Privacy and security information for WordPress administrators
Loco Translate does not process any data from your website visitors at all. For that reason, you don't really need to mention it in your own privacy notice, but of course that's up to you.
The plugin only processes data during administrator operation and we (the company) never see any data held in your database or in your files. Everything happens on your server and stays on your server, with the exception of some API integrations.
Is Loco Translate GDPR compliant?
- We're confident that simply installing our plugin on your website doesn't put you in breach of the regulation.
- We're confident that providing our software to run on your own servers doesn't put us in breach of the regulation.
That said, please read the rest of this notice is it explains specifically how data is processed via the WordPress admin area and provides some suggestions for better privacy and security.
Personal data in PO files
We're not responsible for what you type into our editing software, but regardless - we never send this data anywhere or do anything to record it for our own use. The files live on your server and we don't see them.
Loco Translate is a PO file editor and WordPress (by default) exposes all PO files to the public Internet. This means any data in your translation files is potentially public.
Important: PO files have an attribution field called
Last-Translator. By default Loco Translate will populate this field with your admin user name and email address. We do this simply because it's standard practice for translators working with Gettext files. You can change the value of your translator credit in the plugin settings, at: Loco Translate > Settings > User options.
Please note that changing your settings doesn't automatically update all existing translation files, it only affects the credit used when you next save a file to disk. We recommend you check all your PO files if you don't want to expose this information to the Web.
Suggestion: There is no technical reason why PO or MO files should ever be exposed to the Internet, but WordPress won't protect them for you. We recommend you secure your web sever accordingly. If you don't have the necessary knowledge then ask your hosting provider or development team for assistance.
Data in the WordPress database
Loco Translate uses the WordPress database for caching metadata and storing settings and preferences. Your translation files are not held in the database.
Any data you enter into Loco Translate's settings screens will be stored in the database, which means if the settings you enter contain personal data, so does your database. As above, we don't see any of this data and it's your responsibility to secure it.
Loco Translate makes use of two remote APIs:
- The WordPress API is used for fetching translation and locale data from wordpress.org.
- The Loco API is currently used for fetching bundle configurations, but may be used in future for more functionality.
In the case of the WordPress API, our software uses WordPress core functions to fetch data from wordpress.org. As we aren't responsible for their services, you should check their privacy notice. We don't use this API in any way to deliberately expose your personal data to wordpress.org.
In the case of the Loco API. This is subject to our own privacy notice as we process all traffic to our servers during the provision of our service. Our API end points will see either your browser's IP address or that of your server, but beyond the server logs we explain we don't in any way use this traffic to track or analyse you and make zero effort to identify individuals accessing our API.
Clicking external links
If you click an external link from a WordPress admin page to our website (like to this page for example) we may add Google Analytics campaign identifiers into the URL. This does not leak any personal data, or indeed any sensitive data about your system. All it tells us is that traffic is coming from our plugin and from which screen. This lets us analyse which functions our users need the most help with. From this we can make usability improvements or write better documentation, but we will never profile individuals.
Once on this website your privacy is subject to our own privacy notice. See the section on Google Analytics, which explains more about why we analyse web traffic, the limits we place on it, and how you can block it.
Please note your activity within your WordPress admin area is not being tracked. We do not record any actions or admin page hits that occur on your own site.