Privacy Policy
Effective Date: January 1, 2026
Last Updated: July 11, 2026
1. Introduction and Architectural Principles
This Privacy Policy describes how WP Tailwatch LLC ("WP Tailwatch," "we," "our," or "us") collects, uses, discloses, and protects information across our marketing website (wptailwatch.com), cloud dashboard (dashboard.wptailwatch.com), central API (api.wptailwatch.com), companion mobile applications, and our WordPress software extensions (collectively, the "Service").
We operate on a transparent hybrid data principle: while core operational activity log structures can reside locally within your target WordPress environment, connecting your Site to a cloud account securely transfers essential security logs, environment metadata, and configuration variables to the WP Tailwatch Cloud Database. This data synchronization is technically required to power remote cloud management, maintain state across devices, and display your real-time site security status within our mobile applications.
By using the Service, you accept the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
1.1 Data Processing Roles (Controller vs. Processor)
Depending on your relationship with the Service, data privacy regulations (such as GDPR and CCPA) distinguish between data "Controllers" and "Processors":
- WP Tailwatch as a Data Controller: We act as a Data Controller for your account registration details, profile configurations, subscription records, and billing parameters collected when establishing an active profile on our platform.
- WP Tailwatch as a Data Processor: When you link your WordPress Site to our cloud infrastructure, you assume the role of Data Controller, and we operate strictly as a Data Processor regarding raw server log files, visitor IP tables, event notification metrics, or application source files transmitted from your instance. It remains your absolute legal obligation to ensure your independent digital platforms display adequate disclaimers regarding the execution of third-party security processors like WP Tailwatch.
2. Data Stored Locally on Your WordPress Site
The following data is created and stored entirely on your own WordPress server. WP Tailwatch has no access to this data. You control its retention and deletion through the WordPress admin and the Plugin settings.
- Activity events: logins, logouts, registrations, password resets, failed login attempts (with timestamp, username, IP address, user-agent);
- AJAX request logs: outgoing AJAX requests with URI, method, response timing, and IP;
- HTTP error logs: 4xx and 5xx errors captured during page requests, with failing URL and request method;
- Email send or failure logs: subject, recipient address, headers, attachment filenames, and SMTP error messages where applicable;
- Action history: plugin, theme, or core updates, rollbacks, activations, deactivations, and deletions, with user attribution and before/after state;
- System information: PHP version, WordPress version, disk space, and database size;
- Feature settings and per-feature verification status;
- SSL certificate details for monitored domains (issuer, expiry, key information);
- Secure authentication tokens for the Plugin's internal REST API (used by the dashboard and mobile app to communicate with your Site);
- CTA keys (Client-to-Application credentials, hashed);
- Connected account information (if your Site is connected to a WP Tailwatch account): user ID, email, plan name, connection key, and relevant dates;
- Backup manifest data: file lists, sizes, and hash digests;
- File integrity baselines: cryptographic hashes per file path;
- Site backups: copies of your WordPress files and a dump of your database, stored under wp-content/uploads/.
You can delete any of this locally-stored data at any time from the Plugin's admin UI. Choosing "Delete All Data" in the deactivation modal removes all Plugin database tables and options.
3. Data Transmitted to WP Tailwatch Cloud Servers
Connecting either the Free or Pro plugin variations to an active account initiates specific data transmission protocols to api.wptailwatch.com to deliver cloud features:
3.1 Cloud Integration, Account Verification, and Dashboard Syncing
- Your website URL, target domain pointers, environment identifiers (staging vs. production), and plugin status configurations.
- Aggregated security log summaries, malware scan manifests, and core platform health metrics necessary to format real-time functional views inside your WP Tailwatch mobile applications and web dashboard.
3.2 Real-Time Push Notification Engine and Event Metadata
- To execute real-time administrative device alerts, our system relays event payload metrics (such as brute-force indicators, core updates, or firewall triggers) directly from your site to the WP Tailwatch API.
