Privacy & GDPR

Data collected per submission

• Message (required)
• Type, subject, rating (form fields)
• Name, email (optional — submitter-provided)
• Page URL and page title (client-side window.location and document.title)
• IP address (optional — disable via Settings → Privacy)
• Browser user agent string
• WordPress user ID (if the submitter is logged in)

How to comply with GDPR

1. Disable IP storage: Settings → Privacy → uncheck "Store IP address". Existing IPs are not retroactively deleted; bulk-delete or export first.
2. Disclosure: Add OFeedback's data collection to your Privacy Policy. You can use the text: "When you submit feedback via our feedback widget, we collect your message, optional name and email address, the page you were viewing, and your browser type. If you are logged in, your user ID is also recorded. IP addresses are [collected / not collected]."
3. Right to erasure: Individual submissions can be deleted from the Inbox. There is no automated erasure tool.
4. Data location: All data is stored in your own WordPress database. No data is sent to Orravo or any third-party service (except optionally to Slack via the webhook you configure).
5. Screenshot files: Stored in wp-content/uploads/ofb-screenshots/ on your own server. Automatically deleted 30 days after archiving.