WPSeguro Remote Backups - Privacy Policy

Last updated: August 27, 2025

Plain language summary: We do not collect, store, or sell personal data. The plugin creates backups on your WordPress site and uploads them directly to your Google Drive. Our optional OAuth broker (connect.wpseguro.pt) only facilitates the Google sign-in/refresh flow and does not receive backup files.

1) Scope

This Privacy Policy explains how WPSeguro.pt handles information in connection with the WPSeguro Remote Backups plugin, its documentation pages, and the optional OAuth broker. It applies only to these services and not to your own website’s privacy practices.

2) Roles & Responsibilities

  • You (the site owner/administrator) are the data controller for any personal data contained in your WordPress site and backups.
  • We (WPSeguro.pt) do not act as a processor of your backup contents. We do not receive or store your backups.

3) Data We Do Not Collect

  • No collection or sale of personal data by us.
  • No tracking scripts or analytics specific to this plugin page.
  • No backup file contents transmitted to our servers.

4) Data Processed by Your Site & Backups

Your own WordPress site may process personal data (e.g., user accounts, comments, orders). If you include such data in backups, that processing is under your control and responsibility. You should inform your site users about your backup practices and retention in your site’s privacy notice.

5) External Services

Google Drive API (Google LLC)

  • Purpose: Upload, list, and manage backup files in your Google Drive.
  • Data exchanged: Backup ZIP files and file metadata (e.g., name, size). During connection, the plugin may read the connected Drive email and storage quota to display connection/quota info.
  • Flow: OAuth 2.0 consent happens on Google’s pages. Tokens are stored in your WordPress database. Backups go directly from your server to your Google Drive.
  • Policies: Drive API Terms · Google APIs ToS · Google Privacy Policy

WPSeguro Connect OAuth Broker (connect.wpseguro.pt)

  • Purpose: Facilitate Google OAuth sign-in and token refresh, especially on shared hosting.
  • Data exchanged: Site URL and a one-time state/code to initiate OAuth; a refresh token may be sent to renew access. No backup files are sent to the broker.
  • Storage: Tokens are stored in your WordPress database. The broker relays token exchanges; standard server logs (e.g., IP, user-agent) may be kept for security and troubleshooting.

6) Logs & Diagnostics

  • We may retain minimal server logs (e.g., IP address, user-agent, timestamps) for short periods to secure our site and the OAuth broker.
  • The plugin may write technical logs locally on your server (e.g., to assist with debugging). These logs are under your control.
  • No personal data collection by us: Generally not applicable.
  • Security logs: Legitimate interests in protecting our services and preventing abuse.

8) Data Retention

  • We do not retain your personal data. Server logs, if any, are kept only for a limited time and then deleted or anonymized.
  • Backups and plugin configuration (including OAuth tokens) are stored locally in your WordPress database and Google Drive under your control and policies.

9) Security

We implement reasonable technical and organizational measures to protect our website and the OAuth broker. You are responsible for securing your WordPress site, hosting, and Google account (e.g., strong passwords, MFA, timely updates).

10) International Transfers

We do not transfer your backup contents to our servers. Any transfers related to Google’s services are governed by Google’s policies. Review Google’s privacy documentation for more details.

11) Your Privacy Rights

Depending on your location, you may have rights to access, correct, or delete your personal data, restrict or object to processing, and data portability. Because we do not hold your personal data for this plugin, we may not be able to identify or act on requests about data we do not control. For data stored on your WordPress site or Google Drive, please manage it directly or contact the relevant provider.

12) Children

Our services are not directed to children. If you believe we have inadvertently received personal data from a child, contact us and we will address it promptly.

13) Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above.

14) Contact

Questions about this Privacy Policy? Contact us at [email protected] or visit https://wpseguro.pt/wpseguro-remote-backups/.