Data Privacy & Security
Alpha Insights is designed with privacy and security as core principles. This guide explains what data is collected, how it’s protected, GDPR compliance considerations, security measures, and how to configure privacy settings.
Also see: FAQ: What Data Does Alpha Insights Collect for a user-friendly overview of data collection.
Privacy-First Design
Key privacy principles:
- First-party only: No third-party tracking or data sharing
- Self-hosted: All data stays on your WordPress server
- Minimal collection: Only collect what’s needed for analytics
- User control: Role-based exclusions and opt-outs
- Transparent: Clear documentation of what’s tracked
- Secure: Rate limiting, bot filtering, input sanitization
What Data is Collected
Session Data (Stored in Database)
| Data Type | What’s Collected | Purpose | Personal Data? |
|---|---|---|---|
| Session ID | Unique identifier (hash) | Link events to sessions | No |
| IP Address | Visitor’s IP address | Session identification, bot detection | Yes (can be personal) |
| Landing Page | Full URL with query parameters | Attribution, campaign tracking | No (unless URL contains PII) |
| Referrer URL | Where visitor came from | Traffic source classification | No |
| User ID | WordPress user ID (if logged in) | Link to user account | Yes (links to user) |
| Device Type | Mobile, desktop, tablet | Device analysis | No |
| Browser | Chrome, Safari, Firefox, etc. | Browser compatibility | No |
| Operating System | Windows, Mac, iOS, Android | Platform analysis | No |
| User Agent | Full user agent string | Bot detection, device parsing | No (technical data) |
| Timestamps | Session start/end times (GMT) | Session duration, analysis | No |
Event Data (Stored in Database)
| Data Type | What’s Collected | Purpose | Personal Data? |
|---|---|---|---|
| Event Type | page_view, add_to_cart, etc. | Behavior tracking | No |
| Page URL | Full URL of page | Navigation tracking | No (unless URL contains PII) |
| Product ID | WooCommerce product ID | Product analytics | No |
| Event Value | Monetary amount (if applicable) | Revenue tracking | No |
| Form Metadata | Form ID, action, method | Form tracking | No |
| Timestamp | When event occurred (GMT) | Timing analysis | No |
Order Attribution Data (Stored in Order Meta)
| Meta Key | What’s Stored | Purpose |
|---|---|---|
| _wpd_ai_landing_page | Landing URL with query params | Order attribution to campaign |
| _wpd_ai_referral_source | Referrer URL | Traffic source tracking |
| _wpd_ai_meta_campaign_id | Facebook campaign ID | Facebook Ads profit tracking |
| _wpd_ai_google_campaign_id | Google campaign ID | Google Ads profit tracking |
Note: This data is attached to WooCommerce orders, which already contain personal data (name, email, address).
Cookies (First-Party, Browser-Stored)
| Cookie Name | What’s Stored | Duration | Personal Data? |
|---|---|---|---|
| wpd_ai_session_id | Random hash (session identifier) | 10 minutes | No |
| wpd_ai_landing_page | Landing URL | 10 minutes | No (unless URL contains PII) |
| wpd_ai_referral_source | Referrer URL | 10 minutes | No |
What is NOT Collected
For privacy and security:
- ❌ Names, emails, addresses (except what’s in WooCommerce orders)
- ❌ Passwords or sensitive form inputs
- ❌ Credit card or payment information
- ❌ Form field values or user inputs
- ❌ Mouse movements or click coordinates
- ❌ Scroll depth or viewport tracking
- ❌ Video play/pause events
- ❌ File downloads
- ❌ Outbound link clicks
- ❌ Cross-domain activity
- ❌ Cross-device behavior (unless logged in)
- ❌ Browsing history outside your site
- ❌ Social media activity
- ❌ Third-party website data
Form tracking security:
// Password fields explicitly filtered
var formData = $form.serializeArray().filter(function(field) {
return !field.name.toLowerCase().includes('password');
});Only form metadata is tracked (form ID, action, method) – NO field values.
GDPR Compliance
This section covers GDPR compliance for website tracking. For information on how sessions and cookies work, see the Session Management guide.