- This data includes site metadata, event details, and the intended notification body content.
- This information is securely stored in our cloud database to maintain notification histories and is processed via Firebase Cloud Messaging (FCM) to reach your paired mobile tracking devices.
3.3 Remote Malware Scanning and File Processing Engine
When a security audit or malware scan execution is initiated (via automated routine triggers, manual plugin selection, or remote mobile/dashboard command), our system operates a distributed remote scanning architecture to protect local host processing resources from degradation:
- Our software packages and transfers copies of suspect application files from your environment directly to isolated scanning nodes.
- These components are cross-referenced dynamically for signature variations, arbitrary code modifications, injections, and active vulnerabilities.
- Malware Remediation & Cleanup: If malware removal is authorized, code cleaning occurs inside our secure isolation framework before deploying the repaired file back to your target environment over encrypted API pipelines.
- Data Retention Limits: Scanned file elements are maintained exclusively as ephemeral cached records. They are deleted permanently from the scanning servers immediately upon the termination of the active verification thread.
4. Third-Party Service Providers and Tracking Technologies
WP Tailwatch utilizes trusted third-party providers to maintain service architecture, deliver messages, and measure marketing interactions. Each provider operates under its respective privacy terms:
4.1 Core Infrastructure and Notification Delivery
- Google LLC (Firebase Cloud Messaging): Used to package and deliver push notifications to paired mobile devices.
- Google LLC (Gmail OAuth): If you voluntarily authorize Gmail XOAUTH2 SMTP, your site exchanges tokens directly with Google endpoints. The email body routes straight from your server to Google and does not pass through WP Tailwatch's servers.
4.2 Analytics, Optimization, and Website Tracking
Our public marketing website (wptailwatch.com) and onboarding workflows utilize performance tracking integrations to analyze performance:
- Cloudflare Inc. (including Cloudflare Zaraz): Used for global edge hosting, threat mitigation, and script loading optimization. Cloudflare handles telemetry and network logs to enhance delivery speed and block malicious bot patterns.
- Google LLC (Google Analytics 4 & Tag Manager): Measures website performance patterns, user retention vectors, and macro traffic distribution paths. Data is aggregated and de-identified.
- Microsoft Corporation (Microsoft Clarity): Captures operational click behaviors, mouse movements, scrolling paths, and session rendering paths to resolve UI bottlenecks and improve our landing experiences. Data is captured using first and third-party cookies.
5. Information We Collect Directly
When you create an account, purchase a subscription, or communicate with us, we collect:
- Registration info: email address, name, and account password (stored as a secure, salted hash);
- Payment info: billing address, card brand, last 4 digits, and transaction history. Payment processing is handled securely by our third-party payment processor. We do not store full credit card numbers on our servers;
- Support logs: correspondence sent to [email protected].
6. Cookies and Similar Technologies
WP Tailwatch does not place any tracking cookies or use behavioral analytics tools through the Free Plugin or Pro Plugin inside your personal WordPress Site dashboard. The cloud dashboard at dashboard.wptailwatch.com uses cookies strictly necessary for account authentication and secure session management.
On our public marketing website (wptailwatch.com), we utilize third-party cookies, scripts, and pixels, including Google Analytics, Microsoft Clarity, and Cloudflare Zaraz, to analyze visitor paths, debug technical issues, and measure optimization efforts. A complete cookie disclosure and opt-out instructions are provided in our separate Cookie Policy.
7. How We Use Your Information
We use the collected information to:
- Authenticate your account and verify your subscription status;
- Provide, maintain, and improve the Service, including the Android and upcoming iOS apps;
- Process transactions and issue invoices;
- Send critical operational updates, security alerts, and support responses;
- Comply with applicable legal obligations and enforce our Terms of Service.
8. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We only share information with third-party service providers who assist us in operating our business and providing the Service, subject to strict confidentiality obligations. We may disclose data if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation.
