Skip to content

Privacy and Compliance

Richard Kent Gates edited this page Jun 9, 2026 · 3 revisions

Privacy & Compliance

Rich Statistics is designed from the ground up to be compliant with GDPR, CCPA, and ePrivacy regulations. Because no personal identifiers are collected, the plugin operates on a privacy-first basis. For jurisdictions or use cases that require explicit visitor consent, an optional consent banner is available. This page explains exactly what data is collected, what is not, and how to verify our claims.

Data collected

Data point Example stored value How it is derived
Page path /blog/my-post/ URL path only — no domain, no fragment. Query params >40 chars or resembling emails are stripped.
Session UUID f47ac10b-58cc-… Random UUID generated in sessionStorage. Dies when the tab is closed. Used only to deduplicate rapid repeat views within one session.
Referrer domain google.com Domain only — path and query stripped immediately on the server. (direct) if no referrer.
UTM parameters utm_source=newsletter Standard UTM values from the query string if present.
Browser name & version Chrome 120 Parsed from the User-Agent string server-side. The raw UA string is not stored.
Operating system Windows Parsed from UA string.
Screen resolution 1920×1080 Reported by screen.width/screen.height in JavaScript.
Click coordinate (Premium) x: 48.2%, y: 31.9% Percentage of page width/height at click point. No absolute pixels, no element ID stored unless it is a stable semantic ID.
Timestamp 2025-01-15 14:32:00 Server time at ingest.

Data NOT collected

Data point Why it is not collected
IP address REMOTE_ADDR is never read or passed to any function. Verified by grep audit.
Cookies of any kind Zero calls to setcookie(), wp_set_auth_cookie(), or any cookie API. Verified by grep audit.
Canvas or font fingerprint The JavaScript layer measures browser capabilities via documented APIs only (webdriver flag, screen size, navigator.plugins). It does not render canvas elements or measure font metrics.
Email addresses URL sanitization strips any query parameter whose value looks like an email address before storage.
Long query parameters Query parameters longer than 40 characters (e.g., session tokens, JWT fragments) are stripped before storage.
Cross-session identity Session UUIDs are in sessionStorage, not localStorage or cookies, so they cannot be used to track a visitor across sessions or devices.

Third-party data sharing

Rich Statistics shares zero data with third parties. All data is stored in your own WordPress database. The plugin makes no outbound HTTP requests except:

  • Freemius license verification — if you have a Premium license. This sends only: your site URL, WordPress version, PHP version, and license key. No analytics data.
  • Scheduled email reports — sent to the address you configure, via your own site's server.

Consent banner (optional)

Starting with v2.4.27, site owners can enable a visitor-facing consent banner in Rich Statistics → Preferences → Consent Banner.

Default state: The banner is disabled by default. No consent UI is shown unless the administrator explicitly turns it on.

Consent categories:

Category Controls Default (auto-consent OFF) Default (auto-consent ON)
Analytics Pageview tracking, session aggregation, referrer analysis, UTM campaigns OFF ON
Behavior Click tracking and heatmap data collection OFF ON
Technical Reserved for future technical metrics OFF ON

Auto-consent: When enabled, all categories default to true on the visitor's first page load. The banner still renders so visitors can review or withdraw consent at any time via the persistent Privacy Settings button. When auto-consent is disabled, all categories default to false until the visitor explicitly accepts or customizes their choices.

Storage: Consent choices are stored in localStorage (with sessionStorage fallback) under the key rsa_consent. No cookies are used. The choice is remembered across sessions on the same device/browser.

GDPR compliance notes

  • Legal basis: When the consent banner is disabled, no personal data is collected and processing falls under legitimate interest (website operation analytics). When the banner is enabled, consent becomes the legal basis for visitors who interact with it.

  • Data subject rights: There is no user ID or persistent identifier, so there is no data tied to a specific person to retrieve, correct, or delete. Visitors can change or withdraw consent at any time via the Privacy Settings button.

  • Data Protection Officer: Because no personal data is processed, appointment of a DPO solely for analytics is not required under Article 37 GDPR.

  • Data transfers: All data stays on your server. No international data transfers occur through this plugin.

    This page provides technical information, not legal advice. Consult your own legal counsel to confirm compliance obligations in your jurisdiction.
    

Self-audit commands

Run these on your plugin installation to verify the privacy properties yourself:

# Verify: no IP address is used in tracking
grep -rn "REMOTE_ADDR\|HTTP_X_FORWARDED" includes/ assets/

# Verify: no cookies are ever set
grep -rn "setcookie\|_COOKIE\|wp_set_auth_cookie" includes/ assets/

# Verify: no external HTTP calls from the tracker
grep -rn "wp_remote_get\|wp_remote_post" includes/class-tracker.php

All three commands should return zero matches.

Data deletion

To delete all collected analytics data:

  • Selective pruning: Use wp rich-stats purge --older-than=0 to delete all event rows immediately while keeping the plugin active.
  • Full removal: Enable Remove data on uninstall in Rich Statistics → Preferences and then deactivate and delete the plugin. All five database tables and all rsa_* options will be removed.

Documentation

Features

User Guide

Compliance


External Links

Clone this wiki locally