WP Security Audit is a plugin which allows website administrators to monitor internal web site usage for auditing and security purposes.
This privacy notice pertains to this website, and describes our provision of the WP Security Audit plugin to web site administrators. It also details what we do with our customers’ data in order to provide the plugin.
If you are a user of the WP Security Audit plugin as a web site administrator, you have an obligation to detail your use of the plugin in your own privacy notice – WP Security Audit Log plugin privacy notice.
This privacy notice has last been updated on the 23rd July 2019
WHO WE ARE
WP Security Audit Log is developed by WP White Security, a company registered in the Netherlands under number 74153552 whose registered office is at Tarweveld 5, 6617CD, Bergharen. Email contact: firstname.lastname@example.org.
WHAT INFORMATION WE COLLECT, AND WHY
Upon installing the WP Security Audit plugin on your self-hosted WordPress site, administrators will have the choice to opt in to telemetry data being sent to freemius.com. This will include:
- Your name and email address, which we will use for notifications of upgrades and product enhancements,
- Your site’s URL, WordPress version, PHP version and list of installed plugins and themes.
We access this data via our own account on freemius.com. Freemius.com has no direct access to any of the telemetry data sent to their site and can only access it upon request, such as in the case of a technical support request.
We use telemetry information strictly for the improvement of the plugin and to respond to support queries. If you do not want to opt in to telemetry, this will not impact your use of the plugin in any way.
AUDIT AND ACTIVITY LOGS
Neither we nor Freemius collect any of the information generated by installations of our plugin on end user sites (i.e. the WordPress audit trail).
Neither we nor Freemius have access to the data collected by any installation of our plugin (i.e. the WordPress audit trail).
Our web site uses Stripe cookies to assist you in the checkout process. Following is the list of cookies that Stripe sets when you access our web site:
_stripe_sid (term 30 minutes)
_stripe_mid (term 1 year)
Both these cookies are used by Stripe payment gateway to measure web traffic and also to also distinguish users sessions. For more information refer to: https://stripe.com/cookies-policy/legal
We use Google Analytics to learn how our users are using the website and how the website is performing. All the data on Google Analytics is anonymous. Following is a list of cookies that Google Analytics sets when you access our website:
_ga (term 2 years)
_gid (term 24 hours)
These cookies are used by Google Analytics service to store a unique user ID so the platform can determine if two or more distinct hits belong to the same user or not. For more information refer to: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
_gat (term 1 minute)
This cookie does not store any user information. It is just used by Google to limit the number of requests that have to be made to Google’s advertising networks. For more information refer to: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
To opt out of Google and other third party cookies, visit YourOnlineChoices.eu.
_catAccCookies (term 365 days)
OTHER THIRD PARTY WEBSITES
We may occasionally embed useful content such as videos from YouTube, tweets, etc. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These services may collect your IP Address, your browser’s User Agent, store and retrieve cookies on your browser, embed additional third party tracking, and monitor your interaction with that embedded content, including correlating your interaction with the content with your account with that service. If you are logged in to that service. I recommend exercising your privacy rights directly through the services using the links above.
WHO ELSE PROCESSES YOUR DATA?
If you purchased the premium add-ons of our plugin prior to the 18th of January 2018 your data, including your billing details, is stored by us for customer service and subscription renewals.
We do not store, or have any access to, any payment information such as credit card numbers or addresses.
WHERE IS YOUR DATA?
Our website is hosted with WP Engine in the United States and the hosting provider is compliant with the EU – U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework – more info.
MailChimp data is stored in the United States. MailChimp is compliant with the EU – U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework – more info.
Freemius data is stored in the United States. Freemius is a GDPR ready service – more info.
HOW LONG DO WE KEEP YOUR DATA?
Newsletter: we keep your email address, first and last name on MailChimp until you unsubscribe from our newsletter.
Freemius: we keep your email address, first and last name, web site information and billing details (no cardholder or payment data is stored by us or Freemius) until you opt-out or cancel your premium subscription.
Website – If you made any purchases on this site prior to the 18th of January 2018, we retain your customer data (Email address, first and last name, and billing details) until you no longer renew your subscription.
HOW DO WE PROTECT YOUR DATA?
We ensure that all the software we use is the latest and most secure version available on the market. We also ensure that all the online services we work with and where your data is stored (such as Freemius and MailChimp) are compliant with European data protection standards as well as the regulations of their respective countries.
WHAT ABOUT MY RIGHTS?
To discuss any privacy concerns you have as a customer of our plugins or a user of this website, or to invoke your privacy rights under European law, please contact us on email@example.com.
Please note that as we have no access to any of the audit log and security data generated by users of some of the plugins we develop, we cannot assist you in invoking your privacy rights pertaining to installations of the plugin. You will need to contact the administrator of the site using the plugin to invoke your rights.
This website contains links to other websites. Some of these links are affiliate links. We do not share your data with any affiliate-linked websites.
HOW CAN YOU FIND OUT MORE
If you have any questions or concerns about the ways we use your data, or this privacy notice, please contact us on +31 (0)24 2022 825 or email us on firstname.lastname@example.org.
PRIVACY NOTICE FOR THE WP SECURITY AUDIT LOG PLUGIN USERS
If you use the WP Security Audit log plugin on your web site, you must advise your site visitors of this in your privacy notice. We suggest using the following text. Please note this text is not exhaustive. It is your responsibility to accurately reflect your data capture and retention through the plugin in your privacy notice.
SECURITY MONITORING AND AUDITING
We use the WP Security Audit Log plugin as a security monitoring and auditing plugin to create a log of data about the ways that our web site is used by those who have login access to it. This information is collected and retained by the web site administrator for, as the name might suggest, security and auditing purposes.
Once activated, the plugin logs a timestamped record of when a logged-in user takes the following actions:
- Logs in and out;
- Creates, deletes or modifies or views a post (be it a page, post or a post with a custom type);
- Creates, deletes or modifies tags;
- Creates, modifies, deletes, or approves comments;
- Creates, modifies or deletes widgets and menus;
- Creates, modifies (this including changing the password), deletes a user or views another users’ profile;
- Installs, activates, deactivates, or uninstalls a theme or plugin;
- Changes system settings such as reading, general, or permalinks;
- (remove as applicable) Takes actions on a multisite network such as creating a new site, creating a new user on the network, adding a user to a site, changing its role, etc;
- (remove as applicable) Takes actions on a BBPress forum such as creating a new forum, deleting entries, changing forum settings, etc;
- (remove as applicable) Takes actions on a WooCommerce installation such as creating a new product, changing store settings, modifying the product, etc.
The timestamped record includes the following information:
- The user’s login name
- The user’s actual name as entered when their account was set up
- The user’s WordPress role (Author, editor, etc)
- The IP address from which the user accessed the site
- The time and date of each action detailed above while the user was logged in.
The data captured by the WP Security Audit Log plugin is stored by the website administrator for a period of [the time the administrator has specified in the plugin settings] solely for security and auditing purposes.
Information captured by WP Security Audit Log is accessed only by the administrators of the web site and is stored on the web site’s database. These administrators may be located outside the European Union.
Information captured by the WP Security Audit Log is not shared with third parties except in the case of security investigations or law enforcement requests.
In your privacy notice, please detail the security precautions you take to protect the information generated by the WP Security Audit Log plugin.