Privacy Policy
How the Obzervi WordPress plugin and this website collect, store, and process data — and the control you keep over it.
Privacy Policy contents
- Who we are & scope
- Controller vs. processor
- Data the plugin collects
- Data sent to third parties
- The obzervi.com website
- Legal bases (GDPR)
- How data is used
- Sharing & disclosure
- Data retention
- Security
- Your privacy rights
- Site administrator duties
- International transfers
- Children's privacy
- Changes to this policy
- Contact us
01 Who We Are & Scope
Obzervi is a WordPress plugin that provides activity logging, AI-powered analysis, and IP security for WordPress websites. The plugin and the website at obzervi.com are operated by DigiFlow LLC (“Obzervi,” “we,” “us,” or “our”), 240 Kent Ave, Brooklyn, NY 11249, United States.
This policy explains how data is handled in two distinct contexts:
- The plugin — software you install on your own WordPress site. Most data it handles stays inside your WordPress database, under your control.
- The website — obzervi.com, where you read about, purchase, and get support for the plugin.
Where the two differ, we say so explicitly.
02 Controller vs. Processor
This distinction matters for a self-hosted plugin:
- For the activity logs stored on your WordPress site, you (the site administrator) are the data controller. You decide what is tracked, how long it is kept, and who can see it. Obzervi does not have access to that data unless you enable a feature that transmits it (such as Cloud Backup or AI Analysis).
- For optional features that send data to our or third-party servers (AI Analysis, Cloud Backup, licensing), Obzervi acts as a data processor on your behalf, and our third-party providers act as sub-processors.
- For the obzervi.com website and your customer/licensing account, Obzervi is the data controller.
03 Data the Plugin Collects & Stores Locally
When active, Obzervi records events into your site's own WordPress database. Depending on your tracking settings, log entries may include:
| Data | Purpose |
|---|---|
| User ID, username & role | Identify who performed an action |
| IP address | Trace the origin of logins, changes, and attacks; power IP blocking |
| User-agent / browser | Distinguish humans from bots and identify sessions |
| Timestamps | Establish when an event occurred |
| Action & affected object | Record what changed (post, plugin, setting, user, media, etc.) |
| Before/after content | Content History diffs for posts and pages |
| Login attempts | Detect brute-force activity, including attempts from non-logged-in visitors |
This data is written to your database and surfaced inside your WordPress admin. By default it is not transmitted to Obzervi or any third party. It leaves your server only through the optional features described in Section 04.
04 Data Sent to Third Parties (Optional Features)
Some features transmit data off your server. Each is optional and, where relevant, requires you to opt in or actively trigger it.
AI Analysis
When you click the AI analysis button, a summary of your recent activity (which may include usernames, IP addresses, actions, and timestamps) is sent to a third-party AI provider — Anthropic (Claude) and/or OpenAI (ChatGPT) — to generate a plain-English analysis. This happens only on demand. See the Anthropic and OpenAI privacy policies for how they handle data. We recommend not sending logs containing personal data you are not permitted to share with a processor.
Licensing, Checkout & Support (Freemius)
Purchases, license activation, and support tickets are handled by Freemius, Inc., our payment and licensing provider. Freemius may collect your name, email address, billing details, site URL, plugin/site identifiers, and IP address. See the Freemius privacy policy for details. We do not store full payment card numbers.
Cloud Backup (premium, opt-in)
If you enable Cloud Backup, your activity logs are synced to Obzervi's secure cloud storage so an off-site copy survives a server compromise or failure. This feature is off unless you turn it on.
Notification Integrations
If you configure email, Slack, or Telegram notifications, relevant event data is transmitted to those services using the credentials you provide. Their handling of that data is governed by their own privacy policies.
License & Site Authentication
To validate your license and deliver updates, the plugin may transmit your site URL and plugin/site identifiers to our licensing infrastructure.
05 The obzervi.com Website
When you visit obzervi.com we may process:
- Analytics — with your permission, we use Google Tag Manager, Google Analytics, and Microsoft Clarity to understand site usage (pages viewed, approximate location, device, referrer, and interaction patterns). These tools load only after analytics consent is granted, and they may set cookies and process your IP address.
