-
Notifications
You must be signed in to change notification settings - Fork 0
Privacy and Compliance
Rich Statistics is designed from the ground up to be compliant with GDPR, CCPA, and ePrivacy regulations. Because no personal identifiers are collected, the plugin operates on a privacy-first basis. For jurisdictions or use cases that require explicit visitor consent, an optional consent banner is available. This page explains exactly what data is collected, what is not, and how to verify our claims.
| Data point | Example stored value | How it is derived |
|---|---|---|
| Page path | /blog/my-post/ |
URL path only — no domain, no fragment. Query params >40 chars or resembling emails are stripped. |
| Session UUID | f47ac10b-58cc-… |
Random UUID generated in sessionStorage. Dies when the tab is closed. Used only to deduplicate rapid repeat views within one session. |
| Referrer domain | google.com |
Domain only — path and query stripped immediately on the server. (direct) if no referrer. |
| UTM parameters | utm_source=newsletter |
Standard UTM values from the query string if present. |
| Browser name & version | Chrome 120 |
Parsed from the User-Agent string server-side. The raw UA string is not stored. |
| Operating system | Windows |
Parsed from UA string. |
| Screen resolution | 1920×1080 |
Reported by screen.width/screen.height in JavaScript. |
| Click coordinate (Premium) | x: 48.2%, y: 31.9% |
Percentage of page width/height at click point. No absolute pixels, no element ID stored unless it is a stable semantic ID. |
| Timestamp | 2025-01-15 14:32:00 |
Server time at ingest. |
| Data point | Why it is not collected |
|---|---|
| IP address |
REMOTE_ADDR is never read or passed to any function. Verified by grep audit. |
| Cookies of any kind | Zero calls to setcookie(), wp_set_auth_cookie(), or any cookie API. Verified by grep audit. |
| Canvas or font fingerprint | The JavaScript layer measures browser capabilities via documented APIs only (webdriver flag, screen size, navigator.plugins). It does not render canvas elements or measure font metrics. |
| Email addresses | URL sanitization strips any query parameter whose value looks like an email address before storage. |
| Long query parameters | Query parameters longer than 40 characters (e.g., session tokens, JWT fragments) are stripped before storage. |
| Cross-session identity | Session UUIDs are in sessionStorage, not localStorage or cookies, so they cannot be used to track a visitor across sessions or devices. |
Rich Statistics shares zero data with third parties. All data is stored in your own WordPress database. The plugin makes no outbound HTTP requests except:
- Freemius license verification — if you have a Premium license. This sends only: your site URL, WordPress version, PHP version, and license key. No analytics data.
- Scheduled email reports — sent to the address you configure, via your own site's server.
Starting with v2.4.27, site owners can enable a visitor-facing consent banner in Rich Statistics → Preferences → Consent Banner.
Default state: The banner is disabled by default. No consent UI is shown unless the administrator explicitly turns it on.
Consent categories:
| Category | Controls | Default (auto-consent OFF) | Default (auto-consent ON) |
|---|---|---|---|
| Analytics | Pageview tracking, session aggregation, referrer analysis, UTM campaigns | OFF | ON |
| Behavior | Click tracking and heatmap data collection | OFF | ON |
| Technical | Reserved for future technical metrics | OFF | ON |
Auto-consent: When enabled, all categories default to true on the visitor's first page load. The banner still renders so visitors can review or withdraw consent at any time via the persistent Privacy Settings button. When auto-consent is disabled, all categories default to false until the visitor explicitly accepts or customizes their choices.
Storage: Consent choices are stored in localStorage (with sessionStorage fallback) under the key rsa_consent. No cookies are used. The choice is remembered across sessions on the same device/browser.
-
Legal basis: When the consent banner is disabled, no personal data is collected and processing falls under legitimate interest (website operation analytics). When the banner is enabled, consent becomes the legal basis for visitors who interact with it.
-
Data subject rights: There is no user ID or persistent identifier, so there is no data tied to a specific person to retrieve, correct, or delete. Visitors can change or withdraw consent at any time via the Privacy Settings button.
-
Data Protection Officer: Because no personal data is processed, appointment of a DPO solely for analytics is not required under Article 37 GDPR.
-
Data transfers: All data stays on your server. No international data transfers occur through this plugin.
This page provides technical information, not legal advice. Consult your own legal counsel to confirm compliance obligations in your jurisdiction.
Run these on your plugin installation to verify the privacy properties yourself:
# Verify: no IP address is used in tracking
grep -rn "REMOTE_ADDR\|HTTP_X_FORWARDED" includes/ assets/
# Verify: no cookies are ever set
grep -rn "setcookie\|_COOKIE\|wp_set_auth_cookie" includes/ assets/
# Verify: no external HTTP calls from the tracker
grep -rn "wp_remote_get\|wp_remote_post" includes/class-tracker.php
All three commands should return zero matches.
To delete all collected analytics data:
-
Selective pruning: Use
wp rich-stats purge --older-than=0to delete all event rows immediately while keeping the plugin active. -
Full removal: Enable Remove data on uninstall in Rich Statistics → Preferences and then deactivate and delete the plugin. All five database tables and all
rsa_*options will be removed.
- Home
- Release Tracks — Branch structure, promotion flows
- CI/CD Reference — Workflows, Freemius, deployment
- App Server Setup — Server infrastructure
- Code Map — Project structure