Effective date: 12 July 2026
What we collect
We store account and organization details needed to operate the service, site connection health, audit activity, and suspicious security events reported by connected plugins. Normal WordPress browsing traffic is not collected.
Security event minimization
Cookies, authorization headers, passwords, session identifiers, credentials, and tokens are removed. Headers and request excerpts are capped. External AI inference receives redacted normalized evidence and never receives a visitor IP address.
Purpose and retention
Security events and full IP addresses are retained for up to 30 days for detection and investigation. Non-identifying aggregate analytics may be retained for 13 months, and audit records for 400 days.
Service providers and transfers
Approved infrastructure and AI providers process limited data under contractual safeguards. Where processing crosses borders, we disclose the provider and apply controls consistent with Malaysia's personal data protection principles.
Your choices
Organization owners can request access, correction, export, or deletion of personal data. Certain security and audit records may be retained where necessary to protect the service or meet legal obligations.
Contact
Privacy questions may be sent to privacy@smarthoneyai.xyz.