Potential Privacy (GDPR) Violation | V7.4.2

Hello @generosus

My name is Daniel Kanchev and I am responsible for all SiteGround products. The WordPress plugins that we develop and maintain are part of the SiteGround product portfolio and that is why I feel responsible to address your concerns.

I have already contacted my colleagues from the legal department and our WordPress developers. We have also received your mail. Expect a reply (both here and via email) within the next 48 hours.

In the meantime if you want to share more information please let me know – I’ll gladly address all aspects of that matter.

Thank you for your patience and understanding.

Hey @danielkanchev,

Thank you. Not trying to give you guys a difficult time, simply trying to remain transparent.

Soon after we reported the above, SiteGround had the audacity to access our account (via one of our Administrator accounts) without our explicit approval.

Details: https://prnt.sc/0N1iQb2ihwvA

Not good. This is a good example of a violation. We’re watching too.

The solution is simple: Add a OPT-IN settings option to each plugin as a toggle switch and never access our data — including our email accounts — unless a client has enabled the OPT-IN toggle switch or has provided explicit approval via chat, email, or support ticket. No need to complicate things.

Thank you ??

Hello, @generosus

Thank you for your patience! I’ve checked the case carefully and discussed it with our legal department. I want to address your concerns one at a time:

1. Regarding the changelog of the plugin, I absolutely agree that we could have done a better job. This is a major change and it deserved a major version bump + a more descriptive bullet list indicating the changes. We have already updated the changelog and added the following to it:

Release Date: Sept 26th, 2023

• Changing the name we use inside the plugin from SiteGround Optimizer to Speed Optimizer
• Updating data collection process and introducing a link in the plugin interface to the Plugin Privacy notice

The above changelog has been applied to both plugins – our Speed Optimizer plugin and the Security Optimizer plugin.

2. The data collection process has been updated. I want to clarify what has changed and why. With the new release of the plugin we collect the information described in this article by default. The only personal information we collect is the email address of the WordPress admin user account. I want to stress that we collect the email address and the rest of the data only for technical analysis, improvements and the possibility to contact our users in case urgent issues need to be fixed (for example a critical security release that needs to be communicated to site owners). We would never send you marketing emails without you giving us permission to do so (you still have to opt-in for us to send you our regular newsletter and other marketing emails). We consider the collection of this information to be our legitimate interest (according to GDPR). I think two major improvements can be done to improve the current situation (and I’ve already approved those to be added in the next release):

• I want people to still be able to opt-out from this data collection process. This means that we will add the option to opt-out easily from the interface.
• We will add a link to our KB article which explains what data is collected by default.

To sum things up:

1. We now collect data by default in order to better understand our clients’ needs, solve issues, and communicate with our users in cases of emergencies.
2. We have already improved the changelog for the release in question.
3. We will allow users to opt-out from the plugin itself from the default data collection behavior.
4. You still need to explicitly allow us to send you marketing messages and we will never do that without your prior consent.

Last but not least, I want to explain what happened and why one of our representatives accessed your WordPress dashboard residing on the SiteGround web hosting servers. When you sent us the email to [email protected] we acted swiftly to understand which websites you own used which of our plugins and which version of the plugins exactly. Our colleagues wanted to address your email sooner rather than later and assist you in the best possible way. At this stage I saw your support request here and I was also informed about your email complaint. People from two different teams pinged me about your case and this is when I replied here in the support thread. Let me say that I fully understand your position and most probably I would have acted the same way. Thank you for reaching out and providing your feedback.

Let me know if you have any other questions and/or comments. I would love to hear from you!

Hi Daniel,

Excellent reply. Hats off to you and your team. We appreciate all the attention and effort you placed on this topic. One of many reasons why we’ve been a long-time customer of SiteGround.

Thank you!

@generosus We released a new version and as promised we added the option to opt out. This is configurable from the WP Settings –> SG Plugins section.

Thank you, Daniel. Resolved!

If I had one last suggestion, it would be to rename “SG Plugins” to “SG Plugin Options” so it’s more obvious what the settings entry means.

Details: https://prnt.sc/38NJhRt2WJ6G

Again, thank you.

Correction: Make that “SiteGround Plugins” ??