Access controls limiting who within LLM Override can access customer data.
- Regular review of our data handling practices.
No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing industry-standard safeguards.
10. Children’s Privacy
Our products are intended exclusively for professional and business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at legal@llmoverride.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. For material changes, we will notify active licence holders by email at least 15 days before the change takes effect.
Your continued use of our website or products after the effective date of a revised Policy constitutes acknowledgement of the update.
12. Contact
For any questions, requests to exercise your data rights, or privacy-related concerns, please contact:
LLM Override
Camino de Ronda, 97-A
18003 Granada, Spain
Email: legal@llmoverride.com