GDPR Requirements Overview
Key GDPR principles relevant to analytics:
- Lawful basis: Need legal reason to process personal data
- Purpose limitation: Only use data for stated purposes
- Data minimization: Collect only what’s necessary
- Storage limitation: Don’t keep data longer than needed
- Transparency: Tell users what you’re collecting
- User rights: Allow access, deletion, portability
Alpha Insights & GDPR
✅ GDPR-Friendly Features:
- First-party tracking: No third-party data sharing
- Self-hosted: Data stays on your server (EU servers possible)
- Minimal data collection: Only essential analytics data
- No cross-site tracking: Only your website
- User role exclusion: Opt-out mechanism
- Data retention control: Configure how long data is kept
- Bot filtering: Don’t track automated traffic
⚠️ GDPR Considerations:
- IP addresses collected: Considered personal data under GDPR
- User ID tracked: Links to WordPress user accounts
- Cookies used: May require consent depending on interpretation
- Order attribution: Adds data to orders (already personal)
Do You Need Cookie Consent?
It depends on your interpretation and jurisdiction:
Arguments FOR consent requirement:
- Cookies are used for analytics (not strictly necessary)
- IP addresses are personal data
- ePrivacy Directive requires consent for non-essential cookies
- Safe approach: Get consent
Arguments AGAINST consent requirement:
- First-party analytics cookies often exempt
- Used for legitimate interest (business analytics)
- No third-party tracking or data sharing
- Essential for business operations
- Similar to server logs (which don’t need consent)
Recommendation:
- Consult with legal counsel for your specific situation
- Consider your audience location (EU vs non-EU)
- Implement cookie consent banner if serving EU visitors
- Disclose tracking in privacy policy regardless
- Provide opt-out mechanism (user role exclusion)
GDPR Compliance Checklist
✅ Steps to ensure compliance:
- Update Privacy Policy:
- Disclose Alpha Insights tracking
- List what data is collected (see tables above)
- Explain purpose (analytics, profit tracking)
- State how long data is retained
- Explain how users can opt-out
- Include your contact information
- Cookie Notice (if required):
- Implement cookie consent banner
- Block tracking until consent given
- Allow users to reject cookies
- Respect Do Not Track signals (optional)
- User Rights:
- Provide way to access their data
- Allow data deletion requests
- Enable data export (portability)
- Respond within 30 days
- Data Retention:
- Configure retention period (recommend 90-365 days)
- Automatically purge old data
- Keep order attribution permanently (business records)
- Security Measures:
- Use HTTPS (encrypt cookie transmission)
- Restrict admin access
- Regular backups
- Keep WordPress and plugins updated
Sample Privacy Policy Language
Website Analytics
We use Alpha Insights, a first-party analytics solution, to understand how visitors use our website and improve your shopping experience. This system collects:
- Pages you visit on our website
- How long you spend on each page
- Products you view or add to your cart
- How you arrived at our site (search engines, social media, direct visits)
- Your device type, browser, and operating system
- Your IP address (for session identification)
All data is stored on our own servers and is never shared with third parties. We use this information solely to improve our website and understand which marketing channels are most effective.
We use first-party cookies with a 10-minute expiration to track your session. These cookies do not contain personal information and are used only for analytics purposes.
If you wish to opt-out of tracking, please contact us at [email] and we can exclude your user account from analytics.
We retain analytics data for [X days/months] for reporting purposes, after which it is automatically deleted. Order-related data is retained as part of our business records in accordance with legal requirements.
IP Address Handling
Why IP Addresses are Collected
- Session identification: Distinguish between visitors
- Unique visitor counting: Approximate user count
- Bot detection: Identify and filter automated traffic
- Rate limiting: Prevent abuse and spam
- Multi-session analysis: Track same visitor across sessions
IP Address Storage
Current implementation:
- Full IP addresses stored in database
- Captured from HTTP headers (
REMOTE_ADDR,HTTP_X_FORWARDED_FOR) - Stored in both session and event tables
- Not anonymized by default
IP Anonymization (Custom Implementation)
If you need to anonymize IPs for GDPR:
// Add to your theme's functions.php or custom plugin
add_filter('wpd_session_data_before_storage', function($session_data) {
if (isset($session_data['ip_address'])) {
// IPv4 anonymization (remove last octet)
if (strpos($session_data['ip_address'], ':') === false) {
$parts = explode('.', $session_data['ip_address']);
$parts[3] = '0';
$session_data['ip_address'] = implode('.', $parts);
}
// IPv6 anonymization (remove last 80 bits)
else {
$parts = explode(':', $session_data['ip_address']);
$session_data['ip_address'] = implode(':', array_slice($parts, 0, 2)) . '::';
}
}
return $session_data;
});Example:
Original IP: 192.168.1.100
Anonymized: 192.168.1.0
Original IPv6: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Anonymized: 2001:0db8::Trade-offs:
- ✅ More privacy-friendly
- ✅ May reduce GDPR consent requirements
- ❌ Less accurate unique visitor counting
- ❌ Can’t distinguish users on same network
- ❌ Harder to track multi-session journeys
Security Measures
1. Rate Limiting
Protection: Prevents spam, abuse, and DDoS attacks
For complete technical details on rate limiting implementation, see the Technical Architecture guide.
