Privacy Policy
Last updated: March 24, 2026
1. Introduction
CodeMyWP is a service operated by M/s Terrene Tech ("we," "us," or "our"), based in Hayatnagar, Sambhal, Uttar Pradesh - 244303, India. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use the CodeMyWP service ("Service") at codemywp.com and the CodeMyWP WordPress plugin ("Plugin").
By using the Service, you agree to the collection and use of information as described in this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name — your display name
- Email address — used for login, notifications, and account recovery
- Password — stored as a one-way bcrypt hash (we cannot read your password)
2.2 Team Information
If you create or join a team:
- Team name
- Team member email addresses (for invitations)
2.3 Payment Information
Payment processing is handled by Razorpay. We store:
- Razorpay customer ID (an opaque identifier)
- Billing name, address, and country
- GSTIN (if provided for B2B invoicing)
- Subscription status and billing dates
We do not store full credit card numbers, CVVs, or bank account details. For Razorpay's data practices, see: Razorpay Privacy Policy.
2.4 WordPress Site Data
When you connect a WordPress site, the Plugin collects and transmits the following data to our servers:
Collected Automatically (every 15 minutes when connected):
| Data | Purpose |
|---|---|
| WordPress version | Compatibility and security monitoring |
| PHP version | Compatibility checks |
| Installed plugins (names, versions, active status) | Context for AI assistance, update monitoring |
| Installed themes (names, versions) | Context for AI assistance, update monitoring |
| Site structure (page titles, slugs, menu names, post types, taxonomies) | Context for AI to understand site layout |
| Permalink structure | URL context for AI |
| Widget areas and active widgets | Theme/layout context |
| Custom CSS | Styling context for AI |
| Admin user information (user ID, username, display name, roles, hashed email) | User management, magic login, security monitoring |
| File checksums of core WordPress files | Security monitoring (detect unauthorized modifications) |
| Server capabilities (WP-CLI availability) | Determine available operation methods |
| Available core/plugin/theme updates | Update monitoring and alerts |
Collected On-Demand (when you use the AI chat):
| Data | When | Purpose |
|---|---|---|
| File contents | When AI needs to read/analyze code | Code analysis, modification planning |
| Database records (posts, options, users, meta) | When AI queries site data | Answering questions, planning changes |
| Debug log entries | When investigating errors | Troubleshooting |
| Rendered page HTML | When AI needs to see page output | Visual verification of changes |
Collected When Uploading Source Code:
For custom (non-WordPress.org) plugins and themes, the Plugin may upload a ZIP archive of the source code to our servers. This is used to generate AI context documentation. Source archives are processed and deleted; the generated documentation is retained.
2.5 Conversation Data
All messages you send through the AI chat interface are stored, including:
- Your messages (questions, instructions)
- AI responses (code, explanations, plans)
- System context (site summaries included in AI prompts)
- Token usage counts
2.6 Action History
When the AI makes changes to your site, we log:
- Action type (e.g., "update_file", "install_plugin")
- Action parameters (file paths, content, settings values)
- Risk classification (safe, moderate, dangerous)
- Approval status and timestamps
- Before and after state snapshots (for rollback capability)
- Error messages if the action failed
2.7 Security Monitoring Data
We automatically monitor connected sites for security issues including:
- New administrator accounts detected
- Changes to core WordPress files
- Outdated software versions
3. How We Use Your Information
- Providing the Service: Processing your AI chat requests, executing site modifications, maintaining site connections
- AI Context: Site data is used to give AI assistants accurate context about your WordPress installation so they can provide relevant assistance
- Security Monitoring: Detecting unauthorized changes to your WordPress sites
- Error Recovery: Using before/after state snapshots to enable rollback of failed operations
- Account Management: Authentication, billing, team management
- Service Improvement: Understanding usage patterns to improve the Service (we do not use your site content or conversation data for AI model training)
4. Third-Party Data Sharing
We share data with the following third-party services as necessary to provide the Service:
4.1 AI Service Providers
To power the AI assistant, we transmit data to:
| Provider | Data Shared | Privacy Policy |
|---|---|---|
| Anthropic (Claude API) | Site configuration summaries, conversation messages, file contents relevant to your query, database query results, AI-generated context documents | anthropic.com/policies/privacy |
| OpenAI (GPT API) | Same data as above (when OpenAI models are selected) | openai.com/policies/privacy-policy |
We use API-only access with these providers. Under their API terms, data submitted via API is not used to train their models. Please review each provider's privacy policy for their complete data handling practices.
