Data Privacy & GDPR

Data Privacy & GDPR Compliance

The Private Comments plugin is designed with privacy as its core function. By restricting comment visibility to specific user roles, it enhances the confidentiality of discussions on your WordPress site.

Data Collection and Storage

This plugin does not collect, store, or transmit any personal data to external servers or third-party services. All comment data remains within your local WordPress database, following standard WordPress data structures.

The plugin functions as a filter layer that restricts who can view existing comment data based on the following logic:

• Comment Authors: Can view only the comments they have submitted.
• Post Authors: Can view all comments submitted on their own posts.
• Administrators: Can view all comments across the entire site.
• General Public/Other Users: Cannot view any comments, even if they are logged in (unless they meet the criteria above).

GDPR Rights

Because the plugin utilizes native WordPress comment functionality, it is fully compatible with GDPR-related tools built into the WordPress core:

• Right of Access (Data Export): When a user requests their personal data via the WordPress "Export Personal Data" tool, any private comments they authored will be included in the export.
• Right to be Forgotten (Data Erasure): When an administrator uses the "Erase Personal Data" tool for a specific email address, the private comments associated with that user will be anonymized or deleted according to standard WordPress behavior.

Cookies and Tracking

The Private Comments plugin does not set any additional cookies or use tracking scripts. It relies on standard WordPress authentication cookies to determine the current user's identity and permissions.

Privacy Policy Recommendations

If you are using this plugin to comply with data protection regulations, we recommend updating your site's Privacy Policy to reflect that comments are kept private.

Suggested language:

"To ensure the privacy of our users, comments on this site are restricted. Your comments will only be visible to you (the author), the author of the post, and site administrators. Comments are not visible to the general public or other registered users."

Technical Implementation for Developers

If you are extending the plugin or auditing its privacy impact, note that it hooks into the comments_array and get_comments_number filters. It does not modify the database schema or create custom tables.

// Example: The plugin ensures that the global comments array is 
// filtered before being displayed in the UI.
// No sensitive data is cached or exposed via the REST API 
// beyond what is allowed by the user's current permissions.