Implementation:
- Maximum 60 requests per minute per IP address
- Tracked via WordPress transients
- Counter resets every 60 seconds
- Exceeding limit triggers IP ban
How it works:
Request 1-60: Allowed (counter increments)
Request 61+: Blocked (returns error)
After 60s: Counter resets, requests allowed again
If repeatedly exceeded: IP banned for 24 hoursTransient keys:
wpd_ai_rate_limit_{ip_hash} - Request counter (60 sec expiry)
wpd_ai_ip_banned_{ip_hash} - IP ban flag (24 hour expiry)2. IP Banning
Automatic banning for:
- Exceeding rate limit (60 req/min)
- Repeated abuse attempts
- Malicious behavior patterns
Ban duration: 24 hours (automatic expiry)
During ban:
- No events tracked
- No sessions created
- API requests rejected early
- No database writes
Unban options:
- Wait 24 hours (automatic expiry)
- Manually delete transient:
delete_transient('wpd_ai_ip_banned_' . md5($ip)); - Admin can whitelist IPs via filter (custom implementation)
3. Bot Detection & Filtering
Purpose: Prevent bot traffic from polluting analytics data
Detection method:
- User agent string analysis
- Known bot patterns (Googlebot, Bingbot, etc.)
- Bot keywords: “bot”, “crawler”, “spider”, “scraper”, etc.
When bot detected:
- Tracking stops immediately
- No session created
- No events recorded
- No database writes
- Returns early from tracking functions
Performance benefit: Reduces unnecessary database writes by 20-40% (depending on bot traffic)
4. Input Sanitization
All inputs sanitized before database insertion:
// Example sanitization
$data['session_id'] = sanitize_text_field($data['session_id']);
$data['ip_address'] = sanitize_text_field($data['ip_address']);
$data['landing_page'] = sanitize_url($data['landing_page']);
$data['referral_url'] = sanitize_url($data['referral_url']);
$data['user_id'] = (int) $data['user_id'];
$data['event_type'] = sanitize_text_field($data['event_type']);
$data['event_value'] = (float) $data['event_value'];
$data['product_id'] = (int) $data['product_id'];Additional validation:
- URL validation (page_href must be from same domain)
- Referer validation (API requests must come from your domain)
- Event type whitelist (only known event types allowed)
- Value limits (prevent overflow)
5. Bad Request Filtering
Rejected requests:
- No event_type specified
- Empty page_href
- page_href from different domain
- Missing or invalid referer header
- Malformed JSON payloads
- Missing session cookie (no landing page)
Error codes returned:
403 Forbidden– Security validation failed400 Bad Request– Invalid data format429 Too Many Requests– Rate limit exceeded
6. API Endpoint Security
REST API validation:
// Referer must match site domain
$referring_url = wp_parse_url($referer, PHP_URL_HOST);
$site_url = wp_parse_url(get_site_url(), PHP_URL_HOST);
if ($referring_url != $site_url) {
return new WP_REST_Response(['message' => '403 Forbidden'], 403);
}No authentication required WHY?
