Introduction
The WPiko Chatbot plugin handles various types of data during its operation. Understanding how this data is collected, stored, and processed is crucial for maintaining user privacy and complying with data protection regulations.
Types of Data Collected
- Chat Messages: All messages exchanged between users and the chatbot.
- User Information:
- Email addresses (if email capture is enabled)
- WordPress usernames (for logged-in users)
- Session Data: Unique identifiers for each chat session.
- Timestamps: Date and time of each message and chat session.
- API Interaction Data: Data sent to and received from the OpenAI API.
Data Storage
- Database Storage:
- Chat messages, user information, and session data are stored in the WordPress database.
- The plugin creates a custom table named
{wp_prefix}wpiko_chatbot_conversations
for this purpose.
- Local Storage:
- User email addresses may be stored in the browser’s local storage for convenience in future sessions.
- Temporary Storage:
- The plugin may use temporary server-side storage for processing ongoing conversations.
Data Retention
By default, the plugin retains all conversation data indefinitely. However, it’s recommended to:
- Implement a data retention policy that aligns with your business needs and legal requirements.
- Regularly review and clean up old conversation data.
- Provide users with an option to request deletion of their conversation history.
Data Access
- Admin Access:
- WordPress administrators can view all conversation history through the plugin’s admin interface.
- Admins can download a CSV file containing all user email addresses.
- User Access:
- Users can view their ongoing conversation.
- If enabled, users can download their chat transcript.
Data Processing
- OpenAI API Integration:
- Chat messages are sent to OpenAI’s API for processing.
- Ensure your use of OpenAI’s services complies with their terms of service and data handling policies.
- WooCommerce Integration (if enabled):
- Product and order data may be processed to provide relevant responses.
Security Measures
- Database Security:
- All data stored in the WordPress database is subject to WordPress’s built-in security measures.
- Ensure your WordPress installation is kept up-to-date and secure.
- API Communication:
- All communication with the OpenAI API is conducted over HTTPS.
- Input Sanitization:
- User inputs are sanitized before storage to prevent SQL injection and other attacks.
Privacy Considerations
- Transparency:
- Clearly communicate what data is collected and how it’s used in your privacy policy.
- Inform users about data collection practices within the chatbot interface.
- User Consent:
- If collecting emails, ensure you have user consent, especially in regions governed by GDPR or similar regulations.
- Data Minimization:
- Only collect and retain data that are necessary for the chatbot’s functionality.
- Data Subject Rights:
- Implement processes to handle user requests for data access, correction, or deletion.
Best Practices for Data Handling
- Regularly audit your data collection and storage practices.
- Regularly backup your database, including the chatbot conversation table.
- Develop a data breach response plan in case of unauthorized access to chat data.
By carefully managing the data handled by the WPiko Chatbot plugin, you can ensure a secure and privacy-respecting experience for your users while maintaining compliance with relevant data protection regulations.