Privacy & GDPR

This page is a technical description of what data PerfLocale processes, where it’s stored, and which third parties receive it. It is not legal advice. Consult a privacy lawyer to finalise privacy-policy wording and data-processing agreements for your site.

At a glance

• No tracking. No analytics. No visitor fingerprinting.
• One cookie (perflocale_lang) storing only the chosen language slug - HttpOnly, Secure, SameSite=Lax, 365-day default lifetime.
• Visitor IP is never logged or stored. The GeoIP feature (disabled by default) sends the IP to your chosen provider only to resolve a country code, which is then cached for 24 hours.
• Machine-translation features are admin-triggered. End-visitor content is not sent to MT providers automatically.
• Integrates with WordPress’s built-in privacy tools: Export, Erase, and Policy Guide.

What data is handled

Language-preference cookie

Name: perflocale_lang. Value: the active language slug (e.g. en, fr, fr). Attributes: HttpOnly, Secure on HTTPS, SameSite=Lax. Lifetime: 365 days by default, configurable via the cookie_lifetime setting or the perflocale/cookie_lifetime filter.

This cookie contains no personal data - only the UI preference. Most privacy frameworks classify it as “strictly necessary” for a multilingual site (equivalent to a shopping-cart cookie on an e-commerce site) and it does not require consent on that basis. Your local counsel should confirm this for your jurisdiction.

IP addresses - GeoIP feature (opt-in)

Disabled by default. When enabled (Settings → Language Routing → GeoIP redirect), the visitor IP from REMOTE_ADDR (or a trusted proxy header) is forwarded once per first-time visit to the configured GeoIP provider, which returns a country code.

• The IP address itself is never persisted to the database or logged.
• The resolved country code is cached server-side for 24 hours (configurable) under a key derived from md5(IP) - the IP is not reversibly stored in the cache key.
• Supported providers: IPinfo, IPinfo Lite, ipstack, IP-API, ipapi.co. Each provider has its own data-processing terms; review them before enabling.
• Disable in one filter: add_filter('perflocale/privacy/consent_given', '__return_false');

Machine-translation content (admin-triggered)

Disabled by default. When enabled and used, the plugin sends post/page/string content - whatever the administrator or a translator initiates - to the configured MT provider (DeepL, Google, Microsoft, LibreTranslate, or an external agency). The response is stored as a draft translation for human review.

• End visitors never trigger MT - only admins, editors, or users with the perflocale_use_mt capability.
• No visitor metadata is attached to MT requests. The payload is the source text plus language codes.
• If translating content that contains personal data, ensure you have a legal basis and a data-processing agreement with the chosen MT provider.

Accept-Language header (browser-language redirect feature)

When the browser-language redirect setting is on, the standard Accept-Language header is read once per first visit and matched against active site languages. The header is not stored, logged, or forwarded anywhere.

Workflow assignments

If you use PerfLocale’s translator workflow, the plugin’s workflow table stores a WordPress user ID (the assigned translator) against each piece of content plus status and deadline fields. No email addresses, names, or other direct personal data. When a user is deleted, their assignments are automatically zeroed out.

WordPress Privacy tools integration

PerfLocale registers with all three WordPress privacy surfaces:

• Tools → Export Personal Data: exports all workflow assignments attached to the target user’s ID (object, language, status, priority, deadline, timestamps).
• Tools → Erase Personal Data: zeroes the assigned_to reference and sets the status to unassigned on every matching row. The row itself is retained so translation history isn’t lost.
• Settings → Privacy → Policy Guide: suggested privacy-policy text is registered via wp_add_privacy_policy_content(). The sections shown adapt to which features are enabled - GeoIP wording only appears if GeoIP is on, MT wording only appears if MT is on.

Consent-management integration

The GeoIP redirect and browser-language redirect are both gated by a single filter. Any consent-management plugin can hook it to suppress auto-redirects until the visitor has consented:

add_filter( 'perflocale/privacy/consent_given', function (): bool {
	// Example: Complianz
	if ( function_exists( 'complianz_has_consent' ) ) {
		return (bool) complianz_has_consent( 'functional' );
	}

	// Example: Cookiebot
	if ( class_exists( '\Cybot\Consent' ) ) {
		return \Cybot\Consent::has_consent( 'preferences' );
	}

	return true;
} );

When the filter returns false, no outbound request is made (including to the GeoIP provider) and no redirect is issued. On the next page load, once the visitor grants consent, the filter returns true and normal behaviour resumes.

What you (as site owner) still need to do

• Publish a privacy policy describing these processes in your own words. The Policy Guide page gives you suggested text you can adapt.
• Sign Data Processing Agreements with any third parties you enable: your GeoIP provider, your MT provider, and any exchange-rate or analytics services you configure separately.
• Install a consent-management plugin if you need pre-consent gating. PerfLocale itself doesn’t show a banner - that’s better handled by a dedicated plugin (Cookiebot, Complianz, Iubenda, OneTrust, etc.).
• For EU deployments of DeepL, configure the EU endpoint / key so content stays in-region.

Related references

• Hook reference - perflocale/privacy/consent_given
• Storing API keys as PHP constants
• GeoIP redirect documentation