🎉 AgentWP is now in Public Beta Testing.
Data Policy
At AgentWP, we understand the importance of data privacy and security. Our plugin connects to our AI services and provides information about your WordPress site to enable our AI to generate responses and perform actions. This document outlines how information is collected, what information is shared with our servers, models, and providers, and the measures we take to protect your data. We believe in being as transparent as possible about our data practices.
Overview
Our AI agent has access to all information on your WordPress website, similar to a human developer with administrator privileges to the front end, backend, database, and file system. This data access is read-only.
We leverage a significant amount of information about your website, but it remains private and protected.
Data Protection and Privacy
For each website, data is segmented and only accessible by the agent specific to that website.
Your data is incredibly important to us, and it remains your property. We will not use any information taken from your WordPress website to train our AI models unless you have explicitly ranked a chat in a conversation. When you rank a chat as either good or bad, we have access to anonymized information for that specific conversation thread, including context pulled from your website.
Apart from this, our staff will never have access to your personally identifiable information. If you wish to avoid sharing any personally identifiable information, simply refrain from ranking any messages.
All your data is encrypted when sent to and from our AI services. Data may be stored in an isolated container specific to your website as part of our indexing process. Indexing builds a collection of information that our assistant can autonomously reference when answering questions, creating messages, or running actions.
Encryption at rest is AES 256, and encryption in transit is SSL/TLS 1.2. We require your website to have an SSL certificate for the plugin to function.
Our plugin, platform, and services are independently audited by security experts. We are also in the process of achieving a SOC 2 security certification.
Data Access vs. Sync
In the following sections, we specify what data is accessed on-demand (-d) and what is indexed and synced (-s) to our platform. When data is indexed, it is sent to an isolated AI-native database specific to your website to make it instantly accessible to the AI assistant. When data is accessed on-demand, the AI assistant will run an SQL query or other method to access and review data in real-time.
Website Data
- Site name (-d, -s)
- Site description (-d, -s)
- Registered post types (-d, -s)
- Pages and posts (-d, -s)
- Custom post types (-d, -s)
- Taxonomies and terms (-d, -s)
- Media files (images, videos, etc.) (-d)
- Site settings and configurations (-d, -s)
- Menus and navigation (-d, -s)
- Widgets (-d, -s)
User Data
- User roles and capabilities (-d)
- User-generated content (comments, reviews, etc.) (-d)
- User metadata (-d)
Database Data
- Database structure (-d)
- Table schemas (-d)
- Specific query results (-d)
- Semantic representation of data (embeddings) (-s)
For specific queries, AgentWP may examine the structure of your database, generate an on-demand SQL query, retrieve specific information, and then use that information in the context of the conversation.
Information from the database is not stored on our servers. However, we may store the semantic representation of data within the database on our servers.
What this means for you:
During the indexing process, we may take semantically heavy content from your WordPress database, embed it using a third-party AI provider, and store that embedding in a vector database managed by us specifically for your website.
The agent may use this embedding to semantically refer to that content. The agent will determine the most relevant record by referring to the embedding stored on our services.
Each embedding row contains a unique identifier specific to the WordPress database. That unique identifier is used to pull the information from your WordPress database to include as context for our agent.
Therefore, information is pulled on-demand, but the semantic representation of this information is indexed and stored on our servers.
Environment Data
- Hosting information (-d)
- PHP version (-d)
- SQL version (-d)
- Database configuration information (-d)
- Server environment variables (-d)
Themes and Plugins
- Plugin codebases (-d, -s)
- Theme codebases (-d, -s)
- File directory and structure (-d, -s)
- Plugin and theme settings (-d, -s)
- Plugin and theme metadata (-d, -s)
Custom Data
- Agency-provided data via our web platform (-s)
- Custom fields and metadata (-d, -s)
- Third-party integrations (-d)
Agencies have the option to add custom data to their managed agents via our web platform. This data is stored, managed, and accessed in the same manner as all other information pulled from the WordPress website. This data also follows our retention and deletion policies.
Usage Data
We collect information about what happens when you use our services (e.g., page views, button clicks, etc.) along with information that web browsers, mobile devices, and servers typically make available, such as the browser type and operating system. We use this information to provide our services to you, gain insights on how people use our services, and improve those services.
Data Usage and Consent
There is no way to turn off any of the synchronization occurring with our agent. The agent requires all of this information to function, just as a WordPress developer would. We protect this information as our company depends on the trust and support of our users. This information will never be used to train models or otherwise become accessible by anybody but you and the agent specific to your website.
If you do not want this information to be shared, you cannot use our services. By using our services, you consent to the sharing of this information with us under the terms and information outlined in this document.
Transparency and Open Source
Our plugin is open-source and accessible via the WordPress plugin repository. All means and methods of accessing and synchronizing data from your website to our services are documented in commented and human-readable code. If you're interested in the actual mechanisms behind how the agent works, please feel free to review the source code. The plugin does not change depending on whether you are a free, pro, or agency subscriber.
Data Retention
Your data may be retained indefinitely, as long as the site exists under AgentWP, and is continuously updated via our indexing process. As a reminder, your data is only accessible by your specific agent for your specific website. At rest, it is encrypted and cannot be read by AgentWP staff, is not used for training, and is only retained to ensure the proper, accurate, and quick operation of our agent.
Data Deletion
When you delete an agent from the Web App, your data is scheduled to be deleted 14 days following the deletion action. This gives ample time to reactivate the account if the user requests. If not, the data is removed permanently from our servers. You may always re-create the website, add the agent, re-index your information, and use it as required. You may also contact our support to delete data immediately as opposed to waiting the 14 days for the automatic permanent deletion.
If you delete your entire account, the same process happens for all sites under that account.
We are committed to protecting your data and being transparent about our data practices. If you have any questions or concerns, please don't hesitate to contact our support team.
3rd Party Data Processors
Please review the 3rd Party Data Processors document