WordpexAI monitors the operational health of your WordPress site. We do not hold, process, or have access to your site's visitor data, content, or database. What we collect is limited to what is needed to run the monitoring pipeline.
The WordpexAI connector plugin transmits a signed heartbeat to our API approximately once per hour. This is the only channel through which data moves from your site to our servers.
Plugin names, versions, and active status. WordPress and PHP version. Theme name. Health signals (REST API availability, cron state, update counts). This is sent by the connector plugin on your server, hourly.
Email address and name provided during signup. Organization and workspace configuration you set in the dashboard.
Feature usage events, AI model call counts, and cost aggregates used to calculate your plan charges. No content from your site is included.
A record of every action proposed, approved, and executed — including who approved it and when. Retained for 1 year.
This is the core privacy boundary. If it lives in your WordPress database as content or visitor information, we do not see it and we do not want it.
We have no access to your site visitors' names, emails, IP addresses, purchase history, or any other personal data stored in your WordPress database.
Posts, pages, products, comments, media, and custom post types are never transmitted to our servers. The connector reads operational metadata, not content.
When a pre-update snapshot includes a DB dump, that dump is stored only on your own server in wp-content/wordpex-snapshots/. It is not uploaded to WordpexAI.
We do not collect WordPress admin passwords, payment credentials, API keys stored in your database, or any other secrets beyond the connector token used to authenticate our own signed actions.
Telemetry is time-limited. Once your subscription ends or you disconnect a site, you can request deletion of all associated data.
We use a small number of sub-processors to operate the platform. We do not sell data to advertisers or data brokers.
AI incident analysis and recommendations are generated using Anthropic's Claude API. Site telemetry summaries are sent to Anthropic as part of the analysis prompt. Anthropic does not train on API data by default. See Anthropic's privacy policy for details.
The WordpexAI API is hosted on Fly.io (London, UK). The dashboard is hosted on Vercel. Both providers process data under standard DPAs. A full sub-processor list is available on request.
You can request access to the data we hold about your organization, correct inaccuracies, or request deletion at any time by contacting us at privacy@wordpex.com. For EU/UK residents, standard data subject rights apply under GDPR and UK GDPR. Our DPA covers the controller/processor relationship in detail.
Disconnecting a site from your dashboard immediately deletes all associated telemetry, incidents, proposals, and workflow records. Audit logs are retained for the statutory minimum period.
To close your account and request deletion of all associated data, contact privacy@wordpex.com. We will confirm deletion within 30 days.
We will notify registered users by email at least 14 days before any material change to this policy. The date at the bottom of this page reflects the last update. Continued use of the service after the effective date constitutes acceptance.
Last updated: 30 May 2026 · Questions: privacy@wordpex.com
The trust center covers the full security and governance model, including signed actions, approval gates, and audit logging.