WPvivid Plugins is created and operated with full respect and protection of users personal information, and is in full compliance with General Data Protection Regulation(GDPR). Check out the following content to know the details:

What personal data can WPvivid access?

WPvivid Backup Plugin free version is only available to be downloaded from WordPress plugin repository. Thus, all the data related to the updates of the versions as well as the support forum for the plugin on WordPress.org is held by WordPress.org.

In addition, the implementations of all backups and restores of your site happen completely on your website server side, there are no data come across any of our servers in the whole process.

The only personal data currently we can access are the contact data when you contact us by email, which may include your name, email address or other contact details you send us. The data will only be used for the purposes of handling and resolving your enquiry, and will never be shared with a third party.

For a premium version user, please check out Personal Data Processing and Storing part in our Term of Service.

No personal data is collected by the plugin itself, so a Data Processing Agreement is not required unless you connect a remote storage provider.

How does WPvivid help create a GDPR-compliant backup?

In order to help users create a GDPR compliant backup, WPvivid Backup Plugin comes with multiple features including selection for backup content, backup and restore logs, and email report. Moreover, as the plugin itself does not collect any personal data, you do not need to sign a Data Processing Agreement (DPA) with us.

However, if you upload your backups to cloud storage with WPvivid Backup Plugin, the personal data is transferred to that storage provider, you’ll need to sign a Data Processing Agreement with that provider.

Third-party storage providers

How your data is handled depends on the type of connection used to reach each storage provider.

OAuth authenticated

Requires logging into your account. Your IP is logged for security and deleted after 7 days. Auth tokens may be stored for future requests; data is never shared with third parties.

Key authenticated

Requires an Access Key and Secret Key supplied by you. Credentials connect your server directly to the provider and are never transmitted to or stored on our servers.

Self-managed server

Requires a server address and login details supplied by you. Data transfers directly within the server environment you control.