Why do you collect so many data from our sites?

  • Resolved dantekavala

    (@dantekavala)


    4 years, 6 months ago

    Hello, I am a Rank Math SEO user since the first day. I was checking the code of the plugin (as I do almost in every plugin I use in all my websites) and I found the file https://plugins.trac.www.ads-software.com/browser/seo-by-rank-math/trunk/includes/class-tracking.php

    As I can see in the file, you collect to your servers the following data:

    $data = $this->do_filter( 'tracker_data', [
	                        '@timestamp'  => (int) date_i18n( 'Uv' ),
	                        'name'        => get_option( 'blogname' ),
	                        'url'         => home_url(),
	                        'admin_url'   => admin_url(),
	                        'admin_email' => get_option( 'admin_email' ),
	                ]);

    $server['software'] = Param::server( 'SERVER_SOFTWARE' );

    $server['php_version'] = phpversion();

    $server['php_post_max_size']  = size_format( Str::let_to_num( ini_get( 'post_max_size' ) ) );
$server['php_time_limt']      = ini_get( 'max_execution_time' );
$server['php_max_input_vars'] = ini_get( 'max_input_vars' );
$server['php_suhosin']        = extension_loaded( 'suhosin' ) ? 'Yes' : 'No';
    $server['ip']       = $ipaddress;
$server['hostname'] = gethostbyaddr( $ipaddress );

    $server['curl_version'] = $this->get_curl_info();

    $server['php_extensions'] = [
'imagick' => extension_loaded( 'imagick' ),
'filter'  => extension_loaded( 'filter' ),
'bcmath'  => extension_loaded( 'bcmath' ),
'modXml'  => extension_loaded( 'modXml' ),
'pcre'    => extension_loaded( 'pcre' ),
'xml'     => extension_loaded( 'xml' ),
];
     $data['wordpress'] = [
	                        'version'      => $wp_version,
	                        'multisite'    => is_multisite() ? 'Yes' : 'No',
	                        'locale'       => get_locale(),
	                        'memory_limit' => size_format( $memory ),
                        'debug_mode'   => ( defined( 'WP_DEBUG' ) && WP_DEBUG ) ? 'Yes' : 'No',
];
    $theme_data = [
	                'name'         => $theme->get( 'Name' ),
                        'url'          => $theme->get( 'ThemeURI' ),
                        'version'      => $theme->get( 'Version' ),
                     'parent_theme' => is_child_theme() ? $theme->get( 'Template' ) : null,
                        'wc_support'   => current_theme_supports( 'woocommerce' ) ? 'Yes' : 'No',
            ];

    Collect active plugins data.

    Get curl version and SSL support.

    As a European citizen and developer that provide services to European citizens, I need to include in my term of services details about all the information that get out of my own server. And not only what kind of data but also the reason of it. Can you please explain here or in my email why you fetch all the above data and where exactly you use them?

    Kind Regards,
    Tasos

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author Rank Math

    (@rankmath)

    Hello @dantekavala

    Thank you for contacting the support. We would love to clear any confusion you have regarding the code you quoted above.

    We take privacy very seriously as we use this product on our own web properties, and many big publishers (many of them from Europe) also utilize it.

    First of all, let us state that Rank Math DOES NOT collect any data without the user’s consent. All plugins in the www.ads-software.com plugin repository must adhere to the official Plugin Guidelines which do not allow a connection to an external server without explicit and authorized consent of the site owner:
    https://developer.www.ads-software.com/plugins/wordpress-org/detailed-plugin-guidelines/#7-plugins-may-not-track-users-without-their-consent

    If you go through the main plugin file seo-by-rank-math/rank-math.php, the tracking class is loaded and executed ONLY if the user opts-in to the usage tracking feature in the plugin settings, and that option is disabled by default.
    Screenshot: https://i.rankmath.com/43xkRn

    Even when someone enables that tracking option, we collect non-sensitive environmental, diagnostic, and plugin usage data because plugin and theme makers do not receive usage data from www.ads-software.com.

    Collecting this information makes it easier for us to determine the most common server setup and thus help us optimize the plugin further to make it compatible with commonly used server-environments.

    With that said, we thank you for bringing this concern to our attention. We will see what we can do further to avoid any confusion. We will probably update the privacy policy on our site soon to make it easier to understand, as we can see how this might not be very clear for some users.

    Hope that helps. If you have any further questions, please let us know. We are here to assist.

    Thread Starter dantekavala

    (@dantekavala)

    Hello and thank you for your answer.

    First of all, I apologise if I wasn’t clear enough. I don’t judge you for fetching those data with or without consent. I just ask for a more “official” explanation for each data point so I can include it in my terms of use for my service as a developer and someone who host my websites myself. Due to GDPR I need to have a detailed table with all the data AND an explanation for the exact usage for data that get out of my server.

