Overview
The WPiko Chatbot plugin handles user information during chat interactions. Protecting this information is crucial for maintaining user trust and complying with data protection regulations. This section outlines the measures in place to protect user information and best practices for maintaining user privacy.
Types of User Information Collected
- Chat Messages: The content of user messages during chat sessions.
- Email Addresses: If email capture is enabled.
- WordPress Usernames: For logged-in users.
- Session IDs: Unique identifiers for each chat session.
- Timestamps: Date and time of chat interactions.
Storage of User Information
Database Storage:
User information is stored in a custom table: {wp_prefix}wpiko_chatbot_conversations.
This includes chat messages, email addresses (if captured), user IDs, and session IDs.
Local Storage:
Email addresses may be stored in the user’s browser local storage for convenience in future sessions.
Temporary Storage:
Session data may be temporarily stored server-side during active chat sessions.
Protection Measures
Data Encryption:
The plugin uses WordPress’s built-in database encryption for sensitive data.
Access Control:
Only WordPress administrators have access to the full conversation history and user details in the admin panel.
Users can only access their own ongoing chat session.
Data Minimization:
Only necessary information is collected and stored.
Email capture is optional and can be disabled if not required.
Secure Transmission:
All data is transmitted over HTTPS when communicating with the OpenAI API.
Ensure your WordPress site uses SSL/TLS encryption.
Input Sanitization:
All user inputs are sanitized to prevent SQL injection and XSS attacks.
User Privacy Controls
Email Opt-in:
If email capture is enabled, users must explicitly provide their email before chatting.
Communicate the purpose of email collection.
Transcript Control:
Users can download their chat transcripts if this feature is enabled.
Consider providing an option for users to delete their chat history, such as contacting your support team via email or through a dedicated form.
Transparent Communication:
Inform users about data collection practices within the chat interface.
Link to your website’s privacy policy for more detailed information.
Best Practices for User Information Protection
Regular Audits:
Conduct periodic reviews of the data you’re collecting and storing.
Ensure all stored data serves a specific, lawful purpose.
Staff Training:
Train your team on the importance of user data protection.
Limit access to user data to only those who absolutely need it.
Incident Response Plan:
Develop and maintain a plan for responding to potential data breaches.
Include steps for notification of affected users if required by law.
Third-Party Integrations:
If integrating with other plugins or services, ensure they also adhere to strong data protection practices.
Review OpenAI’s data handling policies regularly.
Transparent Privacy Policy:
Clearly outline how the chatbot collects, uses, and protects user information in your privacy policy.
Keep the policy updated as your data handling practices evolve.
Regular Updates and Maintenance
Keep the WPiko Chatbot plugin updated to the latest version.
Regularly review and update your data protection measures as new best practices emerge.
Stay informed about changes in data protection laws that may affect your use of the chatbot.
By implementing these protective measures and following best practices, you can ensure that user information is handled securely and respectfully within the WPiko Chatbot plugin. This not only helps in maintaining legal compliance but also builds trust with your users, encouraging more open and productive interactions with your chatbot.
