Hi Philipp
Jetpack has to sync your site’s data to the WordPress.com servers in order for many of its features to work correctly.
You can see what data Jetpack syncs here:
https://jetpack.com/support/what-data-does-jetpack-sync/
And you can see what we use that data for in our privacy policy:
https://automattic.com/privacy/
At any time, you can contact us to request a copy of the data Jetpack has collected for you or a user on your site, or to request its deletion.
Let us know if you have any questions.
Hi Dan,
thats the thing. I already read that page you linked above.
As we develop multiple services and native apps also there are ways to prevent this. You could just collect anonymized data.
As a german based company we can’t allow anyone to get access to all our client data at any time.
So my review will still be this bad. I’m sorry for this, but I need to meet german and EU laws in this point!
Hi Philipp
Apologies for the late reply here!
Jetpack takes seriously our obligations to honor the requirements of the GDPR and the various EU regulatory authorities. We know how important it is to you to be able to operate your site in a way that complies with relevant laws in your location.
WordPress.com respects EU law related to the proper handling of data being transferred elsewhere. We include the Standard Contractual Clauses for such data transfers in our Data Processing Agreement:
https://wordpress.com/support/automattic-gdpr/data-processing-agreements/
If you are interested in having a DPA with us, you can request one from the Privacy Settings page in your dashboard at https://wordpress.com/me/privacy.
In regards to whether or not your site complies with German/EU laws, we are unable to give you legal advice about your particular site, as we are not your attorneys. If you have questions about what you need to do as a site owner in order to comply with the laws that are applicable to your site, we encourage you to seek the advice of a qualified attorney.
Hi Dan,
Thank you for your answer.
So you see the problem of GDPR compliance.
But you miss a very important point.
Any service not running by a German company it selves must comply with high need to store and process customer data.
In terms of jetpack this is not the case.
There is no need that we can argue enough to transfer an arbitrary number of customer data to you even within a DPA.
Additionally we would provide massive insight in critical business figures.
So the DPA must at least be connected with an NDA.
All this effort is not worth it.
Which does not mean, your service could be great to a lot of customers.
Again thank you for your effort. We will need to implement the jetpack features ourselves in the meantime.
