wpForo AI Features – Privacy Policy
Last Updated: February 9, 2026
Effective Date: February 9, 2026
Table of Contents
- Introduction
- Definitions
- Data Controller and Processor Roles
- Data Stored Locally (Your Server)
- Data Processed in the Cloud
- How We Use Your Data
- AI and Machine Learning Processing
- Data Sharing and Third Parties
- Data Retention
- Data Security
- Your Rights
- International Data Transfers
- Children’s Privacy
- Changes to This Policy
- Contact Us
1. Introduction
wpForo AI features are provided by gVectors AI. This Privacy Policy explains how gVectors Team (“we”, “us”, “our”) collects, uses, stores, and protects information when you use the wpForo AI Features service (“Service”).
By using the Service, you agree to the collection and use of information as described in this Privacy Policy. This policy should be read in conjunction with our Terms of Service.
Important: This Privacy Policy covers data processed by our Service. As a forum operator, you are responsible for your own privacy policy that governs how you collect and process your forum users’ data.
2. Definitions
- “Personal Data” means any information relating to an identified or identifiable natural person.
- “Forum Content” means topics, posts, replies, and other content created by users on your forum.
- “Vector Embeddings” means mathematical representations of text content used for semantic search.
- “Customer” means the forum administrator who registers for and uses the Service.
- “End Users” means visitors and registered users of your forum.
- “Processing” means any operation performed on data, including collection, storage, and deletion.
3. Data Controller and Processor Roles
3.1 Your Role as Data Controller
As the forum operator, you are the Data Controller for:
- Your forum users’ personal data
- Forum content created by your users
- Decisions about what data to index and process
You are responsible for:
- Obtaining necessary consents from your forum users
- Updating your own privacy policy to disclose use of AI services
- Responding to your users’ data subject requests
- Ensuring lawful basis for processing forum content
3.2 Our Role as Data Processor
gVectors Team (through gVectors AI) acts as a Data Processor for forum content you submit to the Service. We:
- Process data only according to your instructions (indexing requests)
- Implement appropriate security measures
- Assist you in responding to data subject requests
- Delete data upon your request or service termination
3.3 Our Role as Data Controller
We are the Data Controller for:
- Your account information (email, site URL)
- Billing and subscription data
- Service usage analytics
- Technical logs and operational data
4. Data Stored Locally (Your Server)
The following data is stored only on your WordPress server and is NOT transmitted to our cloud services:
4.1 Plugin Configuration
- Feature enable/disable settings
- Display preferences and customizations
- Search result formatting options
4.2 Credentials (Encrypted)
- API key (stored encrypted in WordPress database)
- Tenant ID
- Connection status
4.3 Cache Data
- Temporary search results cache
- Performance optimization data
4.4 Your Control Over Local Data
You have complete control over locally stored data:
- Delete via plugin settings at any time
- Included in standard WordPress backup procedures
- Subject to your server’s security measures
- Never shared with us without explicit API calls
5. Data Processed in the Cloud
IMPORTANT: The following data IS transmitted to and processed by our cloud infrastructure when you use the Service.
5.1 Forum Content Data
| Data Type | Examples | Purpose |
|---|---|---|
| Topic Content | Titles, descriptions, body text | Indexing for semantic search |
| Replies | User responses, comments | Indexing for semantic search |
| Metadata | Post IDs, timestamps, forum categories | Result organization and filtering |
| Status Flags | Solved, best answer, closed | Search result ranking |
5.2 Account Information
| Data Type | Examples | Purpose |
|---|---|---|
| Administrator Email | admin@yourforum.com | Account identification, notifications |
| Site URL | https://yourforum.com | Origin validation, tenant identification |
| Software Versions | WordPress 6+, wpForo 3+ | Compatibility and support |
5.3 Search Query Data
| Data Type | Examples | Purpose |
|---|---|---|
| Search Queries | “how to configure email notifications” | Processing search requests |
| Query Metadata | Timestamp, results count | Analytics and billing |
5.4 Usage and Billing Data
| Data Type | Examples | Purpose |
|---|---|---|
| Credit Usage | Credits consumed per operation | Billing and limits enforcement |
| API Calls | Request counts, endpoints accessed | Usage analytics, troubleshooting |
| Subscription Status | Plan type, expiration date | Service access control |
6. How We Use Your Data
6.1 Primary Purposes
- Providing the Service: Processing forum content to enable semantic search
- AI Features: Powering topic suggestions, related content, and search
- Account Management: Managing your subscription and authentication
- Billing: Tracking usage and processing payments
6.2 Operational Purposes
- Service Improvement: Analyzing aggregated usage patterns
- Technical Support: Diagnosing issues when you contact support
- Security: Detecting and preventing abuse or unauthorized access
- Legal Compliance: Meeting legal obligations
6.3 What We Do NOT Do
- Sell your data to third parties
- Use your forum content for advertising
- Share your data with other customers
- Train our own AI models on your specific content (without explicit consent)
- Access your content except as needed to provide the Service
7. AI and Machine Learning Processing
7.1 AI Services Used
Your forum content is processed using the following AI technologies:
Amazon Bedrock
- Purpose: Managed AI/ML service for text embeddings
- Data Handling: Content processed in real-time; not stored by Amazon Bedrock
- Privacy: Subject to AWS Bedrock privacy practices
Amazon Nova Models
- Purpose: Foundation models for semantic understanding
- Data Handling: Content processed temporarily for embedding generation
- Training: Your content is NOT used to train Nova models
Anthropic Claude (via Bedrock)
- Purpose: Advanced language understanding for AI features
- Data Handling: Content processed temporarily; not stored by Anthropic
- Training: Your content is NOT used to train Claude models (API usage)
7.2 Vector Embeddings
When we process your forum content:
- Text is converted into numerical vectors (by Amazon embedding models)
- Original text is NOT stored in the vector database
- Vectors capture semantic meaning but cannot be reversed to original text
- Metadata (IDs, timestamps) is stored alongside vectors for result retrieval
7.3 AI Processing Limitations
We commit to:
- Using AI only for providing Service features
- Not using your content to train proprietary models
- Not sharing your content with AI providers beyond processing needs
- Providing transparency about AI processing methods
8. Data Sharing and Third Parties
8.1 Service Providers (Sub-processors)
We share data with the following service providers who process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, AI processing | All cloud-processed data | United States (us-east-1) / Can be changed for customers with Enterprise Subscription Plan |
| Amazon Bedrock | AI embedding generation | Forum content (temporary) | United States |
| Freemius | Payment processing | Email, site URL, billing info | Israel/United States |
8.2 Legal Requirements
We may disclose data when required by:
- Valid legal process (court order, subpoena)
- Law enforcement requests with proper authority
- Protection of our rights, property, or safety
- Emergency situations involving potential harm
8.3 Business Transfers
In case of merger, acquisition, or sale of assets:
- Your data may be transferred to the acquiring entity
- You will be notified of any such transfer
- This Privacy Policy will continue to apply until you are notified otherwise
8.4 No Sale of Personal Data
We do NOT sell, rent, or trade your personal data or forum content to any third parties for their marketing purposes.