- Server logs — standard request logs (IP, user-agent, timestamp) kept for security and diagnostics.
- Contact & forms — if you email us or submit a form, we process the name, email address, topic, message, and technical context you provide so we can respond to support, sales, licensing, or billing requests. We may also send a confirmation email to the address you provided.
You can control optional analytics cookies through our cookie banner, the Cookie Settings link in the footer, and your browser settings. Rejecting analytics does not affect the essential functionality of the website.
06 Legal Bases for Processing (GDPR)
- Legitimate interests — logging activity and blocking malicious IPs to keep websites secure.
- Contract — processing licensing and account data to provide the paid product.
- Consent — optional features and services where you opt in, including AI Analysis, Cloud Backup, website analytics cookies, and similar non-essential technologies.
- Legal obligation — where we must retain or disclose data by law.
07 How Data Is Used
- Provide activity logging, content history, and security monitoring.
- Detect and block suspicious or malicious behavior.
- Generate AI analysis when you request it.
- Deliver licensing, updates, and customer support.
- Maintain, secure, and improve the plugin and website.
We do not sell your personal data, and we do not use your activity logs for advertising.
08 Sharing & Disclosure
We share data only with the sub-processors needed to run the product and optional features — our AI provider, Freemius (licensing/payments), Google and Microsoft analytics tools when you consent, and any notification service you configure — and where required by law, valid legal process, or to protect rights and safety. We may also transfer data as part of a merger, acquisition, or asset sale, with notice where required.
09 Data Retention
- Local logs — retained in your database for as long as you choose. Use the plugin's Auto-Purge setting to delete logs older than a set number of days (for example, 90 days).
- Cloud backups — retained per your plan settings while the feature is enabled.
- Licensing & support — retained as long as your account is active and as needed for legal/accounting purposes.
- Contact form messages — retained for as long as needed to respond, maintain support history, and meet legal or operational requirements.
- Website analytics — retained per our analytics provider's configured window.
10 Security
Local logs inherit the security of your WordPress installation, so keep WordPress, themes, and plugins updated and use strong credentials. For features that leave your server, we use encryption in transit (HTTPS/TLS) and reputable providers. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
11 Your Privacy Rights
Depending on your location (e.g., the EEA/UK under GDPR, or California under CCPA/CPRA), you may have the right to access, correct, delete, port, restrict, or object to the processing of your personal data, and to withdraw consent.
- For data held in your WordPress site's logs, the site administrator is the controller — direct requests to the operator of that website.
- For your obzervi.com account or licensing data, contact us using Section 16 and we will respond within the timeframe required by law.
12 Responsibilities of Site Administrators
If you install Obzervi on a website, you are responsible for lawful use of the data it records. In particular, you should:
- Disclose in your own privacy policy that you log activity and IP addresses.
- Have a lawful basis (such as legitimate interest in security) for that logging.
- Honor data-subject requests from your users.
- Use IP anonymization and Auto-Purge where appropriate to minimize data.
- Only transmit logs to AI Analysis or Cloud Backup where you are permitted to do so.
13 International Data Transfers
Optional features and our service providers may process data in countries other than your own, including the United States. Where required, such transfers rely on appropriate safeguards such as Standard Contractual Clauses.
14 Children's Privacy
Obzervi is a tool for website operators and is not directed to children. It is intended for users aged 18 or older, and we do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us personal data, contact us and we will delete it.
15 Changes to This Policy
We may update this policy as the plugin evolves or as laws change. We will revise the “Last updated” date above and, for material changes, provide a more prominent notice. Continued use after changes means you accept the updated policy.
16 Contact Us
Questions about this policy or your data? Reach us at:
- Contact page: Send us a message
- Email: contact@obzervi.com
- Operator: DigiFlow LLC — digiflow.nyc
- Postal: DigiFlow LLC, 240 Kent Ave, Brooklyn, NY 11249, United States