<br>
Hey there! <br>
You may have heard about a few pieces of privacy legislation by now, including: <br>
- The Children\'s Online Privacy Protection Act (COPPA) (U.S.A.); <br>
- The General Data Protection Regulation (GDPR) (E.U.); <br>
- The California Consumer Privacy Act (CCPA) (U.S.A.). <br>
We realize that for many, these words can be quite scary, <br>
as they place specific obligations on site owners / administrators. <br>
<br>
We cannot, and do not, guarantee that this page will magically make you compliant with any or all international privacy legislation. <br>
Please treat any plugin that makes such claims skeptically. <br>
<br>
This page relies on information that is disclosed by plugin authors. <br>
It does not check the completeness or the accuracy of their disclosures. <br>
The aim of this page is to make these disclosures standardized and more easily digestible, as far as possible. <br>
<br>
We seek to follow a risk-based privacy-by-design approach. <br>
Our aim is to help you get started in performing a due diligence investigation regarding the privacy risks on your site. <br>
None of the following constitutes professional advice of any kind, including, but not limited to, <br>
legal advice, accounting / auditing / taxation advice. <br>
If you are in need of professional advice, please engage a licensed professional in your relevant jurisdiction(s). <br>
<br>
<h2> Compatibility </h2>
<br>
The following plugins have not indicated whether or not they are compatible with Privacy Tools: <br>
<br>
<b> Disclosure Tab: </b> <br>
- list <br>
<b> Consent API: </b> <br>
- list <br>
<br>
If you have questions regarding the privacy of these plugins, you can contact the plugin author via the plugin\'s support forum on WordPress.org, <br>
or, if the plugin is not hosted on WordPress.org, via their preferred contact method. <br>
We would really appreciate it if all communication by our users with plugin authors are courteous, <br>
whether or not they choose to be compatible with this Disclosure Tab. <br>
<br>
<h2> How data flows on your site: </h2>
<br>
So, let\'s get you started by having a look at how data flows through your site. <br>
<br>
<h3> How your site collects information: </h3>
<br>
Your WordPress installation can collect information from users through various means. <br>
Your Internet Service Provider (ISP) / web host\'s servers may collect information from / about your users outside of your WordPress installation. <br>
You are encouraged to read your Internet Service Provider (ISP)\'s Privacy Policies, <br>
or to make direct inquiries from them, as their data practices is not and cannot be addressed here. <br>
You are more likely to be aware of some of these methods, for instance, if you have added a contact form to your site, <br>
as these require you to actively place them on your site. <br>
However, sometimes information may be collected that you are less likely to be aware of. <br>
<br>
<h4> Comments </h4>
<br>
Comments are enabled on your WordPress site by default. Comments may contain Protected Personal Information (PPI). <br>
You can disable comments for new articles by going to Settings -> Discussion under your wp-admin and unticking "Allow people to comment on new articles".
Alternatively, there are a number of plugins in the official WordPress.org repository that allow you to manage comments.
<br>
<h4> Posts </h4>
<br>
x number of users have the ability to post to your site. These posts may contain Protected Personal Information (PPI). <br>
This number indicates users with the edit_posts capability, which is associated with the Contributor user role and above by default. <br>
This number does not include any users that are given the ability to post information by a Plugin using a capability other than edit_posts. <br>
<br>
<h4> Uploads </h4>
<br>
x number of users have the ability to upload files to your website. These uploads may contain Personal Protected Information (PPI). <br>
This number indicates users with the upload_files capability, which is associated with the Autor user role and above by default. <br>
This number does not include any users that are given the ability to upload files by a Plugin using a capability other than upload_files. <br>
<br>
<h4> Cookies: </h4>
<br>
Cookies are small files that are stored via a browser (e.g. Google Chrome, Firefox, Internet Explorer) on a user\'s computer. <br>
Cookies can serve many uses, including keeping users signed in on your website. <br>
However, cookies can also be used for marketing purposes, including tracking users across platforms, <br>
which have brought their use under scrutiny by international regulators. <br>
It is thus important to understand which cookies your WordPress website places and why. <br>
<br>
<b> Default cookies: </b> <br>
Your WordPress site sets the following x number of cookies by default: <br>
- list of cookies with short descriptions <br>
<br>
<b> x plugins on your site have indicated that they set x number of cookies collectively. </b> <br>