    So, what I am asking is a table that will look like

    Data | Reason
    php version | we fetch and store php version for 6 months to identify and resolve bugs related to the server
    … | …
    … | …

    All data we fetch are stored in our server in the location of …

    Sorry for trouble but if I don’t have such an information I will need to remove the plugin from more than 40 websites.

    Plugin Author Rank Math

    (@rankmath)

    Hello @dantekavala

    Sorry for the confusion.

    As mentioned earlier that you can choose not to tick the option to share the data and no data will ever be shared.

    What your users will do afterward won’t be your responsibility I guess. You provided them with the best settings and now it is their choice to change (if that ever happens).

    As of now, we are collecting only the deactivation survey results and no other data is getting shared or stored on our servers.

    There is no expiry on the data that is stored on our servers.

    Hope that helps. If you have any further questions, please let us know.

    Thank you.

    Thread Starter dantekavala

    (@dantekavala)

    I wouldn’t mind to keep the tracking if this means I contribute in a better future of Rank Math SEO. But this means, I need to update my privacy policy. I would be grateful if you can send me such a table, which I guess you already have since you are also need to provide to EU.

    Plugin Author Rank Math

    (@rankmath)

    Hello @dantekavala

    As mentioned in the last reply, we are not collecting that data yet and the only data that is getting sent is from the deactivation survey:
    https://i.rankmath.com/hYLcE9

    and anyone’s service is not liable to mention that as it’s an action taken by the user.

    As much as that would help, we can understand your situation as well and you can opt-out for now.

    Hope that helps. Please let us know if there’s anything else we can help you with.

    Thank you.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    @rankmath What they’re saying is that for them to keep using your plugin AND be in full legal compliance with the EU, they need YOU to provide that legal document. If you can’t, they would be sued just for using your plugin.

    So… Y’know, you want to do this. Otherwise what happens is you end up losing all the EU (and California, USA) business.

    ANY data collection has to be disclosed, per the law, and you have to have a public statement about what the heck you do with it.

    Go tell your CEO and hire a lawyer to get this fixed on your end, or it’ll be messy and there’s no one here who can help you ??

    Plugin Author Rank Math

    (@rankmath)

    Hello @ipstenu

    Sorry for the misunderstanding and appreciate your concern. We took the feedback of the OP very seriously and created a usage tracking page explaining the data requested. We have already included the link in the plugin and it will be added in the next update.

    Hello @dantekavala

    You can refer to the following page on which data is processed and stored:
    https://rankmath.com/usage-tracking/

    As mentioned earlier, we are not storing any data on our servers at this time but the deactivation survery feedback.

    Hope this helps. Thank you.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    As mentioned earlier, we are not storing any data on our servers at this time but the deactivation survery feedback.

    I’m going to be pedantic here.

    If the data is being sent to your server in any way, then it is stored in your SERVER LOGS. I work at a web host, that’s how servers work. So yes, you are storing it. And yes, you should disclose this. And yes, I repeat this reminder to a bunch of people who labor under the misunderstanding of what storage means.

    1. Are you transmitting data?
    2. Where does the data go, when, and why?
    3. What data do you, yourself, keep and process?
    4. What data do the services you used (your web host servers, mailing lists, whatever) keep and process?

    If you can’t answer those, you have no business collecting any data.

    HIRE A LEGAL EXPERT TO PROTECT YOUR ASSETS. This stuff isn’t a joke. It’s how you get sued ??

    Plugin Author Rank Math

    (@rankmath)

    Hello @ipstenu

    Thank you so much for your feedback, sincerely appreciate that.

    As suggested, we have hired a legal firm and as needed, we will amend the privacy & usage policy as well the code.

    Plugin Author Rank Math

    (@rankmath)

    Hello @dantekavala

    Sorry for the delay in response.

    With the latest update, we have removed the conditions for the code you mentioned since the data was not getting utilized anywhere on our end.

    Also, the feedback survey also collects the data anonymously.

    You can check the plugin’s updated usage tracking policy here:
    https://rankmath.com/usage-tracking/

    and the website’s privacy policy here:
    https://rankmath.com/privacy-policy/

    Hope that helps. If you have any further questions, please let us know. We are here to assist.

    Thread Starter dantekavala

    (@dantekavala)

    Thanks for letting me know about it. As I said earlier, if you are GDPR compliant and you have an updated privacy policy page with all the data you send to your server, regardless if you store them or not and the reason for that, I am fine since I can also include them in my own privacy policy.

    Plugin Author Rank Math

    (@rankmath)

    Hello @dantekavala

    Sure. We have updated everything to reflect the latest changes.

    Appreciate your patience and understanding in this matter. Thank you.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Why do you collect so many data from our sites?’ is closed to new replies.