9. Data Retention
9.1 Retention Periods
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Vector Embeddings | Until deletion request or account termination | Automatic on disconnect + 30 days |
| Account Information | Duration of subscription + 30 days | Automatic after grace period |
| API Logs | 90 days | Automatic TTL deletion |
| Usage Analytics | 90 days | Automatic TTL deletion |
| Billing Records | 7 years (legal requirement) | Manual after legal period |
| Support Tickets | 2 years after resolution | Manual review and deletion |
9.2 Deletion Upon Request
You can request immediate deletion of your data:
- Forum Content: Use “Clear All Indexed Data” in plugin settings
- Account Data: Disconnect and request full deletion via support
- All Data: Contact support for complete data erasure
9.3 Post-Termination
- 30-day grace period for reactivation
- After 30 days: Permanent deletion of all cloud data
- Billing records retained as legally required
- Aggregated, anonymized statistics may be retained
10. Data Security
10.1 Technical Measures
- Encryption in Transit: TLS 1.2+ for all communications
- Encryption at Rest: AES-256 encryption for all stored data
- Access Control: IAM-based least-privilege access
- Network Security: AWS VPC isolation, security groups
- API Security: Origin validation, rate limiting, API key hashing
10.2 Organizational Measures
- Access limited to authorized personnel only
- Regular security reviews and updates
- Incident response procedures in place
- Vendor security assessments
10.3 Tenant Isolation
- Each customer has a dedicated, isolated vector index
- No customer can access another customer’s data
- API keys validated against registered domain
10.4 Breach Notification
In the event of a data breach affecting your data:
- We will notify you within 72 hours of discovery
- Notification will include nature of breach and affected data
- We will provide guidance on protective measures
- We will cooperate with any required regulatory notifications
11. Your Rights
11.1 GDPR Rights (EEA Residents)
If you are in the European Economic Area, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data (“right to be forgotten”)
- Restriction: Request limited processing of your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time
11.2 CCPA Rights (California Residents)
If you are a California resident, you have the right to:
- Know: What personal information we collect and how it’s used
- Delete: Request deletion of your personal information
- Opt-Out: Opt-out of sale of personal information (we don’t sell data)
- Non-Discrimination: Not be discriminated against for exercising rights
11.3 Exercising Your Rights
To exercise any of these rights:
- Use in-plugin controls for data deletion
- Open a support ticket at our support portal
- We will respond within 30 days (or sooner if required by law)
- We may need to verify your identity before processing requests
11.4 Your Forum Users’ Rights
As the Data Controller for your forum users:
- You are responsible for handling their data requests
- We will assist you in fulfilling requests related to indexed content
- Contact us if you need to delete specific user content from our indexes
12. International Data Transfers
12.1 Data Location
Our primary data processing occurs in:
- United States: AWS us-east-1 region (Northern Virginia)
12.2 Transfer Mechanisms
For data transferred from the EEA/UK to the US, we rely on:
- AWS’s Standard Contractual Clauses (SCCs)
- Data Processing Agreements with sub-processors
- Appropriate supplementary measures as required
12.3 Data Processing Agreement
Enterprise customers may request a formal Data Processing Agreement (DPA) that includes:
- Standard Contractual Clauses
- Technical and organizational measures
- Sub-processor list and notification procedures
13. Children’s Privacy
The Service is not directed at children under 18 years of age. We do not knowingly collect personal data from children.
If you become aware that a child has provided personal data through your forum that has been indexed by our Service, please contact us immediately, and we will delete such data.
14. Changes to This Policy
We may update this Privacy Policy periodically. When we make changes:
- We will update the “Last Updated” date
- For material changes, we will notify you via email or plugin notification
- Continued use after changes constitutes acceptance
- Previous versions will be archived and available upon request
15. Contact Us
For questions, concerns, or requests regarding this Privacy Policy:
- Support Portal: Open Support Ticket
- wpForo Website: wpforo.com
- wpForo Community: wpforo.com
- Company: gVectors Team
- Service: gVectors AI
- gVectors Website: gvectors.com
Data Protection Inquiries
For data protection specific inquiries or to exercise your rights, please open a support ticket with the subject line “Data Protection Request”.