Where the plugin has indicated compatibility with the WordPress Consent API, we have also included the nature of the use, <br>
namely whether the purpose is Functional / Preferences / Anonymous Statistics / Statistics / Marketing. <br>
<br>
<b> Using PHP (programming language): </b> <br>
- list <br>
<br>
<b> Using JavaScript (programming language): </b> <br>
- list <br>
<br>
<h3> How your site stores information: </h3>
<br>
<b> Database access: </b> <br>
The following plugins have indicated that they write to your database: <br>
- list <br>
<br>
<b> Protected Personal Information (PPI): </b> <br>
The following plugins have indicated that they store Protected Personal Information about your users in your database: <br>
- list <br>
<br>
<b> Exporting Personal Information: </b> <br>
WordPress provides site owners / administrators with the ability to export a user\'s personal information under the Tools menu in wp-admin. <br>
The following plugins have indicated that they support the export of Protected Personal Information about your users via this tool: <br>
- list <br>
<br>
<b> Erasing Personal Information: </b> <br>
WordPress provides site owners / administrators with the ability to erase a user\'s personal information under the Tools menu in wp-admin. <br>
The following plugins have indicated that they support the erasure of Protected Personal Information about your users via this tool: <br>
- list <br>
<br>
<b> Custom tables: </b> <br>
This sub-section is for information purposes only, to help you understand where data is stored on your WordPress site. <br>
Creating custom tables is not considered to be a privacy risk in and of itself. <br>
The following plugins have indicated that they create custom tables: <br>
- list <br>
<br>
<b> Custom Post Types </b> <br>
This sub-section is for information purposes only, to help you understand where data is stored on your WordPress site. <br>
Creating Custom Post Types is considered best practice under a number of circumstances. <br>
Some Custom Post Types are intended to be private. <br>
If your site does contain Custom Post Types that are intended to be private, you may wish to ensure that these are not exposed via the WordPress REST API. </b> <br>
The following plugins have indicated that they create custom post types: <br>
- list <br>
<br>
<h3> Communication with other sites: </h3>
<br>
The following plugins have indicated that they communicate with external sites. <br>
Links to the Privacy Policies of the third party sites are displayed next to the relevant plugin. <br>
<br>
<b> Using PHP (programming language): </b> <br>
- list <br>
<b> Using JavaScript (programming language): </b> <br>
- list <br>
<b> Using CSS (programming language): </b> <br>
- list <br>
<br>
<h4> Where your site gets information from: </h4>
<br>
WordPress communicates with apis.wordpress.org by default to check for updates to core, your plugins and themes. <br>
<br>
Your WordPress website communicates with Gravatar by default to grab the avatars for users on your site, <br>
using their registered e-mail address. <br>
<br>
The following plugins have indicated that they communicate with external Application Program Interfaces (APIs): <br>
Links to the Terms of Service applicable to such APIs are displayed next to the relevant plugin. <br>
- list <br>
The following plugins have indicated that they access assets (images, etc.) that are located on other sites: <br>
Links to the Licenses of these assets are displayed next to the relevant plugin. <br>
- list <br>
<br>
<h4> Where your site sends information: </h4>
<br>
Your WordPress installation informs pingomatic.com by default each time that you publish a post. <br>
<br>
The following plugins have indicated that they send e-mails: <br>
- list <br>
<br>
Your WordPress installation includes a number of APIs by default. These APIs allow other sites to request information from your website. <br>
These APIs include: <br>
- The REST API; <br>
- XML-RPC; <br>
- list <br>
<h2> The site owner / administrator as the user </h2>
<br>
Just as you have a reponsibility towards your WordPress site\'s users to respect their privacy, <br>
websites that you make use of should also be respecting yours. <br>
<br>
<h3> Software as a Service </h3>
<br>
SaaS services usually require that you register an account with the relevant provider, subject to their Terms of Service. <br>
Such registration may require you to submit Protected Personal Information (PPI) about yourself and / or your site. <br>
The following plugins have indicated that they provide Software as a Service (SaaS). <br>
The Terms of Service for each SaaS instance is listed next to the relevant plugin. <br>
- list <br>
<br>
<h3> Advertising </h3>
<br>
Advertising by plugins is permitted for plugins in the official WordPress repository. <br>
However, these advertisements must be permanently dismissable in terms of the Plugin Submission Guidelines. <br>
The following plugins have indicated that they place advertisements in your wp-admin area: <br>
- list <br>
<br>
What is this page all about?