GDPR compliance

  • Resolved wpandlpuser

    (@wpandlpuser)


    4 months, 2 weeks ago

    Dear AIOS Team,

    I am currently working on the privacy policy document of my website in which I use your plugin.

    1.Under GDPR, I need to list all the service providers that use cookies, and those cookies might be stored on the visitor’s computer upon visiting the site.

        Would you please let me know if your plugin uses cookies?

        • If yes, which cookies?
        • What are these cookies used for?
        • How long are they retained?
        • Would you please provide a link to your applicable privacy policy?
        • Any additional information that could be useful

        2.Also, as per GDPR, I need to list all service providers who process visitor’s personal data on my behalf.

        Would you please let me know if your plugin is processing such personal data?

        If so, please provide me a link to your DPA (data processing agreement) that I can reference in my Privacy policy.

        Thank you in advance!

        The page I need help with: [log in to see the link]

      Viewing 4 replies - 1 through 4 (of 4 total)
      • Plugin Support hjogiupdraftplus

        (@hjogiupdraftplus)

        4 months, 2 weeks ago

        Hi @wpandlpuser

        Yes, AIOS uses cookies for certain features like cookie-based brute force prevention, detecting spambots posting comments, etc.

        This plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity. The collected information is stored on your server. No information is transmitted to third parties or remote server locations.

        More privacy and GDPR compliance detail is mentioned in the FAQ section of this plugin.

        https://ww.wp.xz.cn/plugins/all-in-one-wp-security-and-firewall/#is%20the%20all%20in%20one%20security%20%26%20firewall%20plugin%20gdpr%20and%20other%20privacy%20law%20compliant%3F

        Thread Starter wpandlpuser

        (@wpandlpuser)

        4 months, 2 weeks ago

        Dear @hjogiupdraftplus,

        Thank you very much for the quick feedback.
        As I understand, DPA is not required as you are not processing personal information, not transmitted.

        I have reviewed the the privacy policy document, however it does not detail the cookie-usage for visitors when your product is used.

        I know that it is time consuming to dig out such information, but every website that would like to use this plugin and would like to stay compliant with GDPR requires this information:

        • Which cookies are used?
        • What are these cookies used for?
        • How long are they retained?
        • Would you please provide a link to your applicable privacy policy?
        • Any additional information that could be useful

        Thank you very much!

        Plugin Support hjogiupdraftplus

        (@hjogiupdraftplus)

        4 months, 2 weeks ago

        Hi @wpandlpuser.

        The privacy policy document is the Privacy Policy page URL.

        As said, certain features, like cookie-based brute force or detecting comment spam bots posting comments, use cookies. But for cookie-based brute force, cookie name starts with aios_brute_force_secret_{hash}, and the hash value is dynamic. It is valid for 24 hrs

        For detecting comment spam, it uses a random string as cookie name. so hard for bots to know. It is valid for 5 days.

        Regards

        Thread Starter wpandlpuser

        (@wpandlpuser)

        4 months, 2 weeks ago

        Hi @hjogiupdraftplus ,

        Thank you for the detailed feedback, all clear!

      Viewing 4 replies - 1 through 4 (of 4 total)

      You must be logged in to reply to this topic.