9. Data Security and Breach Notification Standards
We implement strict administrative, technical, and physical safeguards designed to protect your synchronized cloud metrics and ephemeral scanning caches. However, no data transmission or storage architecture can be guaranteed 100% secure.
- Incident Response: In the highly unlikely event that our cloud infrastructure experience a verified data breach impacting your account credentials or stored site metadata, we will initiate mitigation protocols immediately.
- User Notification: We adhere to global legal mandates regarding data breaches. If we confirm that your personal data or site metadata has been exposed to unauthorized entities, we will notify affected account holders via their registered account email address and through an administrative alert inside the Cloud Dashboard within seventy-two (72) hours of incident verification.
10. Cross-Border Data Transfers & Regional Data Localization
WP Tailwatch deploys operational computing networks hosted across global cloud providers, primarily Amazon Web Services (AWS) and Google Cloud Platform (GCP).
- Default Global Network Routing: By default, malware scans, log synchronization queues, and cloud data payloads are directed to the most efficient, low-latency computing nodes within our global framework, irrespective of geographical boundaries. This may involve transferring temporary file copies outside your country or origin region.
- Regional Data Sovereignty Controls: To support users adhering to strict regional data localization mandates (such as GDPR/Data Sovereignty rules within Germany or the broader European Economic Area), our Cloud Dashboard allows manual configuration overrides. Users can enforce regional lock rules requiring all remote file scanning, log caching, and data processing to occur exclusively within specific geographical territories (e.g., the eu-central Frankfurt data zone). Access to these regional infrastructure paths may be limited to advanced plans or standalone add-on options.
11. Your Rights, Data Control, and Erasure
We provide direct control mechanisms over both your local server footprint and synchronized cloud footprint:
- Cloud Data Eradication: You can permanently delete your synchronized website metadata, historical notification logs, configurations, and cloud database entries at any time directly through your account dashboard (dashboard.wptailwatch.com) or within the profile settings screen of our native mobile applications.
- Local Instance Maintenance: Wiping local WordPress tables and environment configurations must be done separately from within the administrative interface of your local WordPress installation by selecting "Delete All Data" inside the WP Tailwatch plugin configuration wizard or deactivation modal.
Depending on your location, you may have rights under the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), or other applicable laws. These include the right to access, correct, or request deletion of your personal data. For detailed instructions on removing your information, see our Data Deletion page at https://wptailwatch.com/request-data-deletion.
We ensure you maintain absolute control over both your local server data and synchronized cloud data:
- Cloud and Sync Data Deletion: You can permanently delete your synchronized website metadata, historical logs, configurations, and cloud database entries at any time directly through your account dashboard at dashboard.wptailwatch.com or from within the profile settings of our mobile application.
- Local Server Data Deletion: Removing local database tables and site logs must be executed separately from your WordPress site dashboard by selecting "Delete All Data" inside the WP Tailwatch plugin configuration interface or deactivation wizard.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the Effective Date.
13. Contact Us
If you have questions about this Privacy Policy or wish to file a formal data erasure query, please contact us at [email protected].
Legal & Trademark Notice: WP Tailwatch is an independent, registered product. All rights and intellectual property related to WP Tailwatch are owned by its creators and protected under applicable copyright and trademark laws. While WP Tailwatch automates malware removal, monitoring, and backups, you remain solely responsible for maintaining your own independent website backups, protecting your access credentials, and ensuring compliance with all applicable laws and regulations. WP Tailwatch is provided on an "AS IS" and "AS AVAILABLE" basis WITHOUT WARRANTIES OF ANY KIND, either express or implied. WP Tailwatch does not guarantee any specific results, uninterrupted protection, or the complete prevention or recovery of all security threats or data loss. The WordPress® trademarks and logos are the intellectual property of the WordPress Foundation. WP Tailwatch is an independent utility and is not affiliated with, endorsed by, or sponsored by the WordPress Foundation. All other brand names and trademarks used on this website belong to their respective owners. For inquiries or support, please contact [email protected].
