Your privacy is critically important to us. At Automattic, we have a few fundamental principles:
Howdy! We are the folks behind a variety of products and services designed to allow anyone–from bloggers, to photographers, small business owners, and enterprises–to build and manage a website to share with the world. Our mission is to democratize publishing. We believe in powering the open Internet with code that is open source and are proud to say that the vast majority of our work is available under the GPL. Unlike most other services, because our GPL code is public, you can actually download and take a look at that code to see how it works.
Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.
We may also get information about you from other sources. For example, if you create or log into your WordPress.com account through another service (like Google) or if you connect your website or account to a social media service (like Twitter) through our we will receive information from that service (such as your username, basic profile information, and friends list) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available.
We may also get information, such as a mailing address, from third party services about individuals who are not yet our users (…but we hope will be!), which we may use, for example, for marketing and advertising purposes like postcards and other mailers advertising our services.
We generally discard information about you when we no longer need the information for the purposes for which we collect and use it–which are described in the section above on How and Why We Use Information–and we are not legally required to continue to keep it.
For example, we keep the web server logs that record information about a visitor to one of Automattic’s websites, such as the visitor’s IP address, browser type, and operating system, for approximately 30 days. We retain the logs for this period of time in order to, among other things, analyze traffic to Automattic’s websites and investigate issues if something goes wrong on one of our websites.
As another example, when you delete a post, page, or comment from your WordPress.com site, it stays in your Trash folder for thirty days just in case you change your mind and would like restore that content–because starting again from scratch is no fun, at all. After the thirty days are up, the deleted content may remain on our backups and caches until purged.
While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our Services for potential vulnerabilities and attacks.
To enhance the security of your account, we encourage you to enable our advanced security settings.
Automattic’s Services are worldwide. Different Automattic companies are the controller (or co-controller) of personal information, which means that they are the company responsible for processing that information, based on the particular service and the location of the individual using our Services.
Depending on the Services you use, more than one company may be the controller of your personal data. Generally, the “controller” is the Automattic company that entered into the contract with you under the Terms of Service for the the product or service you use. In addition, Automattic Inc., our US-based company, is the controller for some of the processing activities across all of our Services worldwide.
The chart below explains the controllers for processing your personal information. We use the term “Designated Countries” to refer to Australia, Canada, Japan, Mexico, New Zealand, and all countries located in the European continent.
That’s it! Thanks for reading.