4.2 Payment Processing
| Provider | Data Shared | Privacy Policy |
|---|---|---|
| Razorpay | Name, email, billing address, payment details (handled directly by Razorpay's secure form) | razorpay.com/privacy |
4.3 Font Services
Our web interface loads fonts from:
- Google Fonts (fonts.googleapis.com) — Privacy Policy
- Fontshare (api.fontshare.com) — Terms
These services may collect your IP address and browser information through font requests. No personal data is shared by us with these services.
4.4 No Other Sharing
We do not:
- Sell your personal data to third parties
- Use third-party advertising or tracking services
- Share your site data with other CodeMyWP users (unless within your team)
- Use your content or conversations to train AI models
5. Data Storage and Security
5.1 Storage Location
Your data is stored on secured servers. The specific hosting location may vary as we optimize our infrastructure.
5.2 Security Measures
We implement the following security measures:
- Encryption in transit: All connections between your browser, your WordPress site, and our servers use TLS/HTTPS
- Password hashing: User passwords are hashed using bcrypt (one-way, not reversible)
- Token security: API tokens are stored as SHA-256 hashes (cannot be reversed to the original token). Plugin secrets are encrypted at rest using Laravel's encryption
- SFTP credentials: If provided, stored using application-level encryption
- SSRF protection: Outbound requests from the Plugin validate URLs against private IP ranges and reserved addresses
- SQL injection prevention: Database queries are validated against forbidden patterns, multi-statement injection, and length limits
- File system protection: Critical WordPress files (wp-config.php, wp-admin/, wp-includes/) are protected from modification
- Input sanitization: All inputs are sanitized using WordPress security functions
5.3 Data Stored on Your WordPress Site
The Plugin stores the following in your WordPress database (wp_options table):
- API authentication token
- Plugin secret (for incoming request verification)
- Site ID (CodeMyWP identifier)
- CodeMyWP server URL
- Connection timestamp
- Temporary action state (cleared after each operation completes)
All plugin data is removed from your WordPress database when you uninstall the Plugin.
6. Cookies and Sessions
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Maintains your login session | Until browser close or session expiry |
| XSRF-TOKEN | Cross-site request forgery protection | Session |
| Remember token | Persistent login (if selected) | Up to 30 days |
The Magic Login feature sets a standard WordPress authentication cookie (wordpress_logged_in_*) on your WordPress site when you log in from the CodeMyWP dashboard.
We do not use analytics cookies, advertising cookies, or third-party tracking cookies.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Site snapshots | Retained while site is connected; deleted upon site disconnection and account deletion |
| Conversation history | Retained while site is connected; deleted upon request or account deletion |
| Action logs (before/after states) | Retained for rollback capability; deleted upon site disconnection |
| Source code uploads | Temporary files deleted after processing; generated context documents retained while site is connected |
| Security issue records | Retained while site is connected |
| Payment records | Retained as required by financial regulations (typically 7 years for tax purposes) |
8. Your Rights
You have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Update or correct inaccurate personal data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Data portability: Request your data in a machine-readable format
- Disconnect: Disconnect any WordPress site at any time, which stops all data collection for that site
- Object: Object to processing of your personal data for specific purposes
To exercise these rights, contact us at hi@codemywp.com.
8.1 Disconnecting a Site
When you disconnect a WordPress site:
- The Plugin stops transmitting data to our servers immediately
- API tokens are invalidated
- You can delete the Plugin from your WordPress dashboard to remove all locally stored data
8.2 Account Deletion
When you delete your account:
- All connected sites are disconnected
- All site snapshots, conversations, action logs, and security records are deleted
- AI-generated context documents are deleted
- Payment records are retained only as required by law
9. Children's Privacy
The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
10. International Data Transfers
Our servers may be located outside India. When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDPA) where applicable.
Data shared with AI providers (Anthropic, OpenAI) may be processed in the United States. See their respective privacy policies for details.
11. Indian Data Protection Law
We are committed to compliance with applicable Indian data protection legislation, including the Digital Personal Data Protection Act, 2023 (DPDPA) and any rules or regulations issued thereunder. In particular:
- Lawful basis: We process your personal data only for the purposes described in this policy, with your consent where required, or as necessary to perform our contractual obligations to you.
- Data minimisation: We collect only the personal data that is necessary to provide the Service.
- Data principal rights: As a data principal under the DPDPA, you have the right to access, correct, and erase your personal data as described in Section 8 of this policy.
- Grievance redressal: If you have any grievance regarding the processing of your personal data, you may contact our grievance officer at hi@codemywp.com. We will endeavour to acknowledge and resolve your grievance within a reasonable time.
- Data fiduciary: M/s Terrene Tech acts as the data fiduciary for personal data collected through the Service.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact Us
For privacy-related questions or requests:
- Email: hi@codemywp.com
- Address: M/s Terrene Tech, trading as CodeMyWP, Hayatnagar, Sambhal, Uttar Pradesh - 244303, India
- Website: codemywp.com