1.1 Plugins That Store Personal Info Locally

Link to chapter 1

Many of our plugins have features built-in that may result in the storing of personal information of your site’s visitors and users in your WordPress database. Please note, this personal information is not sent to, or stored here, at WPMU DEV (check here for plugins that may send information to WPMU DEV).  In most cases, you will be able to see and access the data right inside of the WordPress dashboard in the settings pages for each plugin. For example, form entries in Forminator.

You should be aware of these plugins to ensure that you follow any local laws or regulations when it comes to disclosing to your users what data you store and how you use it. You may also need to provide users with copies of this data should it be requested and may need to fully delete the data when asked as well. Should you need any help with these requests, please reach out to our support team.

As a rule, you should:

  1. Always inform users that you are collecting any personal data, get consent to do so, and let them know specifically why you are collecting it. The best place to do this is in your Privacy Policy.
  2. Delete or anonymize any and all personal data when you no longer need it.

The following WPMU DEV plugins may store personal information in your WordPress database (depending on your use of the plugin and settings):

  1. Defender – IP addresses, content, and user information of all site visitors.
  2. Forminator – Forms can be used to collect and store all types of information
  3. Hustle – Form tool can be used to customize information collected
  4. Smush Pro – Image files may contain EXIF data that could identify a user. By default, with Smush Pro enabled, EXIF data is not saved locally, but a setting in the plugin does allow for it to be enabled.

1.2 Plugins That Send WPMU DEV Info

Link to chapter 2

WPMU DEV Dashboard and API: The Dashboard plugin is used to connect your WPMU DEV account with your WordPress installation and sends to WPMU DEV the following information:

  • WordPress/BuddyPress version and size
  • Installed plugins/themes
  • Site URL

The WPMU DEV API does NOT:

  • Track any personal or user information
  • Data is not sold or shared with any third-party
  • Is only used for statistical, security, and support related requirements (this includes the ability to push security updates should it be required)

Some of our plugins require the WPMU API key and the WPMU DEV Dashboard plugin to be in place in order to make their features and services possible. These include:

  1. Defender Pro
  2. Integrated Video Tutorials
  3. Hummingbird Pro
  4. SmartCrawl Pro
  5. Snapshot Pro
  6. Smush Pro
  7. Shipper Pro
  8. WPMU DEV Dashboard Plugin

A few of our plugins may also send end-user or site visitor personal information to WPMU DEV, depending on the settings in place in your WordPress installation.

If you use any of these plugins, you should list WPMU DEV as a 3rd-party service provider or Data Processor in your Privacy Policy or data area of your website.

These plugins are:

Defender: If you choose to activate ‘Audit Logging’ in Defender Pro, we will track and store site and user activity, such as usernames, comments, posts, login attempts, setting changes, and upload timestamps on our secure servers. ‘Audit Logging’ is an optional feature that can be turned off in the Defender plugin.

Snapshot Pro: Used to store backups of your WordPress database, so this may include any personal information that is also in your WordPress database. You can fully delete backups at any time.

1.3 Plugins That May Add Cookies

Link to chapter 3

Some plugins may make use of cookies in order to provide the functionality desired.

You may be required to alert your site’s visitors and users to the use of the cookies in your Privacy Policy or Cookie area of your website. Specific descriptions of cookies and their purpose will be added to plugin readme.txt files in the near future according to general WordPress plugin best practices.

The following WPMU DEV plugins may add Cookies to your site(s) when activated:

  • Beehive
  • Hustle
  • Snapshot Pro

1.4 Plugins With 3rd-Party Integrations

Link to chapter 4

Many of our plugins have features built-in that allow for integrations with various 3rd party services.

When using these plugins with these 3rd-party services, you may be required to provide this information to your end-users or site visitors in your Privacy Policy or Legal/Terms area of your website. Depending on the circumstances, you may also be required to gain the consent of your site’s visitors as well.

These plugins are:

  • Forminator Pro: Google reCAPTCHA, HubSpot, Slack, Campaign Monitor, ActiviteCampaign, Google Sheets, Trello, MailChimp, and AWeber
  • Beehive: Google Analytics
  • Hummingbird: Cloudflare and Stackpath
  • Hustle: reCAPTCHA, Zapier, various email services including MailChimp, AWeber, Constant Contact, GetResponse, Sendy, Mad Mimi, Infusionsoft, Campaign Monitor, ConvertKit, social platforms like Facebook, Twitter, Pinterest, LinkedIn, Reddit, Vkontakte, 500px, Houzz, Instagram, Twitch, YouTube, Telegram, WhatsApp, and Email
  • WPMU DEV Dashboard: Mixpanel (analytics), LiveChatInc (in dashboard support)
  • Defender Pro – Google’s blacklist monitoring

1.4.1 Usage Tracking

Link to chapter 4

By default, we don’t receive any data from WordPress.org on how our plugins and their features are used. By opting into usage tracking, you’re helping us to improve Hummingbird based on real user usage. Opting-in ensures that we’re spending our resources on the most impactful improvements for you, our users.

We track non-sensitive data around feature usage, WordPress and server environment, and browser/OS type.

As of Hummingbird 2.5, we’ve made it possible for anyone to enable usage tracking from within their WordPress admin area. When usage tracking is enabled, it will send our developers basic data about how you are using Hummingbird to improve performance on your site.

Enabling usage tracking helps us:

  • Understand what features are being used by our users so we can make better development decisions.
  • Understand the number of sites impacted by a change to a product or feature and to act more quickly in resolving issues.
  • Contact users if we detect a security issue.
    Make better suggestions based on real-world user feedback.

By choosing to share your data, you’re helping us make Hummingbird better for everyone. Usage data helps us make more useful features, write better documentation, and make Hummingbird a better performance tool.

Enable usage tracking from the Hummingbird setup Wizard

What we’ll track

We track non-sensitive data about how your site is using Hummingbird to improve performance. We do not track or store personal data from your visitors.

Full list of what is tracked in Hummingbird:

  • Feature usage
  • Plugin type and version
  • WP Install Locale (language + country)
  • Site URL
  • Browser type and version
  • Operating System
  • PHP version
  • MySQL version
  • Server type (i.e. Nginx or Apache)
  • Screen size
  • WP installation type (Multisite vs. Single)
  • WP version
  • Active theme
  • Current and Initial Referral URL

With the launch of Hummingbird 2.5, we start tracking user behavior within the Hummingbird plugin for those that opt-in. We track user behavior events, like how new users interact with the setup wizard and what features and settings are being used.

Data is sent automatically to the MixPanel servers once you choose to share data with us. Usage tracking for Hummingbird is not a default setting, requires opt-in consent, and can be started or stopped at any time.

Opt-out of Data Sharing

If you no longer want to share your site’s non-sensitive Hummingbird usage data with our developers, you can opt-out at any time.

To opt-out of sharing data with us, go to Settings > General > Usage Tracking

Opt-in or out of Hummingbird Usage Tracking

It is important to note that we do not have access to your WordPress database, passwords, or other sensitive data. We also do not and will not share or sell any of the data we collect.