- Public tracking endpoint (like Google Analytics)
- Secured by referer validation
- Rate limiting prevents abuse
- Bot filtering reduces spam
- Bad request filtering validates data
Privacy Configuration Options
1. User Role Exclusion
Location: Alpha Insights → Settings → General Settings → Alpha Analytics & Event Tracking
Setting: “Exclude These Roles From Tracking”
What it does:
- Prevents tracking for specified user roles
- Applies to both sessions and events
- Checked before any tracking occurs
- Orders from excluded users still tracked for profit calculations
Recommended exclusions:
- Administrator
- Shop Manager
- Editor (if they browse store)
Why exclude admins:
- Prevent skewing data with your own browsing
- Accurate visitor counts
- Clean analytics data
- Better conversion rate calculations
2. Disable Tracking Entirely
Location: Alpha Insights → Settings → General Settings → Alpha Analytics & Event Tracking
Setting: “Enable WooCommerce Event Tracking” = False
What it does:
- Disables all website tracking
- No sessions created
- No events recorded
- JavaScript still loaded (but doesn’t send data)
- Order profit calculations still work
3. Data Retention Configuration
Recommended setup:
// Automatically delete old sessions (add to cron or manual script)
function wpd_cleanup_old_sessions() {
global $wpdb;
$days_to_keep = 365; // 1 year
// Delete old session data
$wpdb->query(
$wpdb->prepare(
"DELETE FROM wp_wpd_ai_session_data
WHERE date_created_gmt query(
"DELETE e FROM wp_wpd_ai_events e
LEFT JOIN wp_wpd_ai_session_data s ON e.session_id = s.session_id
WHERE s.session_id IS NULL"
);
}
// Schedule monthly cleanup
if (!wp_next_scheduled('wpd_cleanup_old_sessions')) {
wp_schedule_event(time(), 'monthly', 'wpd_cleanup_old_sessions');
}
add_action('wpd_cleanup_old_sessions', 'wpd_cleanup_old_sessions');Data Access & Deletion Requests
Handling GDPR Data Requests
1. Access Request (What data do you have about me?):
// Find user's data by email or user_id
SELECT * FROM wp_wpd_ai_session_data
WHERE user_id = [USER_ID] OR ip_address = '[IP]'
ORDER BY date_created_gmt DESC;
SELECT * FROM wp_wpd_ai_events
WHERE user_id = [USER_ID]
ORDER BY date_created_gmt DESC;
// Check order meta for attribution data
SELECT post_id, meta_key, meta_value
FROM wp_postmeta
WHERE meta_key IN ('_wpd_ai_landing_page', '_wpd_ai_referral_source')
AND post_id IN (SELECT ID FROM wp_posts WHERE post_author = [USER_ID]);2. Deletion Request (Right to be forgotten):
// Delete user's session and event data
DELETE FROM wp_wpd_ai_session_data WHERE user_id = [USER_ID];
DELETE FROM wp_wpd_ai_events WHERE user_id = [USER_ID];
// Anonymize IP addresses in existing data
UPDATE wp_wpd_ai_session_data
SET ip_address = '0.0.0.0'
WHERE user_id = [USER_ID];
UPDATE wp_wpd_ai_events
SET ip_address = '0.0.0.0'
WHERE user_id = [USER_ID];
// Remove attribution from orders (optional - may want to keep for business records)
DELETE FROM wp_postmeta
WHERE meta_key IN ('_wpd_ai_landing_page', '_wpd_ai_referral_source')
AND post_id IN (SELECT ID FROM wp_posts WHERE post_author = [USER_ID]);Important: Consider legal requirements for retaining business records (orders, transactions) vs privacy rights.
Security Best Practices
- Use HTTPS: Encrypt all data transmission (cookies, API requests)
- Restrict admin access: Only trusted users should access analytics
- Regular backups: Backup database regularly (including analytics tables)
- Keep updated: Update WordPress, WooCommerce, and Alpha Insights regularly
- Monitor for abuse: Check for unusual traffic spikes or patterns
- Whitelist trusted IPs: Prevent accidental rate limit bans for your team
- Review excluded roles: Ensure admins are excluded from tracking
- Test tracking: Verify it works correctly and doesn’t expose sensitive data
- Document privacy measures: Keep records of your privacy implementations
- Train staff: Ensure team understands privacy obligations
Third-Party Integrations & Privacy
Facebook Ads Integration
- Data sent to Facebook: None (Alpha Insights doesn’t send data to Facebook)
- Data received from Facebook: Campaign performance metrics via Facebook Marketing API
- Campaign attribution: Uses
meta_cidparameter in URLs (first-party tracking) - Privacy impact: Minimal (only links your orders to campaign IDs)
Google Ads Integration
- Data sent to Google: None (Alpha Insights doesn’t send data to Google)
- Data received from Google: Campaign performance metrics via Google Ads API
- Campaign attribution: Uses
gclid(Google’s auto-tagging) orgoogle_cid - Privacy impact: Minimal (only links your orders to campaign IDs)
Important: Alpha Insights is entirely separate from Facebook Pixel or Google Analytics. It doesn’t send your customer data to third parties.
Compliance Checklist
✅ Complete these steps for full compliance:
- □ Update privacy policy with tracking disclosure
- □ Implement cookie consent banner (if required for your jurisdiction)
- □ Configure user role exclusions (exclude admins)
- □ Set up data retention policy and cleanup
- □ Enable HTTPS on your site
- □ Document your privacy measures
- □ Create process for handling data access/deletion requests
- □ Train team on privacy obligations
- □ Consider IP anonymization (if needed)
- □ Review and understand what data is collected
- □ Consult legal counsel for your specific situation
Next Steps
- Review Session Management for cookie details
- Read Technical Architecture for data flow
- Check Troubleshooting Guide for common issues
- See FAQ: What Data is Collected for complete data inventory
- Review General Settings for privacy configuration options
- Understand Website Analytics Overview for privacy features
