1

Privacy

David Keane edited this page 2026-06-09 02:24:53 +01:00

Table of Contents

• Privacy
• TL;DR
• What is stored
• What is NOT stored
• What is sent off your site
• Multi-admin sites
• How to wipe everything
• Children's privacy
• Compliance notes
• Contact

Privacy

TL;DR

RangerHQ Buddy collects nothing and contacts nothing. Every piece of data the plugin handles lives in your own WordPress database, scoped to the individual user. The plugin makes zero outbound HTTP requests. Nothing leaves your site.

What is stored

In your WordPress site's wp_usermeta table, one row per admin user, under the meta key buddy_state:

Field	What it holds	Default
name	The name the user gave their Buddy	"Buddy"
species	The species id	"default" (Phase D will widen)
hunger	0-100	80
happiness	0-100	80
health	0-100	80
energy	0-100	80
born_at	Unix timestamp the Buddy was first created	(time of first dashboard visit)
last_tick	Unix timestamp of the last decay tick (Phase C+)	(time of first creation)

That's it. Eight fields per user. No tracking IDs, no IP addresses, no browser fingerprints, no behavioural logs.

What is NOT stored

• No user-identifying information beyond what WordPress already stores (the wp_usermeta link to the user ID is WordPress's normal user system)
• No browsing history
• No page-view counters
• No interaction logs (Phase B's Feed / Play / Clean / Sleep clicks update last_tick but don't log a history of individual actions)
• No site-content snapshots
• No telemetry of any kind

What is sent off your site

Nothing. The plugin makes zero outbound HTTP requests. There is no API call, no analytics ping, no error-reporting beacon, no font CDN, no image CDN, no third-party JavaScript SDK.

Verify this yourself:

grep -rn "wp_remote_\|fetch(\|XMLHttpRequest\|curl_init" inc/ buddy.php

The plugin uses zero wp_remote_* functions and no JavaScript beyond the (future Phase B) AJAX endpoint that hits your own site's admin-ajax.php.

Multi-admin sites

Each WordPress user gets their own buddy_state row in wp_usermeta. Alice's Buddy is completely independent of Bob's. Neither can see the other's Buddy. This is enforced by WordPress's user-meta API — there is no shared site-wide Buddy state.

How to wipe everything

Three options:

1. Deactivate + delete the plugin. WordPress will leave the wp_usermeta rows in place (Buddy state survives a reinstall by design). To clean them out manually:

   DELETE FROM wp_usermeta WHERE meta_key = 'buddy_state';
   

2. Delete the user. WordPress automatically removes all wp_usermeta for a deleted user via wp_delete_user(). Buddy state goes with them.

3. Future: a "Reset Buddy" button on the Settings page — planned but not yet shipped. For now, the SQL above is the cleanest path.

Children's privacy

RangerHQ Buddy is a WordPress administrator-only feature. It doesn't render on the public site. Admin access requires a WordPress account, which means the visitor is an authenticated user of a WordPress installation. No data is collected about anyone of any age.

Compliance notes

• GDPR: No personal data is collected or processed beyond what WordPress already stores. The plugin adds one row to wp_usermeta per admin user. WordPress's existing GDPR tools (wp_export_personal_data, wp_erase_personal_data) will pick up the buddy_state rows because they're standard usermeta.
• CCPA, LGPD, PIPEDA, etc.: Same logic applies. No data collection, no data sharing, no third-party processors.

Contact

• Email: david@davidtkeane.com
• Issues / source: https://git.davidtkeane.com/ranger/rangerhq-buddy
• Author: David Keane, Dublin, Ireland